From 9d3b3b73bc408820e1f3c0dbabe0da2eae6f841d Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 26 Apr 2023 10:32:16 +0100 Subject: [PATCH 01/54] Add backports support Signed-off-by: Pedro Algarvio (cherry picked from commit 99cb7c0e084f2b47ef3a6e9aa9c46b35c3676cc1) --- .backportrc.json | 15 +++++++++++ .github/workflows/backport.yml | 48 ++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 .backportrc.json create mode 100644 .github/workflows/backport.yml diff --git a/.backportrc.json b/.backportrc.json new file mode 100644 index 000000000000..b988c16660f6 --- /dev/null +++ b/.backportrc.json @@ -0,0 +1,15 @@ +{ + "repoOwner": "saltstack", + "repoName": "salt", + "targetBranchChoices": ["master", "3006.x", "3005.x"], + "autoMerge": false, + "autoMergeMethod": "rebase", + "branchLabelMapping": { + "^backport:(.+)$": "$1" + }, + "prTitle": "[BACKPORT] {commitMessages}", + "publishStatusCommentOnSuccess": true, + "sourcePRLabels": [ + "backport:complete" + ] +} diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml new file mode 100644 index 000000000000..b70b84df5b3f --- /dev/null +++ b/.github/workflows/backport.yml @@ -0,0 +1,48 @@ +name: Backport PR +run-name: "Backport PR #${{ github.event.number }}" + +on: + pull_request_target: + types: + - "labeled" + - "closed" + +permissions: + contents: write + pull-requests: write + +jobs: + backport: + name: Backport PR + runs-on: + - ubuntu-latest + if: | + github.event.pull_request.merged == true + && ( + contains(github.event.pull_request.labels.*.name, 'backport:master') || + contains(github.event.pull_request.labels.*.name, 'backport:3006.x') || + contains(github.event.pull_request.labels.*.name, 'backport:3005.x') + ) + && ( + (github.event.action == 'labeled' && ( + contains(github.event.pull_request.labels.*.name, 'backport:master') || + contains(github.event.pull_request.labels.*.name, 'backport:3006.x') || + contains(github.event.pull_request.labels.*.name, 'backport:3005.x') + )) + || (github.event.action == 'closed') + ) + steps: + - name: Backport Action + uses: sqren/backport-github-action@v8.9.7 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + auto_backport_label_prefix: "backport:" + add_original_reviewers: true + + - name: Info log + if: ${{ success() }} + run: jq -C '.' ~/.backport/backport.info.log + + - name: Debug log + if: ${{ failure() }} + run: jq -C '.' ~/.backport/backport.debug.log From aad2f675761e66252f63988c0a6ea38604e0b94f Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Sun, 24 Sep 2023 10:23:27 +0100 Subject: [PATCH 02/54] Bump to `sqren/backport-github-action@v9.3.0-a` Signed-off-by: Pedro Algarvio --- .github/workflows/backport.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index b70b84df5b3f..4e255576c927 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -33,7 +33,7 @@ jobs: ) steps: - name: Backport Action - uses: sqren/backport-github-action@v8.9.7 + uses: sqren/backport-github-action@v9.3.0-a with: github_token: ${{ secrets.GITHUB_TOKEN }} auto_backport_label_prefix: "backport:" From 29ae9829eec75d88420eeaa2685cbed48b9134f1 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Sun, 24 Sep 2023 21:20:44 +0100 Subject: [PATCH 03/54] Downgrade to `sqren/backport-github-action@v8.9.7` at least errors are reported Signed-off-by: Pedro Algarvio --- .backportrc.json | 2 +- .github/workflows/backport.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.backportrc.json b/.backportrc.json index b988c16660f6..1fc808b961be 100644 --- a/.backportrc.json +++ b/.backportrc.json @@ -1,7 +1,7 @@ { "repoOwner": "saltstack", "repoName": "salt", - "targetBranchChoices": ["master", "3006.x", "3005.x"], + "targetBranchChoices": ["master", "3006.x", "3005.x", "freeze"], "autoMerge": false, "autoMergeMethod": "rebase", "branchLabelMapping": { diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 4e255576c927..b70b84df5b3f 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -33,7 +33,7 @@ jobs: ) steps: - name: Backport Action - uses: sqren/backport-github-action@v9.3.0-a + uses: sqren/backport-github-action@v8.9.7 with: github_token: ${{ secrets.GITHUB_TOKEN }} auto_backport_label_prefix: "backport:" From db0f92038288bd69422dfde1612af194bea7fda4 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Fri, 22 Sep 2023 15:39:07 +0100 Subject: [PATCH 04/54] Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 Signed-off-by: Pedro Algarvio --- changelog/65267.security | 1 + requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/docs.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/docs.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/docs.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/docs.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.10/freebsd.txt | 2 +- requirements/static/pkg/py3.10/linux.txt | 2 +- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.7/freebsd.txt | 2 +- requirements/static/pkg/py3.7/linux.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/freebsd.txt | 2 +- requirements/static/pkg/py3.8/linux.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/freebsd.txt | 2 +- requirements/static/pkg/py3.9/linux.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- 41 files changed, 41 insertions(+), 40 deletions(-) create mode 100644 changelog/65267.security diff --git a/changelog/65267.security b/changelog/65267.security new file mode 100644 index 000000000000..15588570ad69 --- /dev/null +++ b/changelog/65267.security @@ -0,0 +1 @@ +Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index 84a17a57933f..3e163e77a18e 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -383,7 +383,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 6725d76cafb5..1cfb54e74267 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -386,7 +386,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/darwin.txt # adal diff --git a/requirements/static/ci/py3.10/docs.txt b/requirements/static/ci/py3.10/docs.txt index 5fa86b1cc9c3..d8aa8cbaeaaa 100644 --- a/requirements/static/ci/py3.10/docs.txt +++ b/requirements/static/ci/py3.10/docs.txt @@ -390,7 +390,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 4de08ee486fd..5dc862b00c53 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -382,7 +382,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/freebsd.in # adal diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index 9fb36c3b3570..96865dc989e0 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -388,7 +388,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index dbbc7f94b97d..b9a9f45fcb81 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -396,7 +396,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index afabb8762f00..572e049fc3a3 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -73,7 +73,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==39.0.1 +cryptography==41.0.4 # via # -r requirements/static/pkg/py3.10/windows.txt # moto diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 8a6a86bc53f3..f903b2d6d298 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -390,7 +390,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.7/docs.txt b/requirements/static/ci/py3.7/docs.txt index b99ff436bbb9..c67e346203fc 100644 --- a/requirements/static/ci/py3.7/docs.txt +++ b/requirements/static/ci/py3.7/docs.txt @@ -399,7 +399,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 098811c25335..4976c9fbb6c1 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -389,7 +389,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/freebsd.in # adal diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index d995e9c39990..dd5932f1caa8 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -397,7 +397,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 039f18a3c3a5..09dad7aa75a3 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -403,7 +403,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 9c9e2415345e..d0d6085415f9 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -74,7 +74,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index ae3a2330f519..d47a2de683ab 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -388,7 +388,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.8/docs.txt b/requirements/static/ci/py3.8/docs.txt index 704100ccc310..af50b9ad185c 100644 --- a/requirements/static/ci/py3.8/docs.txt +++ b/requirements/static/ci/py3.8/docs.txt @@ -397,7 +397,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 64b895815d6a..408b9308c10a 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -387,7 +387,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/freebsd.in # adal diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index ebe72d749e2d..63e853bf68f9 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -395,7 +395,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 77b2c36a5d1e..8cfc4e8a092c 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -401,7 +401,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index ca5e306b8002..5b2ba5adace9 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -72,7 +72,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 9495c538ecce..10730f00910e 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -388,7 +388,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index d47db18063ff..277defef4d54 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -391,7 +391,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/darwin.txt # adal diff --git a/requirements/static/ci/py3.9/docs.txt b/requirements/static/ci/py3.9/docs.txt index 12d672d4a380..4ed09bed8ebf 100644 --- a/requirements/static/ci/py3.9/docs.txt +++ b/requirements/static/ci/py3.9/docs.txt @@ -395,7 +395,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 7ebc98e63a31..119b9a7e39ba 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -387,7 +387,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/freebsd.in # adal diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 084f5cb67246..87b7665c97b8 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -393,7 +393,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index b8125669def6..8c635fd7cf39 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -403,7 +403,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index d98e73e91f64..280315b4c8a8 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -72,7 +72,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index 9d6409d28c8b..d3250c794d4a 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -18,7 +18,7 @@ cherrypy==18.6.1 # via -r requirements/darwin.txt contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/darwin.txt # pyopenssl diff --git a/requirements/static/pkg/py3.10/freebsd.txt b/requirements/static/pkg/py3.10/freebsd.txt index c25bc90a4b56..2ff655041f36 100644 --- a/requirements/static/pkg/py3.10/freebsd.txt +++ b/requirements/static/pkg/py3.10/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/freebsd.in # pyopenssl diff --git a/requirements/static/pkg/py3.10/linux.txt b/requirements/static/pkg/py3.10/linux.txt index 9944c2e4d1de..04ca508c92fe 100644 --- a/requirements/static/pkg/py3.10/linux.txt +++ b/requirements/static/pkg/py3.10/linux.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # pyopenssl diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index 9f8b7435fb64..ac39e84b3285 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -20,7 +20,7 @@ cherrypy==18.6.1 # via -r requirements/windows.txt contextvars==2.4 # via -r requirements/base.txt -cryptography==39.0.1 +cryptography==41.0.4 # via # -r requirements/windows.txt # pyopenssl diff --git a/requirements/static/pkg/py3.7/freebsd.txt b/requirements/static/pkg/py3.7/freebsd.txt index f8c2f0a56a28..6aa3ccea8f9b 100644 --- a/requirements/static/pkg/py3.7/freebsd.txt +++ b/requirements/static/pkg/py3.7/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/freebsd.in # pyopenssl diff --git a/requirements/static/pkg/py3.7/linux.txt b/requirements/static/pkg/py3.7/linux.txt index 0585f5aa5c79..0b88348435bd 100644 --- a/requirements/static/pkg/py3.7/linux.txt +++ b/requirements/static/pkg/py3.7/linux.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # pyopenssl diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index 90f0ad64b9fd..99733fb8079b 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -20,7 +20,7 @@ cherrypy==18.6.1 # via -r requirements/windows.txt contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/windows.txt # pyopenssl diff --git a/requirements/static/pkg/py3.8/freebsd.txt b/requirements/static/pkg/py3.8/freebsd.txt index 8baa680c8dd3..fd731dee62d7 100644 --- a/requirements/static/pkg/py3.8/freebsd.txt +++ b/requirements/static/pkg/py3.8/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/freebsd.in # pyopenssl diff --git a/requirements/static/pkg/py3.8/linux.txt b/requirements/static/pkg/py3.8/linux.txt index 35882187a40b..82dde6a54965 100644 --- a/requirements/static/pkg/py3.8/linux.txt +++ b/requirements/static/pkg/py3.8/linux.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # pyopenssl diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index ecccae81ab40..c1eff89b5695 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -20,7 +20,7 @@ cherrypy==18.6.1 # via -r requirements/windows.txt contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/windows.txt # pyopenssl diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index 6ccf6601b30b..2acb0ce72571 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -18,7 +18,7 @@ cherrypy==18.6.1 # via -r requirements/darwin.txt contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/darwin.txt # pyopenssl diff --git a/requirements/static/pkg/py3.9/freebsd.txt b/requirements/static/pkg/py3.9/freebsd.txt index 748fbd5a1a3f..04cd71935915 100644 --- a/requirements/static/pkg/py3.9/freebsd.txt +++ b/requirements/static/pkg/py3.9/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/freebsd.in # pyopenssl diff --git a/requirements/static/pkg/py3.9/linux.txt b/requirements/static/pkg/py3.9/linux.txt index f59b9cb4ccec..870ee43ba11d 100644 --- a/requirements/static/pkg/py3.9/linux.txt +++ b/requirements/static/pkg/py3.9/linux.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/static/pkg/linux.in # pyopenssl diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index e4555f864482..c9cc3c067dc3 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -20,7 +20,7 @@ cherrypy==18.6.1 # via -r requirements/windows.txt contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 ; python_version >= "3.7" +cryptography==41.0.4 ; python_version >= "3.7" # via # -r requirements/windows.txt # pyopenssl From 4351431a6a7bdb4e645b70bbd2456afcf226635e Mon Sep 17 00:00:00 2001 From: MKLeb Date: Tue, 26 Sep 2023 12:35:04 -0400 Subject: [PATCH 05/54] Check for `-` in the version number --- pkg/tests/support/helpers.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkg/tests/support/helpers.py b/pkg/tests/support/helpers.py index 11bfdb6185ba..6e4086521ed4 100644 --- a/pkg/tests/support/helpers.py +++ b/pkg/tests/support/helpers.py @@ -272,9 +272,10 @@ def get_version(self, version_only=False): ] pkg_version = 1 for number in pkg_numbers: - number = int(number.split("-")[1]) - if number > pkg_version: - pkg_version = number + if "-" in number: + number = int(number.split("-")[1]) + if number > pkg_version: + pkg_version = number major, minor = prev_version.split(".") if version_only: return version From 90135124c0323d2254d83f16687403f317e5920a Mon Sep 17 00:00:00 2001 From: MKLeb Date: Tue, 26 Sep 2023 16:40:44 -0400 Subject: [PATCH 06/54] Fix urls for macos/windows non-classic pre-relenv packages --- pkg/tests/support/helpers.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/tests/support/helpers.py b/pkg/tests/support/helpers.py index 6e4086521ed4..a8888bded2b0 100644 --- a/pkg/tests/support/helpers.py +++ b/pkg/tests/support/helpers.py @@ -755,8 +755,8 @@ def install_previous(self): if not self.classic: if not relenv: - win_pkg = f"salt-{self.prev_version}-windows-amd64.{self.file_ext}" - win_pkg_url = f"https://repo.saltproject.io/salt/py3/windows/{self.prev_version}/{win_pkg}" + win_pkg = f"salt-{self.prev_version}-{pkg_version}-windows-amd64.{self.file_ext}" + win_pkg_url = f"https://repo.saltproject.io/salt/py3/windows/{major_ver}/{win_pkg}" else: if self.file_ext == "msi": win_pkg = ( @@ -803,8 +803,8 @@ def install_previous(self): mac_pkg_url = f"https://repo.saltproject.io/osx/{mac_pkg}" else: if not relenv: - mac_pkg = f"salt-{self.prev_version}-macos-x86_64.pkg" - mac_pkg_url = f"https://repo.saltproject.io/salt/py3/macos/{self.prev_version}/{mac_pkg}" + mac_pkg = f"salt-{self.prev_version}-{pkg_version}-macos-x86_64.pkg" + mac_pkg_url = f"https://repo.saltproject.io/salt/py3/macos/{major_ver}/{mac_pkg}" else: mac_pkg = f"salt-{self.prev_version}-py3-x86_64.pkg" mac_pkg_url = f"https://repo.saltproject.io/salt/py3/macos/{major_ver}/{mac_pkg}" From c33977f96fc36f066aba929926cb44bc8ce8b9f8 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Sun, 24 Sep 2023 18:32:09 +0100 Subject: [PATCH 07/54] Bump to `docker==6.1.2` Signed-off-by: Pedro Algarvio --- requirements/static/ci/py3.10/cloud.txt | 4 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 4 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.10/pkgtests.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 4 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 4 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 4 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 4 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 4 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 4 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- .../unit/modules/dockermod/test_module.py | 57 ++++++------------- 24 files changed, 55 insertions(+), 64 deletions(-) diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index d824ccaef964..dd892c8653cc 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -410,7 +410,7 @@ dnspython==2.1.0 # via # -r requirements/static/ci/common.in # python-etcd -docker==5.0.2 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories @@ -627,6 +627,7 @@ oscrypto==1.2.1 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -860,6 +861,7 @@ typing-extensions==4.2.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 84d153a310b5..7bad065c90bd 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -408,7 +408,7 @@ dnspython==1.16.0 # via # -r requirements/static/ci/common.in # python-etcd -docker==5.0.3 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index e4ac6666cad7..e351fa1811b1 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -407,7 +407,7 @@ dnspython==1.16.0 # via # -r requirements/static/ci/common.in # python-etcd -docker==5.0.3 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index dae283998723..ab13ed283e0d 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -411,7 +411,7 @@ dnspython==2.1.0 # via # -r requirements/static/ci/common.in # python-etcd -docker==5.0.0 +docker==6.1.2 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in @@ -626,6 +626,7 @@ packaging==21.3 # via # -r requirements/base.txt # ansible-core + # docker paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via # -r requirements/static/ci/common.in @@ -832,6 +833,7 @@ tzlocal==3.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index 35207680b2fc..347648a43b28 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -421,7 +421,7 @@ dnspython==1.16.0 # via # -r requirements/static/ci/common.in # python-etcd -docker==5.0.3 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.10/pkgtests.txt b/requirements/static/ci/py3.10/pkgtests.txt index 127e64a88574..74afe3de9eb8 100644 --- a/requirements/static/ci/py3.10/pkgtests.txt +++ b/requirements/static/ci/py3.10/pkgtests.txt @@ -29,7 +29,7 @@ distro==1.8.0 # via # -r requirements/base.txt # pytest-skip-markers -docker==5.0.3 +docker==6.1.2 # via -r requirements/static/ci/pkgtests.in exceptiongroup==1.1.0 # via pytest diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index 218a65c8ec77..e138e141069d 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -93,7 +93,7 @@ dnspython==1.16.0 # python-etcd docker-pycreds==0.4.0 # via docker -docker==2.7.0 +docker==6.1.2 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 17d3dba33181..4664922b37b5 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -418,7 +418,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.2 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories @@ -666,6 +666,7 @@ oscrypto==1.2.1 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -922,6 +923,7 @@ typing-extensions==3.10.0.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 9842a5c61e89..6949163b85d8 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -415,7 +415,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.3 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index 9d08fbbd9fd3..43d491e7d512 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -421,7 +421,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.0 +docker==6.1.2 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in @@ -666,6 +666,7 @@ packaging==21.3 # via # -r requirements/base.txt # ansible-core + # docker paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via # -r requirements/static/ci/common.in @@ -899,6 +900,7 @@ tzlocal==3.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 1712ddc501b2..dea7be9559b2 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -429,7 +429,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.3 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 427ffbccb612..397ea5433de9 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -99,7 +99,7 @@ dnspython==1.16.0 # python-etcd docker-pycreds==0.4.0 # via docker -docker==2.7.0 +docker==6.1.2 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 719a9e8017fb..1b85bb98ce36 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -416,7 +416,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.2 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories @@ -655,6 +655,7 @@ oscrypto==1.2.1 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -905,6 +906,7 @@ typing-extensions==3.10.0.2 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 72fed05bd52d..16f3134a082c 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -413,7 +413,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.3 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index a4c9f88df2cd..a2b8c7daa77c 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -419,7 +419,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.0 +docker==6.1.2 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in @@ -657,6 +657,7 @@ packaging==21.3 # via # -r requirements/base.txt # ansible-core + # docker paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via # -r requirements/static/ci/common.in @@ -880,6 +881,7 @@ tzlocal==3.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 813e472060b2..61cf86d67fdc 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -427,7 +427,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.3 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index a569f4cc57e2..06c24389481b 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -95,7 +95,7 @@ dnspython==1.16.0 # python-etcd docker-pycreds==0.4.0 # via docker -docker==2.7.0 +docker==6.1.2 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 96475f416971..e3acbd776bc5 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -416,7 +416,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.2 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories @@ -655,6 +655,7 @@ oscrypto==1.2.1 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -908,6 +909,7 @@ typing-extensions==3.10.0.2 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index b7919e3ad5d8..67095c48b73f 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -414,7 +414,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.3 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index fa800ba551a7..f6086936f9f4 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -413,7 +413,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.3 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 28cce1cc6523..dd1e894850d3 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -417,7 +417,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.0 +docker==6.1.2 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in @@ -655,6 +655,7 @@ packaging==21.3 # via # -r requirements/base.txt # ansible-core + # docker paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via # -r requirements/static/ci/common.in @@ -881,6 +882,7 @@ tzlocal==3.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 2b12495b674d..2d02de112f48 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -429,7 +429,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==5.0.3 +docker==6.1.2 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index ca747c4bd01d..d5ad0bfe4c58 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -95,7 +95,7 @@ dnspython==1.16.0 # python-etcd docker-pycreds==0.4.0 # via docker -docker==2.7.0 +docker==6.1.2 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/tests/pytests/unit/modules/dockermod/test_module.py b/tests/pytests/unit/modules/dockermod/test_module.py index 8fb780649767..abfd101540df 100644 --- a/tests/pytests/unit/modules/dockermod/test_module.py +++ b/tests/pytests/unit/modules/dockermod/test_module.py @@ -9,14 +9,19 @@ import salt.loader import salt.modules.dockermod as docker_mod import salt.utils.platform +import salt.utils.versions from salt.exceptions import CommandExecutionError, SaltInvocationError from tests.support.mock import MagicMock, Mock, call, patch log = logging.getLogger(__name__) -pytest.importorskip( +docker = pytest.importorskip( "docker", reason="The python 'docker' package must be installed to run these tests" ) +docker_older_than_1_5_0_skip_marker = pytest.mark.skipif( + salt.utils.versions.Version(docker.__version__) < "1.5.0", + reason="docker module must be installed to run this test or is too old. <=1.5.0", +) @pytest.fixture @@ -354,10 +359,7 @@ def config_get_enabled(val, default): mine_mock.assert_called_once() -@pytest.mark.skipif( - docker_mod.docker.version_info < (1, 5, 0), - reason="docker module must be installed to run this test or is too old. >=1.5.0", -) +@docker_older_than_1_5_0_skip_marker def test_list_networks(): """ test list networks. @@ -378,10 +380,7 @@ def test_list_networks(): client.networks.assert_called_once_with(names=["foo"], ids=["01234"]) -@pytest.mark.skipif( - docker_mod.docker.version_info < (1, 5, 0), - reason="docker module must be installed to run this test or is too old. >=1.5.0", -) +@docker_older_than_1_5_0_skip_marker def test_create_network(): """ test create network. @@ -422,10 +421,7 @@ def test_create_network(): ) -@pytest.mark.skipif( - docker_mod.docker.version_info < (1, 5, 0), - reason="docker module must be installed to run this test or is too old. >=1.5.0", -) +@docker_older_than_1_5_0_skip_marker def test_remove_network(): """ test remove network. @@ -444,10 +440,7 @@ def test_remove_network(): client.remove_network.assert_called_once_with("foo") -@pytest.mark.skipif( - docker_mod.docker.version_info < (1, 5, 0), - reason="docker module must be installed to run this test or is too old. >=1.5.0", -) +@docker_older_than_1_5_0_skip_marker def test_inspect_network(): """ test inspect network. @@ -466,10 +459,7 @@ def test_inspect_network(): client.inspect_network.assert_called_once_with("foo") -@pytest.mark.skipif( - docker_mod.docker.version_info < (1, 5, 0), - reason="docker module must be installed to run this test or is too old. >=1.5.0", -) +@docker_older_than_1_5_0_skip_marker def test_connect_container_to_network(): """ test connect_container_to_network @@ -491,10 +481,7 @@ def test_connect_container_to_network(): client.connect_container_to_network.assert_called_once_with("container", "foo") -@pytest.mark.skipif( - docker_mod.docker.version_info < (1, 5, 0), - reason="docker module must be installed to run this test or is too old. >=1.5.0", -) +@docker_older_than_1_5_0_skip_marker def test_disconnect_container_from_network(): """ test disconnect_container_from_network @@ -513,10 +500,7 @@ def test_disconnect_container_from_network(): client.disconnect_container_from_network.assert_called_once_with("container", "foo") -@pytest.mark.skipif( - docker_mod.docker.version_info < (1, 5, 0), - reason="docker module must be installed to run this test or is too old. >=1.5.0", -) +@docker_older_than_1_5_0_skip_marker def test_list_volumes(): """ test list volumes. @@ -539,10 +523,7 @@ def test_list_volumes(): ) -@pytest.mark.skipif( - docker_mod.docker.version_info < (1, 5, 0), - reason="docker module must be installed to run this test or is too old. >=1.5.0", -) +@docker_older_than_1_5_0_skip_marker def test_create_volume(): """ test create volume. @@ -569,10 +550,7 @@ def test_create_volume(): ) -@pytest.mark.skipif( - docker_mod.docker.version_info < (1, 5, 0), - reason="docker module must be installed to run this test or is too old. >=1.5.0", -) +@docker_older_than_1_5_0_skip_marker def test_remove_volume(): """ test remove volume. @@ -591,10 +569,7 @@ def test_remove_volume(): client.remove_volume.assert_called_once_with("foo") -@pytest.mark.skipif( - docker_mod.docker.version_info < (1, 5, 0), - reason="docker module must be installed to run this test or is too old. >=1.5.0", -) +@docker_older_than_1_5_0_skip_marker def test_inspect_volume(): """ test inspect volume. From 88365fb69e725eb6e050208ecafbdf494d56680f Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Sun, 24 Sep 2023 18:35:35 +0100 Subject: [PATCH 08/54] Set `cgroupns` to `host` to fix the libvirt migration tests. This needs a newer version of the python docker package. The breakage was due to updating the docker container used. - https://github.com/saltstack/salt-ci-containers/pull/42 Signed-off-by: Pedro Algarvio --- requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.10/pkgtests.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- tests/filename_map.yml | 3 +++ tests/pytests/integration/modules/test_virt.py | 6 ++++-- 25 files changed, 30 insertions(+), 25 deletions(-) diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index dd892c8653cc..c4ef226b88d3 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -410,7 +410,7 @@ dnspython==2.1.0 # via # -r requirements/static/ci/common.in # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 7bad065c90bd..3a9a49938c53 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -408,7 +408,7 @@ dnspython==1.16.0 # via # -r requirements/static/ci/common.in # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index e351fa1811b1..75f6121878ce 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -407,7 +407,7 @@ dnspython==1.16.0 # via # -r requirements/static/ci/common.in # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index ab13ed283e0d..22f036172934 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -411,7 +411,7 @@ dnspython==2.1.0 # via # -r requirements/static/ci/common.in # python-etcd -docker==6.1.2 +docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index 347648a43b28..ecec2c66f245 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -421,7 +421,7 @@ dnspython==1.16.0 # via # -r requirements/static/ci/common.in # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.10/pkgtests.txt b/requirements/static/ci/py3.10/pkgtests.txt index 74afe3de9eb8..1f1d708aa924 100644 --- a/requirements/static/ci/py3.10/pkgtests.txt +++ b/requirements/static/ci/py3.10/pkgtests.txt @@ -29,7 +29,7 @@ distro==1.8.0 # via # -r requirements/base.txt # pytest-skip-markers -docker==6.1.2 +docker==6.1.3 # via -r requirements/static/ci/pkgtests.in exceptiongroup==1.1.0 # via pytest diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index e138e141069d..91614b93c2ad 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -93,7 +93,7 @@ dnspython==1.16.0 # python-etcd docker-pycreds==0.4.0 # via docker -docker==6.1.2 +docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 4664922b37b5..558726fa8fde 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -418,7 +418,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 6949163b85d8..4453f54105d5 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -415,7 +415,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index 43d491e7d512..1d58a70696a3 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -421,7 +421,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index dea7be9559b2..7a2786873f4e 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -429,7 +429,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 397ea5433de9..2d640ff2ecb7 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -99,7 +99,7 @@ dnspython==1.16.0 # python-etcd docker-pycreds==0.4.0 # via docker -docker==6.1.2 +docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 1b85bb98ce36..f787652bf5c8 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -416,7 +416,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 16f3134a082c..576e68fb7623 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -413,7 +413,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index a2b8c7daa77c..2df5c5dc9b91 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -419,7 +419,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 61cf86d67fdc..2e9eabc7d996 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -427,7 +427,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 06c24389481b..c3a03a7a4f7f 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -95,7 +95,7 @@ dnspython==1.16.0 # python-etcd docker-pycreds==0.4.0 # via docker -docker==6.1.2 +docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index e3acbd776bc5..46176c6fec16 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -416,7 +416,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 67095c48b73f..1cb99e0014a7 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -414,7 +414,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index f6086936f9f4..1bd3033806eb 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -413,7 +413,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index dd1e894850d3..995bf0459fdd 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -417,7 +417,7 @@ dnspython==2.1.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 2d02de112f48..019a06cc8e6b 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -429,7 +429,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # ciscoconfparse # python-etcd -docker==6.1.2 +docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index d5ad0bfe4c58..5f33e8c3821f 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -95,7 +95,7 @@ dnspython==1.16.0 # python-etcd docker-pycreds==0.4.0 # via docker -docker==6.1.2 +docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" # via -r requirements/static/ci/common.in diff --git a/tests/filename_map.yml b/tests/filename_map.yml index 6e5da60df433..ded66d324101 100644 --- a/tests/filename_map.yml +++ b/tests/filename_map.yml @@ -323,6 +323,9 @@ salt/(minion\.py|channel/.+|transport/.+): tests/support/mock.py: - unit.test_mock +tests/support/virt.py: + - pytests.integration.modules.test_virt + tests/support/pytest/mysql.py: - pytests.functional.states.test_mysql - pytests.functional.modules.test_mysql diff --git a/tests/pytests/integration/modules/test_virt.py b/tests/pytests/integration/modules/test_virt.py index 57ec239c4e91..571335be719a 100644 --- a/tests/pytests/integration/modules/test_virt.py +++ b/tests/pytests/integration/modules/test_virt.py @@ -66,7 +66,8 @@ def virt_minion_0( "extra_hosts": { virt_minion_0_id: "127.0.0.1", virt_minion_1_id: "127.0.0.1", - } + }, + "cgroupns": "host", }, pull_before_start=True, skip_on_pull_failure=True, @@ -103,7 +104,8 @@ def virt_minion_1( "extra_hosts": { virt_minion_0_id: "127.0.0.1", virt_minion_1_id: "127.0.0.1", - } + }, + "cgroupns": "host", }, pull_before_start=True, skip_on_pull_failure=True, From e3cbe1fac59521e9500113498d4445f4ec000483 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Mon, 25 Sep 2023 11:13:00 +0100 Subject: [PATCH 09/54] Fix pre-commit regarding static requirements compilation Signed-off-by: Pedro Algarvio --- requirements/static/ci/py3.10/darwin.txt | 2 ++ requirements/static/ci/py3.10/freebsd.txt | 2 ++ requirements/static/ci/py3.10/linux.txt | 2 ++ requirements/static/ci/py3.10/pkgtests.txt | 5 ++++- requirements/static/ci/py3.10/windows.txt | 7 +++---- requirements/static/ci/py3.7/freebsd.txt | 2 ++ requirements/static/ci/py3.7/linux.txt | 2 ++ requirements/static/ci/py3.7/windows.txt | 7 +++---- requirements/static/ci/py3.8/freebsd.txt | 2 ++ requirements/static/ci/py3.8/linux.txt | 2 ++ requirements/static/ci/py3.8/windows.txt | 7 +++---- requirements/static/ci/py3.9/darwin.txt | 2 ++ requirements/static/ci/py3.9/freebsd.txt | 2 ++ requirements/static/ci/py3.9/linux.txt | 2 ++ requirements/static/ci/py3.9/windows.txt | 7 +++---- 15 files changed, 36 insertions(+), 17 deletions(-) diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 3a9a49938c53..8e307ed41b5a 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -626,6 +626,7 @@ oscrypto==1.2.0 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest paramiko==2.10.1 # via @@ -842,6 +843,7 @@ typing-extensions==4.2.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 75f6121878ce..0e2fca9170d1 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -624,6 +624,7 @@ oscrypto==1.2.0 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -843,6 +844,7 @@ typing-extensions==4.2.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index ecec2c66f245..68522447eda5 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -637,6 +637,7 @@ packaging==22.0 # via # -r requirements/base.txt # ansible-core + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -890,6 +891,7 @@ tzlocal==2.1 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.10/pkgtests.txt b/requirements/static/ci/py3.10/pkgtests.txt index 1f1d708aa924..170a81d2350f 100644 --- a/requirements/static/ci/py3.10/pkgtests.txt +++ b/requirements/static/ci/py3.10/pkgtests.txt @@ -79,6 +79,7 @@ msgpack==1.0.4 packaging==23.0 # via # -r requirements/base.txt + # docker # pytest platformdirs==2.6.2 # via virtualenv @@ -145,7 +146,9 @@ typing-extensions==4.4.0 # pytest-shell-utilities # pytest-system-statistics urllib3==1.26.14 - # via requests + # via + # docker + # requests virtualenv==20.17.1 # via pytest-salt-factories websocket-client==1.5.1 diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index 91614b93c2ad..dae8490c40a0 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -91,8 +91,6 @@ dnspython==1.16.0 # via # -r requirements/static/ci/common.in # python-etcd -docker-pycreds==0.4.0 - # via docker docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" @@ -197,6 +195,7 @@ ntlm-auth==1.5.0 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest passlib[bcrypt]==1.7.4 # via -r requirements/static/ci/common.in @@ -309,6 +308,7 @@ pyvmomi==6.7.1.2018.12 pywin32==305 # via # -r requirements/windows.txt + # docker # pytest-skip-markers # wmi pywinrm==0.4.1 @@ -356,8 +356,6 @@ six==1.15.0 # via # cassandra-driver # cheroot - # docker - # docker-pycreds # etcd3-py # genshi # geomet @@ -392,6 +390,7 @@ urllib3==1.26.6 # via # -r requirements/windows.txt # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 4453f54105d5..2ef2126e98e7 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -657,6 +657,7 @@ oscrypto==1.2.0 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -899,6 +900,7 @@ typing-extensions==3.10.0.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 7a2786873f4e..c3efe9ed85c7 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -670,6 +670,7 @@ packaging==21.3 # via # -r requirements/base.txt # ansible-core + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -948,6 +949,7 @@ tzlocal==2.1 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 2d640ff2ecb7..781443c7bb70 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -97,8 +97,6 @@ dnspython==1.16.0 # via # -r requirements/static/ci/common.in # python-etcd -docker-pycreds==0.4.0 - # via docker docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" @@ -211,6 +209,7 @@ ntlm-auth==1.5.0 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest passlib[bcrypt]==1.7.4 # via -r requirements/static/ci/common.in @@ -323,6 +322,7 @@ pywin32==305 # via # -r requirements/windows.txt # cherrypy + # docker # pytest-skip-markers # wmi pywinrm==0.4.1 @@ -370,8 +370,6 @@ six==1.15.0 # via # cassandra-driver # cheroot - # docker - # docker-pycreds # etcd3-py # genshi # geomet @@ -412,6 +410,7 @@ urllib3==1.26.6 # via # -r requirements/windows.txt # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 576e68fb7623..562047b31c4c 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -647,6 +647,7 @@ oscrypto==1.2.0 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -884,6 +885,7 @@ typing-extensions==4.2.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 2e9eabc7d996..9018d632f8b7 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -660,6 +660,7 @@ packaging==22.0 # via # -r requirements/base.txt # ansible-core + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -931,6 +932,7 @@ tzlocal==2.1 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index c3a03a7a4f7f..77434b13eb7e 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -93,8 +93,6 @@ dnspython==1.16.0 # via # -r requirements/static/ci/common.in # python-etcd -docker-pycreds==0.4.0 - # via docker docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" @@ -199,6 +197,7 @@ ntlm-auth==1.5.0 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest passlib[bcrypt]==1.7.4 # via -r requirements/static/ci/common.in @@ -311,6 +310,7 @@ pywin32==305 # via # -r requirements/windows.txt # cherrypy + # docker # pytest-skip-markers # wmi pywinrm==0.4.1 @@ -358,8 +358,6 @@ six==1.15.0 # via # cassandra-driver # cheroot - # docker - # docker-pycreds # etcd3-py # genshi # geomet @@ -395,6 +393,7 @@ urllib3==1.26.6 # via # -r requirements/windows.txt # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 1cb99e0014a7..03a1bb7f2bff 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -649,6 +649,7 @@ oscrypto==1.2.0 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest paramiko==2.10.1 # via @@ -886,6 +887,7 @@ typing-extensions==4.2.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 1bd3033806eb..6a28aa2c7682 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -647,6 +647,7 @@ oscrypto==1.2.0 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -887,6 +888,7 @@ typing-extensions==4.2.0 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 019a06cc8e6b..9cf46345f8f4 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -662,6 +662,7 @@ packaging==22.0 # via # -r requirements/base.txt # ansible-core + # docker # pytest paramiko==2.10.1 ; sys_platform != "win32" and sys_platform != "darwin" # via @@ -936,6 +937,7 @@ tzlocal==2.1 urllib3==1.26.6 # via # botocore + # docker # kubernetes # python-etcd # requests diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 5f33e8c3821f..8ad28c6a663e 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -93,8 +93,6 @@ dnspython==1.16.0 # via # -r requirements/static/ci/common.in # python-etcd -docker-pycreds==0.4.0 - # via docker docker==6.1.3 # via -r requirements/static/ci/common.in etcd3-py==0.1.6 ; python_version >= "3.6" @@ -199,6 +197,7 @@ ntlm-auth==1.5.0 packaging==21.3 # via # -r requirements/base.txt + # docker # pytest passlib[bcrypt]==1.7.4 # via -r requirements/static/ci/common.in @@ -312,6 +311,7 @@ pywin32==305 # via # -r requirements/windows.txt # cherrypy + # docker # pytest-skip-markers # wmi pywinrm==0.4.1 @@ -359,8 +359,6 @@ six==1.15.0 # via # cassandra-driver # cheroot - # docker - # docker-pycreds # etcd3-py # genshi # geomet @@ -396,6 +394,7 @@ urllib3==1.26.6 # via # -r requirements/windows.txt # botocore + # docker # kubernetes # python-etcd # requests From 286d55eb5a6e6bf9428405bdf5632b419bdf8444 Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Thu, 28 Sep 2023 07:58:09 -0600 Subject: [PATCH 10/54] Add pytest integration pre_flight integration tests for CVE-2023-34049 --- tests/integration/ssh/test_pre_flight.py | 132 -------- .../integration/ssh/test_pre_flight.py | 309 ++++++++++++++++++ 2 files changed, 309 insertions(+), 132 deletions(-) delete mode 100644 tests/integration/ssh/test_pre_flight.py create mode 100644 tests/pytests/integration/ssh/test_pre_flight.py diff --git a/tests/integration/ssh/test_pre_flight.py b/tests/integration/ssh/test_pre_flight.py deleted file mode 100644 index 1598b3d51b5d..000000000000 --- a/tests/integration/ssh/test_pre_flight.py +++ /dev/null @@ -1,132 +0,0 @@ -""" -Test for ssh_pre_flight roster option -""" - -import os - -import pytest - -import salt.utils.files -from tests.support.case import SSHCase -from tests.support.runtests import RUNTIME_VARS - - -class SSHPreFlightTest(SSHCase): - """ - Test ssh_pre_flight roster option - """ - - def setUp(self): - super().setUp() - self.roster = os.path.join(RUNTIME_VARS.TMP, "pre_flight_roster") - self.data = { - "ssh_pre_flight": os.path.join(RUNTIME_VARS.TMP, "ssh_pre_flight.sh") - } - self.test_script = os.path.join( - RUNTIME_VARS.TMP, "test-pre-flight-script-worked.txt" - ) - - def _create_roster(self, pre_flight_script_args=None): - data = dict(self.data) - if pre_flight_script_args: - data["ssh_pre_flight_args"] = pre_flight_script_args - - self.custom_roster(self.roster, data) - - with salt.utils.files.fopen(data["ssh_pre_flight"], "w") as fp_: - fp_.write("touch {}".format(self.test_script)) - - @pytest.mark.slow_test - def test_ssh_pre_flight(self): - """ - test ssh when ssh_pre_flight is set - ensure the script runs successfully - """ - self._create_roster() - assert self.run_function("test.ping", roster_file=self.roster) - - assert os.path.exists(self.test_script) - - @pytest.mark.slow_test - def test_ssh_run_pre_flight(self): - """ - test ssh when --pre-flight is passed to salt-ssh - to ensure the script runs successfully - """ - self._create_roster() - # make sure we previously ran a command so the thin dir exists - self.run_function("test.ping", wipe=False) - assert not os.path.exists(self.test_script) - - assert self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - assert os.path.exists(self.test_script) - - @pytest.mark.slow_test - def test_ssh_run_pre_flight_args(self): - """ - test ssh when --pre-flight is passed to salt-ssh - to ensure the script runs successfully passing some args - """ - self._create_roster(pre_flight_script_args="foobar test") - # make sure we previously ran a command so the thin dir exists - self.run_function("test.ping", wipe=False) - assert not os.path.exists(self.test_script) - - assert self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - assert os.path.exists(self.test_script) - - @pytest.mark.slow_test - def test_ssh_run_pre_flight_args_prevent_injection(self): - """ - test ssh when --pre-flight is passed to salt-ssh - and evil arguments are used in order to produce shell injection - """ - injected_file = os.path.join(RUNTIME_VARS.TMP, "injection") - self._create_roster( - pre_flight_script_args="foobar; echo injected > {}".format(injected_file) - ) - # make sure we previously ran a command so the thin dir exists - self.run_function("test.ping", wipe=False) - assert not os.path.exists(self.test_script) - assert not os.path.isfile(injected_file) - - assert self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - - assert not os.path.isfile( - injected_file - ), "File injection suceeded. This shouldn't happend" - - @pytest.mark.slow_test - def test_ssh_run_pre_flight_failure(self): - """ - test ssh_pre_flight when there is a failure - in the script. - """ - self._create_roster() - with salt.utils.files.fopen(self.data["ssh_pre_flight"], "w") as fp_: - fp_.write("exit 2") - - ret = self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - assert ret["retcode"] == 2 - - def tearDown(self): - """ - make sure to clean up any old ssh directories - """ - files = [ - self.roster, - self.data["ssh_pre_flight"], - self.test_script, - os.path.join(RUNTIME_VARS.TMP, "injection"), - ] - for fp_ in files: - if os.path.exists(fp_): - os.remove(fp_) diff --git a/tests/pytests/integration/ssh/test_pre_flight.py b/tests/pytests/integration/ssh/test_pre_flight.py new file mode 100644 index 000000000000..78b2b751f2bc --- /dev/null +++ b/tests/pytests/integration/ssh/test_pre_flight.py @@ -0,0 +1,309 @@ +""" +Test for ssh_pre_flight roster option +""" + +import grp +import os +import pathlib +import pwd +import shutil +import subprocess + +import pytest +import yaml +from saltfactories.utils import random_string + +import salt.utils.files + + +def _custom_roster(roster_file, roster_data): + with salt.utils.files.fopen(roster_file, "r") as fp: + data = salt.utils.yaml.safe_load(fp) + for key, item in roster_data.items(): + data["localhost"][key] = item + with salt.utils.files.fopen(roster_file, "w") as fp: + yaml.safe_dump(data, fp) + + +@pytest.fixture +def _create_roster(salt_ssh_roster_file, tmp_path): + ret = {} + ret["roster"] = salt_ssh_roster_file + ret["data"] = {"ssh_pre_flight": str(tmp_path / "ssh_pre_flight.sh")} + ret["test_script"] = str(tmp_path / "test-pre-flight-script-worked.txt") + ret["thin_dir"] = tmp_path / "thin_dir" + + with salt.utils.files.fopen(salt_ssh_roster_file, "r") as fp: + data = salt.utils.yaml.safe_load(fp) + pre_flight_script = ret["data"]["ssh_pre_flight"] + data["localhost"]["ssh_pre_flight"] = pre_flight_script + data["localhost"]["thin_dir"] = str(ret["thin_dir"]) + with salt.utils.files.fopen(salt_ssh_roster_file, "w") as fp: + yaml.safe_dump(data, fp) + + with salt.utils.files.fopen(pre_flight_script, "w") as fp: + fp.write("touch {}".format(ret["test_script"])) + + yield ret + if ret["thin_dir"].exists(): + shutil.rmtree(ret["thin_dir"]) + + +@pytest.mark.slow_test +def test_ssh_pre_flight(salt_ssh_cli, caplog, _create_roster): + """ + test ssh when ssh_pre_flight is set + ensure the script runs successfully + """ + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + + assert pathlib.Path(_create_roster["test_script"]).exists() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight(salt_ssh_cli, _create_roster): + """ + test ssh when --pre-flight is passed to salt-ssh + to ensure the script runs successfully + """ + # make sure we previously ran a command so the thin dir exists + ret = salt_ssh_cli.run("test.ping") + assert pathlib.Path(_create_roster["test_script"]).exists() + + # Now remeove the script to ensure pre_flight doesn't run + # without --pre-flight + pathlib.Path(_create_roster["test_script"]).unlink() + + assert salt_ssh_cli.run("test.ping").returncode == 0 + assert not pathlib.Path(_create_roster["test_script"]).exists() + + # Now ensure + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + assert pathlib.Path(_create_roster["test_script"]).exists() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight_args(salt_ssh_cli, _create_roster): + """ + test ssh when --pre-flight is passed to salt-ssh + to ensure the script runs successfully passing some args + """ + _custom_roster(salt_ssh_cli.roster_file, {"ssh_pre_flight_args": "foobar test"}) + # Create pre_flight script that accepts args + test_script = _create_roster["test_script"] + test_script_1 = pathlib.Path(test_script + "-foobar") + test_script_2 = pathlib.Path(test_script + "-test") + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp: + fp.write( + f""" + touch {str(test_script)}-$1 + touch {str(test_script)}-$2 + """ + ) + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + assert test_script_1.exists() + assert test_script_2.exists() + pathlib.Path(test_script_1).unlink() + pathlib.Path(test_script_2).unlink() + + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + assert not test_script_1.exists() + assert not test_script_2.exists() + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + assert test_script_1.exists() + assert test_script_2.exists() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight_args_prevent_injection( + salt_ssh_cli, _create_roster, tmp_path +): + """ + test ssh when --pre-flight is passed to salt-ssh + and evil arguments are used in order to produce shell injection + """ + injected_file = tmp_path / "injection" + _custom_roster( + salt_ssh_cli.roster_file, + {"ssh_pre_flight_args": f"foobar; echo injected > {str(injected_file)}"}, + ) + # Create pre_flight script that accepts args + test_script = _create_roster["test_script"] + test_script_1 = pathlib.Path(test_script + "-echo") + test_script_2 = pathlib.Path(test_script + "-foobar;") + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp: + fp.write( + f""" + touch {str(test_script)}-$1 + touch {str(test_script)}-$2 + """ + ) + + # make sure we previously ran a command so the thin dir exists + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + assert test_script_1.exists() + assert test_script_2.exists() + test_script_1.unlink() + test_script_2.unlink() + assert not injected_file.is_file() + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + + assert test_script_1.exists() + assert test_script_2.exists() + assert not pathlib.Path( + injected_file + ).is_file(), "File injection suceeded. This shouldn't happend" + + +@pytest.mark.flaky(max_runs=4) +@pytest.mark.slow_test +def test_ssh_run_pre_flight_failure(salt_ssh_cli, _create_roster): + """ + test ssh_pre_flight when there is a failure + in the script. + """ + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp_: + fp_.write("exit 2") + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.data["retcode"] == 2 + + +@pytest.fixture +def account(): + username = random_string("test-account-", uppercase=False) + with pytest.helpers.create_account(username=username) as account: + yield account + + +@pytest.mark.slow_test +def test_ssh_pre_flight_script(salt_ssh_cli, caplog, _create_roster, tmp_path, account): + """ + Test to ensure user cannot create and run a script + with the expected pre_flight script path on target. + """ + try: + script = pathlib.Path.home() / "hacked" + tmp_preflight = pathlib.Path("/tmp", "ssh_pre_flight.sh") + tmp_preflight.write_text(f"touch {script}") + os.chown(tmp_preflight, account.info.uid, account.info.gid) + ret = salt_ssh_cli.run("test.ping") + assert not script.is_file() + assert ret.returncode == 0 + assert ret.stdout == '{\n"localhost": true\n}\n' + finally: + for _file in [script, tmp_preflight]: + if _file.is_file(): + _file.unlink() + + +def demote(user_uid, user_gid): + def result(): + # os.setgid does not remove group membership, so we remove them here so they are REALLY non-root + os.setgroups([]) + os.setgid(user_gid) + os.setuid(user_uid) + + return result + + +@pytest.mark.slow_test +def test_ssh_pre_flight_perms(salt_ssh_cli, caplog, _create_roster, account): + """ + Test to ensure standard user cannot run pre flight script + on target when user sets wrong permissions (777) on + ssh_pre_flight script. + """ + try: + script = pathlib.Path("/tmp", "itworked") + preflight = pathlib.Path("/ssh_pre_flight.sh") + preflight.write_text(f"touch {str(script)}") + tmp_preflight = pathlib.Path("/tmp", preflight.name) + + _custom_roster(salt_ssh_cli.roster_file, {"ssh_pre_flight": str(preflight)}) + preflight.chmod(0o0777) + run_script = pathlib.Path("/run_script") + run_script.write_text( + f""" + x=1 + while [ $x -le 200000 ]; do + SCRIPT=`bash {str(tmp_preflight)} 2> /dev/null; echo $?` + if [ ${{SCRIPT}} == 0 ]; then + break + fi + x=$(( $x + 1 )) + done + """ + ) + run_script.chmod(0o0777) + # pylint: disable=W1509 + ret = subprocess.Popen( + ["sh", f"{run_script}"], + preexec_fn=demote(account.info.uid, account.info.gid), + stdout=None, + stderr=None, + stdin=None, + universal_newlines=True, + ) + # pylint: enable=W1509 + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + + # Lets make sure a different user other than root + # Didn't run the script + assert os.stat(script).st_uid != account.info.uid + assert script.is_file() + finally: + for _file in [script, preflight, tmp_preflight, run_script]: + if _file.is_file(): + _file.unlink() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight_target_file_perms(salt_ssh_cli, _create_roster, tmp_path): + """ + test ssh_pre_flight to ensure the target pre flight script + has the correct perms + """ + perms_file = tmp_path / "perms" + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp_: + fp_.write( + f""" + SCRIPT_NAME=$0 + stat -L -c "%a %G %U" $SCRIPT_NAME > {perms_file} + """ + ) + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + with salt.utils.files.fopen(perms_file) as fp: + data = fp.read() + assert data.split()[0] == "600" + uid = os.getuid() + gid = os.getgid() + assert data.split()[1] == grp.getgrgid(gid).gr_name + assert data.split()[2] == pwd.getpwuid(uid).pw_name From 7a14112f2a16ce70e3c3e1862c92e37af5f2c7a4 Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Thu, 28 Sep 2023 07:59:29 -0600 Subject: [PATCH 11/54] Fix CVE-2023-34049 --- changelog/cve-2023-34049.security.md | 2 + salt/client/ssh/__init__.py | 56 +++- tests/pytests/unit/client/ssh/test_single.py | 299 ++++++++++++++++--- tests/pytests/unit/client/ssh/test_ssh.py | 110 +++++++ 4 files changed, 416 insertions(+), 51 deletions(-) create mode 100644 changelog/cve-2023-34049.security.md diff --git a/changelog/cve-2023-34049.security.md b/changelog/cve-2023-34049.security.md new file mode 100644 index 000000000000..6b0ca190a277 --- /dev/null +++ b/changelog/cve-2023-34049.security.md @@ -0,0 +1,2 @@ +Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. +This only impacts salt-ssh users using the pre-flight option. diff --git a/salt/client/ssh/__init__.py b/salt/client/ssh/__init__.py index 0d9ac9509b64..e9c290e13ff4 100644 --- a/salt/client/ssh/__init__.py +++ b/salt/client/ssh/__init__.py @@ -11,9 +11,11 @@ import logging import multiprocessing import os +import pathlib import queue import re import shlex +import shutil import subprocess import sys import tarfile @@ -467,7 +469,14 @@ def key_deploy(self, host, ret): if target.get("passwd", False) or self.opts["ssh_passwd"]: self._key_deploy_run(host, target, False) return ret - if ret[host].get("stderr", "").count("Permission denied"): + stderr = ret[host].get("stderr", "") + # -failed to upload file- is detecting scp errors + # Errors to ignore when Permission denied is in the stderr. For example + # scp can get a permission denied on the target host, but they where + # able to accurate authenticate against the box + ignore_err = ["failed to upload file"] + check_err = [x for x in ignore_err if stderr.count(x)] + if "Permission denied" in stderr and not check_err: target = self.targets[host] # permission denied, attempt to auto deploy ssh key print( @@ -1007,11 +1016,32 @@ def run_ssh_pre_flight(self): """ Run our pre_flight script before running any ssh commands """ - script = os.path.join(tempfile.gettempdir(), self.ssh_pre_file) - - self.shell.send(self.ssh_pre_flight, script) + with tempfile.NamedTemporaryFile() as temp: + # ensure we use copyfile to not copy the file attributes + # we want to ensure we use the perms set by the secure + # NamedTemporaryFile + try: + shutil.copyfile(self.ssh_pre_flight, temp.name) + except OSError as err: + return ( + "", + f"Could not copy pre flight script {self.ssh_pre_flight} to temporary path", + 1, + ) + target_script = f".{pathlib.Path(temp.name).name}" + log.trace(f"Copying the pre flight script {self.ssh_pre_file} to target") + stdout, stderr, retcode = self.shell.send(temp.name, target_script) + if retcode != 0: + # We could not copy the script to the target + log.error( + f"Could not copy the pre flight script {self.ssh_pre_file} to target" + ) + return stdout, stderr, retcode - return self.execute_script(script, script_args=self.ssh_pre_flight_args) + log.trace(f"Executing the pre flight script {self.ssh_pre_file} on target") + return self.execute_script( + target_script, script_args=self.ssh_pre_flight_args + ) def check_thin_dir(self): """ @@ -1388,18 +1418,20 @@ def shim_cmd(self, cmd_str, extension="py"): return self.shell.exec_cmd(cmd_str) # Write the shim to a temporary file in the default temp directory - with tempfile.NamedTemporaryFile( - mode="w+b", prefix="shim_", delete=False - ) as shim_tmp_file: + with tempfile.NamedTemporaryFile(mode="w+b", delete=False) as shim_tmp_file: shim_tmp_file.write(salt.utils.stringutils.to_bytes(cmd_str)) # Copy shim to target system, under $HOME/. - target_shim_file = ".{}.{}".format( - binascii.hexlify(os.urandom(6)).decode("ascii"), extension - ) + target_shim_file = f".{pathlib.Path(shim_tmp_file.name).name}" + if self.winrm: target_shim_file = saltwinshell.get_target_shim_file(self, target_shim_file) - self.shell.send(shim_tmp_file.name, target_shim_file, makedirs=True) + stdout, stderr, retcode = self.shell.send( + shim_tmp_file.name, target_shim_file, makedirs=True + ) + if retcode != 0: + log.error(f"Could not copy the shim script to target") + return stdout, stderr, retcode # Remove our shim file try: diff --git a/tests/pytests/unit/client/ssh/test_single.py b/tests/pytests/unit/client/ssh/test_single.py index f97519d5cc22..91c5e7db914c 100644 --- a/tests/pytests/unit/client/ssh/test_single.py +++ b/tests/pytests/unit/client/ssh/test_single.py @@ -1,6 +1,5 @@ -import os +import logging import re -import tempfile from textwrap import dedent import pytest @@ -16,6 +15,8 @@ from salt.client import ssh from tests.support.mock import MagicMock, call, patch +log = logging.getLogger(__name__) + @pytest.fixture def opts(tmp_path): @@ -59,7 +60,7 @@ def test_single_opts(opts, target): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) assert single.shell._ssh_opts() == "" @@ -87,7 +88,7 @@ def test_run_with_pre_flight(opts, target, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("Success", "", 0) @@ -122,7 +123,7 @@ def test_run_with_pre_flight_with_args(opts, target, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("Success", "foobar", 0) @@ -156,7 +157,7 @@ def test_run_with_pre_flight_stderr(opts, target, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("", "Error running script", 1) @@ -190,7 +191,7 @@ def test_run_with_pre_flight_script_doesnot_exist(opts, target, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("Success", "", 0) @@ -224,7 +225,7 @@ def test_run_with_pre_flight_thin_dir_exists(opts, target, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("", "", 0) @@ -242,6 +243,39 @@ def test_run_with_pre_flight_thin_dir_exists(opts, target, tmp_path): assert ret == cmd_ret +def test_run_ssh_pre_flight(opts, target, tmp_path): + """ + test Single.run_ssh_pre_flight function + """ + target["ssh_pre_flight"] = str(tmp_path / "script.sh") + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + cmd_ret = ("Success", "", 0) + mock_flight = MagicMock(return_value=cmd_ret) + mock_cmd = MagicMock(return_value=cmd_ret) + patch_flight = patch("salt.client.ssh.Single.run_ssh_pre_flight", mock_flight) + patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) + patch_exec_cmd = patch( + "salt.client.ssh.shell.Shell.exec_cmd", return_value=("", "", 1) + ) + patch_os = patch("os.path.exists", side_effect=[True]) + + with patch_os, patch_flight, patch_cmd, patch_exec_cmd: + ret = single.run() + mock_cmd.assert_called() + mock_flight.assert_called() + assert ret == cmd_ret + + def test_execute_script(opts, target, tmp_path): """ test Single.execute_script() @@ -255,7 +289,7 @@ def test_execute_script(opts, target, tmp_path): thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, winrm=False, - **target + **target, ) exp_ret = ("Success", "", 0) @@ -273,7 +307,7 @@ def test_execute_script(opts, target, tmp_path): ] == mock_cmd.call_args_list -def test_shim_cmd(opts, target): +def test_shim_cmd(opts, target, tmp_path): """ test Single.shim_cmd() """ @@ -287,7 +321,7 @@ def test_shim_cmd(opts, target): mine=False, winrm=False, tty=True, - **target + **target, ) exp_ret = ("Success", "", 0) @@ -295,21 +329,24 @@ def test_shim_cmd(opts, target): patch_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_cmd) patch_send = patch("salt.client.ssh.shell.Shell.send", return_value=("", "", 0)) patch_rand = patch("os.urandom", return_value=b"5\xd9l\xca\xc2\xff") + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file - with patch_cmd, patch_rand, patch_send: + with patch_cmd, patch_tmp, patch_send: ret = single.shim_cmd(cmd_str="echo test") assert ret == exp_ret assert [ - call("/bin/sh '.35d96ccac2ff.py'"), - call("rm '.35d96ccac2ff.py'"), + call(f"/bin/sh '.{tmp_file.name}'"), + call(f"rm '.{tmp_file.name}'"), ] == mock_cmd.call_args_list -def test_run_ssh_pre_flight(opts, target, tmp_path): +def test_shim_cmd_copy_fails(opts, target, caplog): """ - test Single.run_ssh_pre_flight + test Single.shim_cmd() when copying the file fails """ - target["ssh_pre_flight"] = str(tmp_path / "script.sh") single = ssh.Single( opts, opts["argv"], @@ -320,24 +357,205 @@ def test_run_ssh_pre_flight(opts, target, tmp_path): mine=False, winrm=False, tty=True, - **target + **target, ) - exp_ret = ("Success", "", 0) - mock_cmd = MagicMock(return_value=exp_ret) + ret_cmd = ("Success", "", 0) + mock_cmd = MagicMock(return_value=ret_cmd) patch_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_cmd) - patch_send = patch("salt.client.ssh.shell.Shell.send", return_value=exp_ret) - exp_tmp = os.path.join( - tempfile.gettempdir(), os.path.basename(target["ssh_pre_flight"]) + ret_send = ("", "General error in file copy", 1) + patch_send = patch("salt.client.ssh.shell.Shell.send", return_value=ret_send) + patch_rand = patch("os.urandom", return_value=b"5\xd9l\xca\xc2\xff") + + with patch_cmd, patch_rand, patch_send: + ret = single.shim_cmd(cmd_str="echo test") + assert ret == ret_send + assert "Could not copy the shim script to target" in caplog.text + mock_cmd.assert_not_called() + + +def test_run_ssh_pre_flight_no_connect(opts, target, tmp_path, caplog): + """ + test Single.run_ssh_pre_flight when you + cannot connect to the target + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + mock_exec_cmd = MagicMock(return_value=("", "", 1)) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + ret_send = ( + "", + "ssh: connect to host 192.168.1.186 port 22: No route to host\nscp: Connection closed\n", + 255, + ) + send_mock = MagicMock(return_value=ret_send) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) + + with caplog.at_level(logging.TRACE): + with patch_send, patch_exec_cmd, patch_tmp: + ret = single.run_ssh_pre_flight() + assert f"Copying the pre flight script {pre_flight.name}" in caplog.text + assert ( + f"Could not copy the pre flight script {pre_flight.name} to target" + in caplog.text + ) + assert ret == ret_send + assert send_mock.call_args_list[0][0][0] == tmp_file + target_script = send_mock.call_args_list[0][0][1] + assert re.search(r".[a-z0-9]+", target_script) + mock_exec_cmd.assert_not_called() + + +def test_run_ssh_pre_flight_permission_denied(opts, target, tmp_path): + """ + test Single.run_ssh_pre_flight when you + cannot copy script to the target due to + a permission denied error + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + mock_exec_cmd = MagicMock(return_value=("", "", 1)) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + ret_send = ( + "", + 'scp: dest open "/tmp/preflight.sh": Permission denied\nscp: failed to upload file /etc/salt/preflight.sh to /tmp/preflight.sh\n', + 255, ) + send_mock = MagicMock(return_value=ret_send) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) - with patch_cmd, patch_send: + with patch_send, patch_exec_cmd, patch_tmp: ret = single.run_ssh_pre_flight() - assert ret == exp_ret - assert [ - call("/bin/sh '{}'".format(exp_tmp)), - call("rm '{}'".format(exp_tmp)), - ] == mock_cmd.call_args_list + assert ret == ret_send + assert send_mock.call_args_list[0][0][0] == tmp_file + target_script = send_mock.call_args_list[0][0][1] + assert re.search(r".[a-z0-9]+", target_script) + mock_exec_cmd.assert_not_called() + + +def test_run_ssh_pre_flight_connect(opts, target, tmp_path, caplog): + """ + test Single.run_ssh_pre_flight when you + can connect to the target + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + ret_exec_cmd = ("", "", 1) + mock_exec_cmd = MagicMock(return_value=ret_exec_cmd) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + ret_send = ( + "", + "\rroot@192.168.1.187's password: \n\rpreflight.sh 0% 0 0.0KB/s --:-- ETA\rpreflight.sh 100% 20 2.7KB/s 00:00 \n", + 0, + ) + send_mock = MagicMock(return_value=ret_send) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) + + with caplog.at_level(logging.TRACE): + with patch_send, patch_exec_cmd, patch_tmp: + ret = single.run_ssh_pre_flight() + + assert f"Executing the pre flight script {pre_flight.name} on target" in caplog.text + assert ret == ret_exec_cmd + assert send_mock.call_args_list[0][0][0] == tmp_file + target_script = send_mock.call_args_list[0][0][1] + assert re.search(r".[a-z0-9]+", target_script) + mock_exec_cmd.assert_called() + + +def test_run_ssh_pre_flight_shutil_fails(opts, target, tmp_path): + """ + test Single.run_ssh_pre_flight when cannot + copyfile with shutil + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + ret_exec_cmd = ("", "", 1) + mock_exec_cmd = MagicMock(return_value=ret_exec_cmd) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + send_mock = MagicMock() + mock_shutil = MagicMock(side_effect=IOError("Permission Denied")) + patch_shutil = patch("shutil.copyfile", mock_shutil) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) + + with patch_send, patch_exec_cmd, patch_tmp, patch_shutil: + ret = single.run_ssh_pre_flight() + + assert ret == ( + "", + f"Could not copy pre flight script {pre_flight} to temporary path", + 1, + ) + mock_exec_cmd.assert_not_called() + send_mock.assert_not_called() @pytest.mark.skip_on_windows(reason="SSH_PY_SHIM not set on windows") @@ -355,7 +573,7 @@ def test_cmd_run_set_path(opts, target): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) ret = single._cmd_str() @@ -376,7 +594,7 @@ def test_cmd_run_not_set_path(opts, target): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) ret = single._cmd_str() @@ -395,7 +613,7 @@ def test_cmd_block_python_version_error(opts, target): thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, winrm=False, - **target + **target, ) mock_shim = MagicMock( return_value=(("", "ERROR: Unable to locate appropriate python command\n", 10)) @@ -434,7 +652,9 @@ def test_run_with_pre_flight_args(opts, target, test_opts, tmp_path): and script successfully runs """ opts["ssh_run_pre_flight"] = True - target["ssh_pre_flight"] = str(tmp_path / "script.sh") + pre_flight_script = tmp_path / "script.sh" + pre_flight_script.write_text("") + target["ssh_pre_flight"] = str(pre_flight_script) if test_opts[0] is not None: target["ssh_pre_flight_args"] = test_opts[0] @@ -448,7 +668,7 @@ def test_run_with_pre_flight_args(opts, target, test_opts, tmp_path): fsclient=None, thin=salt.utils.thin.thin_path(opts["cachedir"]), mine=False, - **target + **target, ) cmd_ret = ("Success", "", 0) @@ -456,14 +676,15 @@ def test_run_with_pre_flight_args(opts, target, test_opts, tmp_path): mock_exec_cmd = MagicMock(return_value=("", "", 0)) patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) - patch_shell_send = patch("salt.client.ssh.shell.Shell.send", return_value=None) + patch_shell_send = patch( + "salt.client.ssh.shell.Shell.send", return_value=("", "", 0) + ) patch_os = patch("os.path.exists", side_effect=[True]) with patch_os, patch_cmd, patch_exec_cmd, patch_shell_send: - ret = single.run() - assert mock_exec_cmd.mock_calls[0].args[ - 0 - ] == "/bin/sh '/tmp/script.sh'{}".format(expected_args) + single.run() + script_args = mock_exec_cmd.mock_calls[0].args[0] + assert re.search(r"\/bin\/sh '.[a-z0-9]+", script_args) @pytest.mark.slow_test diff --git a/tests/pytests/unit/client/ssh/test_ssh.py b/tests/pytests/unit/client/ssh/test_ssh.py index 2be96ab195e7..329448919285 100644 --- a/tests/pytests/unit/client/ssh/test_ssh.py +++ b/tests/pytests/unit/client/ssh/test_ssh.py @@ -339,3 +339,113 @@ def test_extra_filerefs(tmp_path, opts): with patch("salt.roster.get_roster_file", MagicMock(return_value=roster)): ssh_obj = client._prep_ssh(**ssh_opts) assert ssh_obj.opts.get("extra_filerefs", None) == "salt://foobar" + + +def test_key_deploy_permission_denied_scp(tmp_path, opts): + """ + test "key_deploy" function when + permission denied authentication error + when attempting to use scp to copy file + to target + """ + host = "localhost" + passwd = "password" + usr = "ssh-usr" + opts["ssh_user"] = usr + opts["tgt"] = host + + ssh_ret = { + host: { + "stdout": "\rroot@192.168.1.187's password: \n\rroot@192.168.1.187's password: \n\rroot@192.168.1.187's password: \n", + "stderr": "Permission denied, please try again.\nPermission denied, please try again.\nroot@192.168.1.187: Permission denied (publickey,gssapi-keyex,gssapi-with-micimport pudb; pu.dbassword).\nscp: Connection closed\n", + "retcode": 255, + } + } + key_run_ret = { + "localhost": { + "jid": "20230922155652279959", + "return": "test", + "retcode": 0, + "id": "test", + "fun": "cmd.run", + "fun_args": ["echo test"], + } + } + patch_roster_file = patch("salt.roster.get_roster_file", MagicMock(return_value="")) + with patch_roster_file: + client = ssh.SSH(opts) + patch_input = patch("builtins.input", side_effect=["y"]) + patch_getpass = patch("getpass.getpass", return_value=["password"]) + mock_key_run = MagicMock(return_value=key_run_ret) + patch_key_run = patch("salt.client.ssh.SSH._key_deploy_run", mock_key_run) + with patch_input, patch_getpass, patch_key_run: + ret = client.key_deploy(host, ssh_ret) + assert mock_key_run.call_args_list[0][0] == ( + host, + {"passwd": [passwd], "host": host, "user": usr}, + True, + ) + assert ret == key_run_ret + assert mock_key_run.call_count == 1 + + +def test_key_deploy_permission_denied_file_scp(tmp_path, opts): + """ + test "key_deploy" function when permission denied + due to not having access to copy the file to the target + We do not want to deploy the key, because this is not + an authentication to the target error. + """ + host = "localhost" + passwd = "password" + usr = "ssh-usr" + opts["ssh_user"] = usr + opts["tgt"] = host + + mock_key_run = MagicMock(return_value=False) + patch_key_run = patch("salt.client.ssh.SSH._key_deploy_run", mock_key_run) + + ssh_ret = { + "localhost": { + "stdout": "", + "stderr": 'scp: dest open "/tmp/preflight.sh": Permission denied\nscp: failed to upload file /etc/salt/preflight.sh to /tmp/preflight.sh\n', + "retcode": 1, + } + } + patch_roster_file = patch("salt.roster.get_roster_file", MagicMock(return_value="")) + with patch_roster_file: + client = ssh.SSH(opts) + ret = client.key_deploy(host, ssh_ret) + assert ret == ssh_ret + assert mock_key_run.call_count == 0 + + +def test_key_deploy_no_permission_denied(tmp_path, opts): + """ + test "key_deploy" function when no permission denied + is returned + """ + host = "localhost" + passwd = "password" + usr = "ssh-usr" + opts["ssh_user"] = usr + opts["tgt"] = host + + mock_key_run = MagicMock(return_value=False) + patch_key_run = patch("salt.client.ssh.SSH._key_deploy_run", mock_key_run) + ssh_ret = { + "localhost": { + "jid": "20230922161937998385", + "return": "test", + "retcode": 0, + "id": "test", + "fun": "cmd.run", + "fun_args": ["echo test"], + } + } + patch_roster_file = patch("salt.roster.get_roster_file", MagicMock(return_value="")) + with patch_roster_file: + client = ssh.SSH(opts) + ret = client.key_deploy(host, ssh_ret) + assert ret == ssh_ret + assert mock_key_run.call_count == 0 From a543a6b4346181af5bcaf3a9954811146e1da4fe Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Thu, 28 Sep 2023 11:19:03 -0600 Subject: [PATCH 12/54] Do not run ssh integration tests on windows --- tests/pytests/integration/ssh/test_pre_flight.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/pytests/integration/ssh/test_pre_flight.py b/tests/pytests/integration/ssh/test_pre_flight.py index 78b2b751f2bc..09c65d294309 100644 --- a/tests/pytests/integration/ssh/test_pre_flight.py +++ b/tests/pytests/integration/ssh/test_pre_flight.py @@ -2,10 +2,14 @@ Test for ssh_pre_flight roster option """ -import grp +try: + import grp + import pwd +except ImportError: + # windows stacktraces on import of these modules + pass import os import pathlib -import pwd import shutil import subprocess @@ -15,6 +19,8 @@ import salt.utils.files +pytestmark = pytest.mark.skip_on_windows(reason="Salt-ssh not available on Windows") + def _custom_roster(roster_file, roster_data): with salt.utils.files.fopen(roster_file, "r") as fp: From 5a323034b4a071c59f30e6275b63e3415ca07a47 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Fri, 22 Sep 2023 15:42:40 +0100 Subject: [PATCH 13/54] Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 Signed-off-by: Pedro Algarvio --- changelog/65268.security.md | 1 + requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.10/freebsd.txt | 2 +- requirements/static/pkg/py3.10/linux.txt | 2 +- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.7/freebsd.txt | 2 +- requirements/static/pkg/py3.7/linux.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/freebsd.txt | 2 +- requirements/static/pkg/py3.8/linux.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/freebsd.txt | 2 +- requirements/static/pkg/py3.9/linux.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- 37 files changed, 37 insertions(+), 36 deletions(-) create mode 100644 changelog/65268.security.md diff --git a/changelog/65268.security.md b/changelog/65268.security.md new file mode 100644 index 000000000000..15588570ad69 --- /dev/null +++ b/changelog/65268.security.md @@ -0,0 +1 @@ +Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index c4ef226b88d3..fb54800b0236 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -385,7 +385,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 8e307ed41b5a..1c7c26e85eec 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -386,7 +386,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/darwin.txt # adal diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 0e2fca9170d1..1ae7aa780031 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -384,7 +384,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/freebsd.in # adal diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index 22f036172934..831eaa137fcd 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -390,7 +390,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index 68522447eda5..80c6f0754c10 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -398,7 +398,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index dae8490c40a0..4700c5c974a3 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -72,7 +72,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 558726fa8fde..a3b845127fa4 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -392,7 +392,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 2ef2126e98e7..4bae82d0ebea 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -391,7 +391,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/freebsd.in # adal diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index 1d58a70696a3..cedc9793c2a9 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -399,7 +399,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index c3efe9ed85c7..f74073bc33fe 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -405,7 +405,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 781443c7bb70..583c366631af 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -78,7 +78,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index f787652bf5c8..39423db6f6fe 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -390,7 +390,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 562047b31c4c..45df7de70369 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -389,7 +389,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/freebsd.in # adal diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index 2df5c5dc9b91..5d4d151196e2 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -397,7 +397,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 9018d632f8b7..24af3d4093b1 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -403,7 +403,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 77434b13eb7e..0cea1d0b0c37 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -74,7 +74,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 46176c6fec16..535bc8da84dd 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -390,7 +390,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 03a1bb7f2bff..3215cec66b3b 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -391,7 +391,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/darwin.txt # adal diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 6a28aa2c7682..8b3d1a2181f1 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -389,7 +389,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/freebsd.in # adal diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 995bf0459fdd..d8921f45e366 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -395,7 +395,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==1.0.15 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 9cf46345f8f4..fa10facc612d 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -405,7 +405,7 @@ contextvars==2.4 # via -r requirements/base.txt croniter==0.3.29 ; sys_platform != "win32" # via -r requirements/static/ci/common.in -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # adal diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 8ad28c6a663e..04af86b03f2c 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -74,7 +74,7 @@ colorama==0.4.1 # via pytest contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/windows.txt # etcd3-py diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index 29ffba3c6543..b9aaea3f42e4 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -18,7 +18,7 @@ cherrypy==18.6.1 # via -r requirements/darwin.txt contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/darwin.txt # pyopenssl diff --git a/requirements/static/pkg/py3.10/freebsd.txt b/requirements/static/pkg/py3.10/freebsd.txt index 5823a037e232..c874a498b9f1 100644 --- a/requirements/static/pkg/py3.10/freebsd.txt +++ b/requirements/static/pkg/py3.10/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/freebsd.in # pyopenssl diff --git a/requirements/static/pkg/py3.10/linux.txt b/requirements/static/pkg/py3.10/linux.txt index c39dcc61e0ec..576625229ed2 100644 --- a/requirements/static/pkg/py3.10/linux.txt +++ b/requirements/static/pkg/py3.10/linux.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # pyopenssl diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index cb8689efc64d..76e17f944560 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -23,7 +23,7 @@ clr-loader==0.2.4 # via pythonnet contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/windows.txt # pyopenssl diff --git a/requirements/static/pkg/py3.7/freebsd.txt b/requirements/static/pkg/py3.7/freebsd.txt index 63050b277cc0..392d78aab835 100644 --- a/requirements/static/pkg/py3.7/freebsd.txt +++ b/requirements/static/pkg/py3.7/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/freebsd.in # pyopenssl diff --git a/requirements/static/pkg/py3.7/linux.txt b/requirements/static/pkg/py3.7/linux.txt index 218de2ed9656..476f570aea0b 100644 --- a/requirements/static/pkg/py3.7/linux.txt +++ b/requirements/static/pkg/py3.7/linux.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # pyopenssl diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index ebe7e57c8aab..ab4e9493f449 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -23,7 +23,7 @@ clr-loader==0.2.4 # via pythonnet contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/windows.txt # pyopenssl diff --git a/requirements/static/pkg/py3.8/freebsd.txt b/requirements/static/pkg/py3.8/freebsd.txt index 45aba1e9a879..725e7580c700 100644 --- a/requirements/static/pkg/py3.8/freebsd.txt +++ b/requirements/static/pkg/py3.8/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/freebsd.in # pyopenssl diff --git a/requirements/static/pkg/py3.8/linux.txt b/requirements/static/pkg/py3.8/linux.txt index 2c89423d7d5b..e2bcef47b55c 100644 --- a/requirements/static/pkg/py3.8/linux.txt +++ b/requirements/static/pkg/py3.8/linux.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # pyopenssl diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index 22bfc68ae51a..a23b283ba9fa 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -23,7 +23,7 @@ clr-loader==0.2.4 # via pythonnet contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/windows.txt # pyopenssl diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index e81cc47fdc34..4239f389687a 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -18,7 +18,7 @@ cherrypy==18.6.1 # via -r requirements/darwin.txt contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/darwin.txt # pyopenssl diff --git a/requirements/static/pkg/py3.9/freebsd.txt b/requirements/static/pkg/py3.9/freebsd.txt index 6c52150bc8ff..6f53c93dc14d 100644 --- a/requirements/static/pkg/py3.9/freebsd.txt +++ b/requirements/static/pkg/py3.9/freebsd.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/freebsd.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/freebsd.in # pyopenssl diff --git a/requirements/static/pkg/py3.9/linux.txt b/requirements/static/pkg/py3.9/linux.txt index ec77b1bd49e3..314e4b7c6cd3 100644 --- a/requirements/static/pkg/py3.9/linux.txt +++ b/requirements/static/pkg/py3.9/linux.txt @@ -16,7 +16,7 @@ cherrypy==18.6.1 # via -r requirements/static/pkg/linux.in contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/static/pkg/linux.in # pyopenssl diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index 60a28ce2e2a3..6953886102a8 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -23,7 +23,7 @@ clr-loader==0.2.4 # via pythonnet contextvars==2.4 # via -r requirements/base.txt -cryptography==41.0.3 +cryptography==41.0.4 # via # -r requirements/windows.txt # pyopenssl From 9cf8048421ef253fb0fab5246089ad401567b2cc Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Mon, 11 Sep 2023 09:40:35 +0100 Subject: [PATCH 14/54] The 3006.x branch is Python >= 3.7 already. Remove unnecessary `python_version` markers. Signed-off-by: Pedro Algarvio --- requirements/darwin.txt | 3 +-- requirements/pytest.txt | 3 +-- requirements/static/ci/common.in | 12 +++++------- requirements/static/ci/darwin.in | 2 +- requirements/static/ci/freebsd.in | 2 +- requirements/static/ci/linux.in | 6 ++---- requirements/static/ci/pkgtests-windows.in | 3 +-- requirements/static/ci/py3.10/cloud.txt | 10 +++++----- requirements/static/ci/py3.10/darwin.txt | 12 ++++++------ requirements/static/ci/py3.10/freebsd.txt | 12 ++++++------ requirements/static/ci/py3.10/lint.txt | 12 ++++++------ requirements/static/ci/py3.10/linux.txt | 14 +++++++------- .../static/ci/py3.10/pkgtests-windows.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 12 ++++++------ requirements/static/ci/py3.7/cloud.txt | 12 ++++++------ requirements/static/ci/py3.7/freebsd.txt | 14 +++++++------- requirements/static/ci/py3.7/lint.txt | 14 +++++++------- requirements/static/ci/py3.7/linux.txt | 16 ++++++++-------- requirements/static/ci/py3.7/windows.txt | 12 ++++++------ requirements/static/ci/py3.8/cloud.txt | 12 ++++++------ requirements/static/ci/py3.8/freebsd.txt | 14 +++++++------- requirements/static/ci/py3.8/lint.txt | 14 +++++++------- requirements/static/ci/py3.8/linux.txt | 16 ++++++++-------- requirements/static/ci/py3.8/windows.txt | 12 ++++++------ requirements/static/ci/py3.9/cloud.txt | 12 ++++++------ requirements/static/ci/py3.9/darwin.txt | 14 +++++++------- requirements/static/ci/py3.9/freebsd.txt | 14 +++++++------- requirements/static/ci/py3.9/lint.txt | 14 +++++++------- requirements/static/ci/py3.9/linux.txt | 16 ++++++++-------- requirements/static/ci/py3.9/windows.txt | 12 ++++++------ requirements/static/ci/windows.in | 2 +- requirements/static/pkg/freebsd.in | 1 - requirements/static/pkg/linux.in | 1 - requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- requirements/windows.txt | 3 +-- 40 files changed, 166 insertions(+), 176 deletions(-) diff --git a/requirements/darwin.txt b/requirements/darwin.txt index 2b0106ba9d13..59aa84bc06e4 100644 --- a/requirements/darwin.txt +++ b/requirements/darwin.txt @@ -3,10 +3,9 @@ -r zeromq.txt apache-libcloud>=2.4.0 -backports.ssl_match_hostname>=3.7.0.1; python_version < '3.7' cherrypy>=17.4.1 cryptography>=41.0.3 -gitpython>=3.1.30; python_version >= '3.7' +gitpython>=3.1.30 idna>=2.8 linode-python>=1.1.1 pyasn1>=0.4.8 diff --git a/requirements/pytest.txt b/requirements/pytest.txt index 5b67583a3d70..5940ca1f2c7d 100644 --- a/requirements/pytest.txt +++ b/requirements/pytest.txt @@ -1,7 +1,6 @@ mock >= 3.0.0 # PyTest -pytest >= 7.0.1; python_version <= "3.6" -pytest >= 7.2.0; python_version > "3.6" +pytest >= 7.2.0 pytest-salt-factories >= 1.0.0rc21; sys_platform == 'win32' pytest-salt-factories[docker] >= 1.0.0rc21; sys_platform != 'win32' pytest-tempdir >= 2019.10.12 diff --git a/requirements/static/ci/common.in b/requirements/static/ci/common.in index 4e55fb95f105..ac54d8ee9e75 100644 --- a/requirements/static/ci/common.in +++ b/requirements/static/ci/common.in @@ -3,8 +3,7 @@ # to a particular platform, please add it to the corresponding `.in` file in this directory. azure==4.0.0; sys_platform != 'win32' apache-libcloud>=1.5.0; sys_platform != 'win32' -boto3>=1.16.0,<1.17.0; python_version < '3.6' -boto3>=1.17.67; python_version >= '3.6' +boto3>=1.17.67 boto>=2.46.0 cassandra-driver>=2.0 certifi>=2022.12.07 @@ -14,8 +13,8 @@ clustershell croniter>=0.3.0,!=0.3.22"; sys_platform != 'win32' dnspython docker -etcd3-py==0.1.6 ; python_version >= '3.6' -gitpython>=3.1.30; python_version >= '3.7' +etcd3-py==0.1.6 +gitpython>=3.1.30 jmespath jsonschema junos-eznc; sys_platform != 'win32' and python_version <= '3.10' @@ -24,10 +23,9 @@ kazoo; sys_platform != 'win32' and sys_platform != 'darwin' keyring==5.7.1 kubernetes<4.0 libnacl>=1.7.1; sys_platform != 'win32' and sys_platform != 'darwin' -moto>=1.3.14 ; python_version <= '3.5' -moto>=2.0.0 ; python_version >= '3.6' +moto>=2.0.0 # Napalm pulls in pyeapi which does not work on Py3.10 -napalm; sys_platform != 'win32' and python_version > '3.6' and python_version < '3.10' +napalm; sys_platform != 'win32' and python_version < '3.10' paramiko>=2.10.1; sys_platform != 'win32' and sys_platform != 'darwin' passlib[bcrypt]>=1.7.4 pynacl>=1.5.0 diff --git a/requirements/static/ci/darwin.in b/requirements/static/ci/darwin.in index d7b8f010e0ff..9ab7e15587ac 100644 --- a/requirements/static/ci/darwin.in +++ b/requirements/static/ci/darwin.in @@ -3,7 +3,7 @@ # pylxd(or likely ws4py) will cause the test suite to hang at the finish line under runtests.py # pylxd>=2.2.5 yamlordereddictloader -pygit2>=1.2.0; python_version >= '3.7' +pygit2>=1.2.0 yamllint mercurial hglib diff --git a/requirements/static/ci/freebsd.in b/requirements/static/ci/freebsd.in index 20f88c8724a7..00f34fddee4b 100644 --- a/requirements/static/ci/freebsd.in +++ b/requirements/static/ci/freebsd.in @@ -1,5 +1,5 @@ # FreeBSD static CI requirements -pygit2==1.8.0; python_version >= '3.7' +pygit2==1.8.0 yamllint mercurial hglib diff --git a/requirements/static/ci/linux.in b/requirements/static/ci/linux.in index c05c78de1e5b..a76d02ccc5cc 100644 --- a/requirements/static/ci/linux.in +++ b/requirements/static/ci/linux.in @@ -3,13 +3,11 @@ pyiface pygit2<1.1.0; python_version <= '3.8' pygit2>=1.4.0; python_version > '3.8' pygit2==1.9.1; python_version >= '3.10' -pymysql==0.9.3; python_version <= '3.5' -pymysql>=1.0.2; python_version > '3.5' +pymysql>=1.0.2 ansible>=4.4.0; python_version < '3.9' ansible>=7.0.0; python_version >= '3.9' twilio -python-telegram-bot==12.8; python_version <= '3.5' -python-telegram-bot>=13.7; python_version > '3.5' +python-telegram-bot>=13.7 yamllint mercurial hglib diff --git a/requirements/static/ci/pkgtests-windows.in b/requirements/static/ci/pkgtests-windows.in index f34edda6f043..53cdcf3e5fc2 100644 --- a/requirements/static/ci/pkgtests-windows.in +++ b/requirements/static/ci/pkgtests-windows.in @@ -1,5 +1,4 @@ cherrypy pytest-salt-factories==1.0.0rc17 -pythonnet==3.0.1; python_version >= '3.7' -pythonnet==2.5.2; python_version < '3.7' +pythonnet==3.0.1 wmi==1.5.1; sys_platform == 'win32' diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index fb54800b0236..9f233fa5bc83 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -335,7 +335,7 @@ bcrypt==3.2.0 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -414,7 +414,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -432,7 +432,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes @@ -510,7 +510,7 @@ more-itertools==8.8.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -718,7 +718,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==2.0.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 1c7c26e85eec..2ab6f4f882d8 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -335,7 +335,7 @@ bcrypt==3.1.6 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -412,7 +412,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -430,7 +430,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via # -r requirements/darwin.txt # -r requirements/static/ci/common.in @@ -513,7 +513,7 @@ more-itertools==8.2.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -665,7 +665,7 @@ pycparser==2.21 ; python_version >= "3.9" # cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pygit2==1.9.1 ; python_version >= "3.7" +pygit2==1.9.1 # via -r requirements/static/ci/darwin.in pyjwt==2.4.0 # via adal @@ -713,7 +713,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 1ae7aa780031..671d456d14df 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -333,7 +333,7 @@ bcrypt==3.1.6 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -411,7 +411,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -429,7 +429,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes @@ -511,7 +511,7 @@ more-itertools==5.0.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -663,7 +663,7 @@ pycparser==2.21 ; python_version >= "3.9" # cffi pycryptodomex==3.9.8 # via -r requirements/crypto.txt -pygit2==1.8.0 ; python_version >= "3.7" +pygit2==1.8.0 # via -r requirements/static/ci/freebsd.in pyinotify==0.9.6 ; sys_platform != "win32" and sys_platform != "darwin" and platform_system != "openbsd" # via -r requirements/static/ci/common.in @@ -713,7 +713,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index 831eaa137fcd..ba82e751e1c1 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -336,7 +336,7 @@ bcrypt==3.2.0 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -413,7 +413,7 @@ dnspython==2.1.0 # python-etcd docker==6.1.3 # via -r requirements/static/ci/common.in -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in filelock==3.0.12 # via virtualenv @@ -427,7 +427,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes @@ -514,7 +514,7 @@ more-itertools==8.8.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via -r requirements/base.txt @@ -672,7 +672,7 @@ pylint==2.4.4 # via # -r requirements/static/ci/lint.in # saltpylint -pymysql==1.0.2 ; python_version > "3.5" +pymysql==1.0.2 # via -r requirements/static/ci/linux.in pynacl==1.5.0 # via @@ -707,7 +707,7 @@ python-etcd==0.4.5 # via -r requirements/static/ci/common.in python-gnupg==0.4.8 # via -r requirements/static/pkg/linux.in -python-telegram-bot==13.7 ; python_version > "3.5" +python-telegram-bot==13.7 # via -r requirements/static/ci/linux.in pytz==2022.1 # via diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index 80c6f0754c10..e7fe004ada33 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -344,7 +344,7 @@ bcrypt==3.1.6 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -425,7 +425,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -443,7 +443,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes @@ -526,7 +526,7 @@ more-itertools==5.0.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -686,7 +686,7 @@ pyjwt==2.4.0 # via # adal # twilio -pymysql==1.0.2 ; python_version > "3.5" +pymysql==1.0.2 # via -r requirements/static/ci/linux.in pynacl==1.5.0 # via @@ -730,7 +730,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code @@ -759,7 +759,7 @@ python-etcd==0.4.5 # via -r requirements/static/ci/common.in python-gnupg==0.4.8 # via -r requirements/static/pkg/linux.in -python-telegram-bot==13.7 ; python_version > "3.5" +python-telegram-bot==13.7 # via -r requirements/static/ci/linux.in pytz==2022.1 # via diff --git a/requirements/static/ci/py3.10/pkgtests-windows.txt b/requirements/static/ci/py3.10/pkgtests-windows.txt index de7ee93e182d..88e31addbb22 100644 --- a/requirements/static/ci/py3.10/pkgtests-windows.txt +++ b/requirements/static/ci/py3.10/pkgtests-windows.txt @@ -128,7 +128,7 @@ pytest==7.2.1 # pytest-skip-markers # pytest-system-statistics # pytest-tempdir -pythonnet==3.0.1 ; python_version >= "3.7" +pythonnet==3.0.1 # via -r requirements/static/ci/pkgtests-windows.in pytz==2022.7.1 # via tempora diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index 4700c5c974a3..07d600c7f218 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -21,7 +21,7 @@ attrs==20.3.0 # pytest-system-statistics bcrypt==4.0.1 # via passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -93,7 +93,7 @@ dnspython==1.16.0 # python-etcd docker==6.1.3 # via -r requirements/static/ci/common.in -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -111,7 +111,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt @@ -180,7 +180,7 @@ more-itertools==8.2.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -231,7 +231,7 @@ pycparser==2.21 ; python_version >= "3.9" # cffi pycryptodomex==3.10.1 # via -r requirements/crypto.txt -pygit2==1.9.1 ; python_version >= "3.7" +pygit2==1.9.1 # via -r requirements/static/ci/windows.in pymssql==2.2.7 # via -r requirements/windows.txt @@ -275,7 +275,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==2.1.0 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index a3b845127fa4..0f14a5ab23b5 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -337,7 +337,7 @@ bcrypt==3.2.0 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -422,7 +422,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -444,7 +444,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes @@ -537,7 +537,7 @@ more-itertools==8.8.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -639,7 +639,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.3.1 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.3.1 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.12 # via @@ -762,7 +762,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==2.0.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 4bae82d0ebea..3111162b3179 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -335,7 +335,7 @@ bcrypt==3.1.6 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -419,7 +419,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -441,7 +441,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes @@ -535,7 +535,7 @@ more-itertools==5.0.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -637,7 +637,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.1.0 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.1.0 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.4 # via junos-eznc @@ -699,7 +699,7 @@ pycryptodomex==3.9.8 # via -r requirements/crypto.txt pyeapi==0.8.3 # via napalm -pygit2==1.8.0 ; python_version >= "3.7" +pygit2==1.8.0 # via -r requirements/static/ci/freebsd.in pyinotify==0.9.6 ; sys_platform != "win32" and sys_platform != "darwin" and platform_system != "openbsd" # via -r requirements/static/ci/common.in @@ -751,7 +751,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index cedc9793c2a9..a6771ea92c94 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -340,7 +340,7 @@ bcrypt==3.2.0 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -423,7 +423,7 @@ dnspython==2.1.0 # python-etcd docker==6.1.3 # via -r requirements/static/ci/common.in -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in filelock==3.0.12 # via virtualenv @@ -441,7 +441,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes @@ -541,7 +541,7 @@ more-itertools==8.8.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via -r requirements/base.txt @@ -641,7 +641,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.3.1 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.3.1 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.12 # via @@ -715,7 +715,7 @@ pylint==2.4.4 # via # -r requirements/static/ci/lint.in # saltpylint -pymysql==1.0.2 ; python_version > "3.5" +pymysql==1.0.2 # via -r requirements/static/ci/linux.in pynacl==1.5.0 # via @@ -752,7 +752,7 @@ python-etcd==0.4.5 # via -r requirements/static/ci/common.in python-gnupg==0.4.8 # via -r requirements/static/pkg/linux.in -python-telegram-bot==13.7 ; python_version > "3.5" +python-telegram-bot==13.7 # via -r requirements/static/ci/linux.in pytz==2022.1 # via diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index f74073bc33fe..1d41351fca09 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -346,7 +346,7 @@ bcrypt==3.1.6 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -433,7 +433,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -455,7 +455,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes @@ -550,7 +550,7 @@ more-itertools==5.0.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -649,7 +649,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.1.0 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.1.0 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.4 # via junos-eznc @@ -722,7 +722,7 @@ pyjwt==2.4.0 # via # adal # twilio -pymysql==1.0.2 ; python_version > "3.5" +pymysql==1.0.2 # via -r requirements/static/ci/linux.in pynacl==1.5.0 # via @@ -770,7 +770,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code @@ -799,7 +799,7 @@ python-etcd==0.4.5 # via -r requirements/static/ci/common.in python-gnupg==0.4.8 # via -r requirements/static/pkg/linux.in -python-telegram-bot==13.7 ; python_version > "3.5" +python-telegram-bot==13.7 # via -r requirements/static/ci/linux.in pytz==2022.1 # via diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 583c366631af..c66cd5853d9e 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -25,7 +25,7 @@ backports.entry-points-selectable==1.1.0 # via virtualenv bcrypt==4.0.1 # via passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -99,7 +99,7 @@ dnspython==1.16.0 # python-etcd docker==6.1.3 # via -r requirements/static/ci/common.in -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -117,7 +117,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt @@ -194,7 +194,7 @@ more-itertools==8.2.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -244,7 +244,7 @@ pycparser==2.21 # cffi pycryptodomex==3.10.1 # via -r requirements/crypto.txt -pygit2==1.9.1 ; python_version >= "3.7" +pygit2==1.9.1 # via -r requirements/static/ci/windows.in pymssql==2.2.1 # via -r requirements/windows.txt @@ -288,7 +288,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 39423db6f6fe..34e3b8061cc1 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -335,7 +335,7 @@ bcrypt==3.2.0 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -420,7 +420,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -442,7 +442,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes @@ -526,7 +526,7 @@ more-itertools==8.8.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -628,7 +628,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.3.1 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.3.1 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.12 # via @@ -751,7 +751,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==2.0.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 45df7de70369..8913b1fa92f6 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -333,7 +333,7 @@ bcrypt==3.1.6 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -417,7 +417,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes @@ -525,7 +525,7 @@ more-itertools==5.0.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -627,7 +627,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.1.0 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.1.0 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.4 # via junos-eznc @@ -689,7 +689,7 @@ pycryptodomex==3.9.8 # via -r requirements/crypto.txt pyeapi==0.8.3 # via napalm -pygit2==1.8.0 ; python_version >= "3.7" +pygit2==1.8.0 # via -r requirements/static/ci/freebsd.in pyinotify==0.9.6 ; sys_platform != "win32" and sys_platform != "darwin" and platform_system != "openbsd" # via -r requirements/static/ci/common.in @@ -741,7 +741,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index 5d4d151196e2..efb6aa4a6dbb 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -338,7 +338,7 @@ bcrypt==3.2.0 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -421,7 +421,7 @@ dnspython==2.1.0 # python-etcd docker==6.1.3 # via -r requirements/static/ci/common.in -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in filelock==3.0.12 # via virtualenv @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes @@ -532,7 +532,7 @@ more-itertools==8.8.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via -r requirements/base.txt @@ -632,7 +632,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.3.1 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.3.1 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.12 # via @@ -706,7 +706,7 @@ pylint==2.4.4 # via # -r requirements/static/ci/lint.in # saltpylint -pymysql==1.0.2 ; python_version > "3.5" +pymysql==1.0.2 # via -r requirements/static/ci/linux.in pynacl==1.5.0 # via @@ -743,7 +743,7 @@ python-etcd==0.4.5 # via -r requirements/static/ci/common.in python-gnupg==0.4.8 # via -r requirements/static/pkg/linux.in -python-telegram-bot==13.7 ; python_version > "3.5" +python-telegram-bot==13.7 # via -r requirements/static/ci/linux.in pytz==2022.1 # via diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 24af3d4093b1..3c816f8c0b0d 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -344,7 +344,7 @@ bcrypt==3.1.6 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -431,7 +431,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -453,7 +453,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes @@ -540,7 +540,7 @@ more-itertools==5.0.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -639,7 +639,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.1.0 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.1.0 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.4 # via junos-eznc @@ -712,7 +712,7 @@ pyjwt==2.4.0 # via # adal # twilio -pymysql==1.0.2 ; python_version > "3.5" +pymysql==1.0.2 # via -r requirements/static/ci/linux.in pynacl==1.5.0 # via @@ -758,7 +758,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code @@ -787,7 +787,7 @@ python-etcd==0.4.5 # via -r requirements/static/ci/common.in python-gnupg==0.4.8 # via -r requirements/static/pkg/linux.in -python-telegram-bot==13.7 ; python_version > "3.5" +python-telegram-bot==13.7 # via -r requirements/static/ci/linux.in pytz==2022.1 # via diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 0cea1d0b0c37..7d0f0a9c0366 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -23,7 +23,7 @@ backports.entry-points-selectable==1.1.0 # via virtualenv bcrypt==4.0.1 # via passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -95,7 +95,7 @@ dnspython==1.16.0 # python-etcd docker==6.1.3 # via -r requirements/static/ci/common.in -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -113,7 +113,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt @@ -182,7 +182,7 @@ more-itertools==8.2.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -232,7 +232,7 @@ pycparser==2.21 # cffi pycryptodomex==3.10.1 # via -r requirements/crypto.txt -pygit2==1.9.1 ; python_version >= "3.7" +pygit2==1.9.1 # via -r requirements/static/ci/windows.in pymssql==2.2.1 # via -r requirements/windows.txt @@ -276,7 +276,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 535bc8da84dd..8e6357263337 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -335,7 +335,7 @@ bcrypt==3.2.0 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -420,7 +420,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -442,7 +442,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes @@ -526,7 +526,7 @@ more-itertools==8.8.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -628,7 +628,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.3.1 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.3.1 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.12 # via @@ -754,7 +754,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==2.0.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 3215cec66b3b..e65cd22d72dd 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -335,7 +335,7 @@ bcrypt==3.1.6 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -418,7 +418,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -440,7 +440,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via # -r requirements/darwin.txt # -r requirements/static/ci/common.in @@ -527,7 +527,7 @@ more-itertools==8.2.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -629,7 +629,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.1.0 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.1.0 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.4 # via junos-eznc @@ -694,7 +694,7 @@ pycryptodomex==3.9.8 # via -r requirements/crypto.txt pyeapi==0.8.3 # via napalm -pygit2==1.9.1 ; python_version >= "3.7" +pygit2==1.9.1 # via -r requirements/static/ci/darwin.in pyjwt==2.4.0 # via adal @@ -744,7 +744,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 8b3d1a2181f1..4bf3108b4629 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -333,7 +333,7 @@ bcrypt==3.1.6 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -417,7 +417,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes @@ -525,7 +525,7 @@ more-itertools==5.0.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -627,7 +627,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.1.0 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.1.0 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.4 # via junos-eznc @@ -692,7 +692,7 @@ pycryptodomex==3.9.8 # via -r requirements/crypto.txt pyeapi==0.8.3 # via napalm -pygit2==1.8.0 ; python_version >= "3.7" +pygit2==1.8.0 # via -r requirements/static/ci/freebsd.in pyinotify==0.9.6 ; sys_platform != "win32" and sys_platform != "darwin" and platform_system != "openbsd" # via -r requirements/static/ci/common.in @@ -744,7 +744,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index d8921f45e366..4c917f41f3e6 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -336,7 +336,7 @@ bcrypt==3.2.0 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -419,7 +419,7 @@ dnspython==2.1.0 # python-etcd docker==6.1.3 # via -r requirements/static/ci/common.in -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in filelock==3.0.12 # via virtualenv @@ -437,7 +437,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes @@ -530,7 +530,7 @@ more-itertools==8.8.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via -r requirements/base.txt @@ -630,7 +630,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.3.1 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.3.1 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.12 # via @@ -707,7 +707,7 @@ pylint==2.4.4 # via # -r requirements/static/ci/lint.in # saltpylint -pymysql==1.0.2 ; python_version > "3.5" +pymysql==1.0.2 # via -r requirements/static/ci/linux.in pynacl==1.5.0 # via @@ -744,7 +744,7 @@ python-etcd==0.4.5 # via -r requirements/static/ci/common.in python-gnupg==0.4.8 # via -r requirements/static/pkg/linux.in -python-telegram-bot==13.7 ; python_version > "3.5" +python-telegram-bot==13.7 # via -r requirements/static/ci/linux.in pytz==2022.1 # via diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index fa10facc612d..2bf73ffe6e2f 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -344,7 +344,7 @@ bcrypt==3.1.6 # via # paramiko # passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -433,7 +433,7 @@ docker==6.1.3 # via # -r requirements/static/ci/common.in # pytest-salt-factories -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -455,7 +455,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes @@ -542,7 +542,7 @@ more-itertools==5.0.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -641,7 +641,7 @@ multidict==6.0.2 # via # aiohttp # yarl -napalm==3.1.0 ; sys_platform != "win32" and python_version > "3.6" and python_version < "3.10" +napalm==3.1.0 ; sys_platform != "win32" and python_version < "3.10" # via -r requirements/static/ci/common.in ncclient==0.6.4 # via junos-eznc @@ -717,7 +717,7 @@ pyjwt==2.4.0 # via # adal # twilio -pymysql==1.0.2 ; python_version > "3.5" +pymysql==1.0.2 # via -r requirements/static/ci/linux.in pynacl==1.5.0 # via @@ -763,7 +763,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code @@ -792,7 +792,7 @@ python-etcd==0.4.5 # via -r requirements/static/ci/common.in python-gnupg==0.4.8 # via -r requirements/static/pkg/linux.in -python-telegram-bot==13.7 ; python_version > "3.5" +python-telegram-bot==13.7 # via -r requirements/static/ci/linux.in pytz==2022.1 # via diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 04af86b03f2c..0e849fc33383 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -23,7 +23,7 @@ backports.entry-points-selectable==1.1.0 # via virtualenv bcrypt==4.0.1 # via passlib -boto3==1.21.46 ; python_version >= "3.6" +boto3==1.21.46 # via # -r requirements/static/ci/common.in # moto @@ -95,7 +95,7 @@ dnspython==1.16.0 # python-etcd docker==6.1.3 # via -r requirements/static/ci/common.in -etcd3-py==0.1.6 ; python_version >= "3.6" +etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 # via pytest @@ -113,7 +113,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt @@ -182,7 +182,7 @@ more-itertools==8.2.0 # cherrypy # jaraco.classes # jaraco.functools -moto==3.0.1 ; python_version >= "3.6" +moto==3.0.1 # via -r requirements/static/ci/common.in msgpack==1.0.2 # via @@ -233,7 +233,7 @@ pycparser==2.21 ; python_version >= "3.9" # cffi pycryptodomex==3.10.1 # via -r requirements/crypto.txt -pygit2==1.9.1 ; python_version >= "3.7" +pygit2==1.9.1 # via -r requirements/static/ci/windows.in pymssql==2.2.1 # via -r requirements/windows.txt @@ -277,7 +277,7 @@ pytest-tempdir==2019.10.12 # pytest-salt-factories pytest-timeout==1.4.2 # via -r requirements/pytest.txt -pytest==7.2.0 ; python_version > "3.6" +pytest==7.2.0 # via # -r requirements/pytest.txt # pytest-custom-exit-code diff --git a/requirements/static/ci/windows.in b/requirements/static/ci/windows.in index b2b7857de46a..38fc3fd2e088 100644 --- a/requirements/static/ci/windows.in +++ b/requirements/static/ci/windows.in @@ -1,7 +1,7 @@ # This is a compilation of requirements installed on salt-jenkins git.salt state run dmidecode patch -pygit2>=1.2.0; python_version >= '3.7' +pygit2>=1.2.0 sed pywinrm>=0.4.1 yamllint diff --git a/requirements/static/pkg/freebsd.in b/requirements/static/pkg/freebsd.in index 1e176a3bed54..3780d5b0fd89 100644 --- a/requirements/static/pkg/freebsd.in +++ b/requirements/static/pkg/freebsd.in @@ -2,7 +2,6 @@ # Any non hard dependencies of Salt for FreeBSD can go here cherrypy cryptography>=41.0.3 -backports.ssl_match_hostname>=3.7.0.1; python_version < '3.7' pycparser>=2.21; python_version >= '3.9' pyopenssl>=23.2.0 python-dateutil>=2.8.0 diff --git a/requirements/static/pkg/linux.in b/requirements/static/pkg/linux.in index a47fa8245719..937c6d3b2040 100644 --- a/requirements/static/pkg/linux.in +++ b/requirements/static/pkg/linux.in @@ -1,7 +1,6 @@ # This file only exists to trigger the right static compiled requirements destination. # Any non hard dependencies of Salt for linux can go here cherrypy -backports.ssl_match_hostname>=3.7.0.1; python_version < '3.7' pycparser>=2.21; python_version >= '3.9' pyopenssl>=23.2.0 python-dateutil>=2.8.0 diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index b9aaea3f42e4..b509fe18a498 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/darwin.txt idna==2.8 # via diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index 76e17f944560..6d9dbcd8aec2 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index ab4e9493f449..48d3cf3ffd80 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index a23b283ba9fa..6ef55de08d6d 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index 4239f389687a..d14cef347630 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.5 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/darwin.txt idna==2.8 # via diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index 6953886102a8..7f6e1cc32ee1 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.32 ; python_version >= "3.7" +gitpython==3.1.32 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/windows.txt b/requirements/windows.txt index 998bdd2dadcb..7911eef67327 100644 --- a/requirements/windows.txt +++ b/requirements/windows.txt @@ -6,12 +6,11 @@ pywin32>=305 wmi>=1.5.1 pythonnet>=3.0.1 -backports.ssl-match-hostname>=3.7.0.1; python_version < '3.7' certifi>=2022.12.07 cffi>=1.14.5 cherrypy>=18.6.1 cryptography>=41.0.3 -gitpython>=3.1.30; python_version >= '3.7' +gitpython>=3.1.30 ioloop>=0.1a0 lxml>=4.6.3 pyasn1>=0.4.8 From 9b22e5a3343ae7782499e698c75c0170386498c2 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Mon, 11 Sep 2023 09:44:11 +0100 Subject: [PATCH 15/54] Bump to `gitpython==3.1.35` Due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c Due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 Signed-off-by: Pedro Algarvio --- requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- 28 files changed, 28 insertions(+), 28 deletions(-) diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index 9f233fa5bc83..3760311cf5c9 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -432,7 +432,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 2ab6f4f882d8..3c82e233bf8c 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -430,7 +430,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via # -r requirements/darwin.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 671d456d14df..f2ce437f32f3 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -429,7 +429,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index ba82e751e1c1..42e3bb70d53a 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -427,7 +427,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index e7fe004ada33..d313d2a4d4ee 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -443,7 +443,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index 07d600c7f218..a24a499a4940 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -111,7 +111,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 0f14a5ab23b5..3f7b17caf101 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -444,7 +444,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 3111162b3179..1e7afdb6cd2d 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -441,7 +441,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index a6771ea92c94..d7dfa7be3e98 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -441,7 +441,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 1d41351fca09..f3199f753cd2 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -455,7 +455,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index c66cd5853d9e..7fc815947766 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -117,7 +117,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 34e3b8061cc1..26e8ac212c72 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -442,7 +442,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 8913b1fa92f6..e0ac76d3098b 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index efb6aa4a6dbb..9e85b9f0848d 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 3c816f8c0b0d..6a2e2c8af41d 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -453,7 +453,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 7d0f0a9c0366..6a23c545a54f 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -113,7 +113,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 8e6357263337..34d8818c179b 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -442,7 +442,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index e65cd22d72dd..a9904314b470 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -440,7 +440,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via # -r requirements/darwin.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 4bf3108b4629..c6c242c3d1fd 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 4c917f41f3e6..690aceb8677c 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -437,7 +437,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 2bf73ffe6e2f..eeb78f5534d1 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -455,7 +455,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 0e849fc33383..8699cd051249 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -113,7 +113,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index b509fe18a498..4bee194057e9 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/darwin.txt idna==2.8 # via diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index 6d9dbcd8aec2..59b57dab0a80 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index 48d3cf3ffd80..1a570a4602a8 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index 6ef55de08d6d..7a5669c534ec 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index d14cef347630..f8b866e2b624 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.5 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/darwin.txt idna==2.8 # via diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index 7f6e1cc32ee1..c243742d9ea3 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.32 +gitpython==3.1.35 # via -r requirements/windows.txt idna==2.8 # via requests From 030393c352b5c271d613249fdfba7b82afe40adb Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Thu, 28 Sep 2023 11:45:25 -0600 Subject: [PATCH 16/54] Add changelog --- changelog/65163.security.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog/65163.security.md diff --git a/changelog/65163.security.md b/changelog/65163.security.md new file mode 100644 index 000000000000..8d6f57c7d0c7 --- /dev/null +++ b/changelog/65163.security.md @@ -0,0 +1 @@ +Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c From 5f50947763d1193095a6a782e295f058b193fe1a Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Thu, 28 Sep 2023 19:08:58 +0100 Subject: [PATCH 17/54] Set `gitpython>=3.1.35` Signed-off-by: Pedro Algarvio --- requirements/darwin.txt | 2 +- requirements/static/ci/common.in | 2 +- requirements/windows.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/darwin.txt b/requirements/darwin.txt index 59aa84bc06e4..7e9fccb25dcd 100644 --- a/requirements/darwin.txt +++ b/requirements/darwin.txt @@ -5,7 +5,7 @@ apache-libcloud>=2.4.0 cherrypy>=17.4.1 cryptography>=41.0.3 -gitpython>=3.1.30 +gitpython>=3.1.35 idna>=2.8 linode-python>=1.1.1 pyasn1>=0.4.8 diff --git a/requirements/static/ci/common.in b/requirements/static/ci/common.in index ac54d8ee9e75..ca4663b38055 100644 --- a/requirements/static/ci/common.in +++ b/requirements/static/ci/common.in @@ -14,7 +14,7 @@ croniter>=0.3.0,!=0.3.22"; sys_platform != 'win32' dnspython docker etcd3-py==0.1.6 -gitpython>=3.1.30 +gitpython>=3.1.35 jmespath jsonschema junos-eznc; sys_platform != 'win32' and python_version <= '3.10' diff --git a/requirements/windows.txt b/requirements/windows.txt index 7911eef67327..b2553ae2fca3 100644 --- a/requirements/windows.txt +++ b/requirements/windows.txt @@ -10,7 +10,7 @@ certifi>=2022.12.07 cffi>=1.14.5 cherrypy>=18.6.1 cryptography>=41.0.3 -gitpython>=3.1.30 +gitpython>=3.1.35 ioloop>=0.1a0 lxml>=4.6.3 pyasn1>=0.4.8 From b7735ab8f6868610db7b25e29ecf35d5263d9c9b Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Thu, 28 Sep 2023 07:58:09 -0600 Subject: [PATCH 18/54] Add pytest integration pre_flight integration tests for CVE-2023-34049 --- tests/integration/ssh/test_pre_flight.py | 132 -------- .../integration/ssh/test_pre_flight.py | 308 ++++++++++++++++++ 2 files changed, 308 insertions(+), 132 deletions(-) delete mode 100644 tests/integration/ssh/test_pre_flight.py create mode 100644 tests/pytests/integration/ssh/test_pre_flight.py diff --git a/tests/integration/ssh/test_pre_flight.py b/tests/integration/ssh/test_pre_flight.py deleted file mode 100644 index 9ce8bf702435..000000000000 --- a/tests/integration/ssh/test_pre_flight.py +++ /dev/null @@ -1,132 +0,0 @@ -""" -Test for ssh_pre_flight roster option -""" - -import os - -import pytest -import salt.utils.files -from tests.support.case import SSHCase -from tests.support.runtests import RUNTIME_VARS - - -class SSHPreFlightTest(SSHCase): - """ - Test ssh_pre_flight roster option - """ - - def setUp(self): - super().setUp() - self.roster = os.path.join(RUNTIME_VARS.TMP, "pre_flight_roster") - self.data = { - "ssh_pre_flight": os.path.join(RUNTIME_VARS.TMP, "ssh_pre_flight.sh") - } - self.test_script = os.path.join( - RUNTIME_VARS.TMP, "test-pre-flight-script-worked.txt" - ) - - def _create_roster(self, pre_flight_script_args=None): - data = dict(self.data) - if pre_flight_script_args: - data["ssh_pre_flight_args"] = pre_flight_script_args - - self.custom_roster(self.roster, data) - - with salt.utils.files.fopen(data["ssh_pre_flight"], "w") as fp_: - fp_.write("touch {}".format(self.test_script)) - - @pytest.mark.slow_test - def test_ssh_pre_flight(self): - """ - test ssh when ssh_pre_flight is set - ensure the script runs successfully - """ - self._create_roster() - assert self.run_function("test.ping", roster_file=self.roster) - - assert os.path.exists(self.test_script) - - @pytest.mark.slow_test - def test_ssh_run_pre_flight(self): - """ - test ssh when --pre-flight is passed to salt-ssh - to ensure the script runs successfully - """ - self._create_roster() - # make sure we previously ran a command so the thin dir exists - self.run_function("test.ping", wipe=False) - assert not os.path.exists(self.test_script) - - assert self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - assert os.path.exists(self.test_script) - - @pytest.mark.slow_test - def test_ssh_run_pre_flight_args(self): - """ - test ssh when --pre-flight is passed to salt-ssh - to ensure the script runs successfully passing some args - """ - self._create_roster(pre_flight_script_args="foobar test") - # make sure we previously ran a command so the thin dir exists - self.run_function("test.ping", wipe=False) - assert not os.path.exists(self.test_script) - - assert self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - assert os.path.exists(self.test_script) - - @pytest.mark.slow_test - def test_ssh_run_pre_flight_args_prevent_injection(self): - """ - test ssh when --pre-flight is passed to salt-ssh - and evil arguments are used in order to produce shell injection - """ - injected_file = os.path.join(RUNTIME_VARS.TMP, "injection") - self._create_roster( - pre_flight_script_args="foobar; echo injected > {}".format(injected_file) - ) - # make sure we previously ran a command so the thin dir exists - self.run_function("test.ping", wipe=False) - assert not os.path.exists(self.test_script) - assert not os.path.isfile(injected_file) - - assert self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - - assert not os.path.isfile( - injected_file - ), "File injection suceeded. This shouldn't happend" - - @pytest.mark.flaky(max_runs=4) - @pytest.mark.slow_test - def test_ssh_run_pre_flight_failure(self): - """ - test ssh_pre_flight when there is a failure - in the script. - """ - self._create_roster() - with salt.utils.files.fopen(self.data["ssh_pre_flight"], "w") as fp_: - fp_.write("exit 2") - - ret = self.run_function( - "test.ping", ssh_opts="--pre-flight", roster_file=self.roster, wipe=False - ) - assert ret["retcode"] == 2 - - def tearDown(self): - """ - make sure to clean up any old ssh directories - """ - files = [ - self.roster, - self.data["ssh_pre_flight"], - self.test_script, - os.path.join(RUNTIME_VARS.TMP, "injection"), - ] - for fp_ in files: - if os.path.exists(fp_): - os.remove(fp_) diff --git a/tests/pytests/integration/ssh/test_pre_flight.py b/tests/pytests/integration/ssh/test_pre_flight.py new file mode 100644 index 000000000000..0f97424b5c83 --- /dev/null +++ b/tests/pytests/integration/ssh/test_pre_flight.py @@ -0,0 +1,308 @@ +""" +Test for ssh_pre_flight roster option +""" + +import grp +import os +import pathlib +import pwd +import shutil +import subprocess + +import pytest +import salt.utils.files +import yaml +from saltfactories.utils import random_string + + +def _custom_roster(roster_file, roster_data): + with salt.utils.files.fopen(roster_file, "r") as fp: + data = salt.utils.yaml.safe_load(fp) + for key, item in roster_data.items(): + data["localhost"][key] = item + with salt.utils.files.fopen(roster_file, "w") as fp: + yaml.safe_dump(data, fp) + + +@pytest.fixture +def _create_roster(salt_ssh_roster_file, tmp_path): + ret = {} + ret["roster"] = salt_ssh_roster_file + ret["data"] = {"ssh_pre_flight": str(tmp_path / "ssh_pre_flight.sh")} + ret["test_script"] = str(tmp_path / "test-pre-flight-script-worked.txt") + ret["thin_dir"] = tmp_path / "thin_dir" + + with salt.utils.files.fopen(salt_ssh_roster_file, "r") as fp: + data = salt.utils.yaml.safe_load(fp) + pre_flight_script = ret["data"]["ssh_pre_flight"] + data["localhost"]["ssh_pre_flight"] = pre_flight_script + data["localhost"]["thin_dir"] = str(ret["thin_dir"]) + with salt.utils.files.fopen(salt_ssh_roster_file, "w") as fp: + yaml.safe_dump(data, fp) + + with salt.utils.files.fopen(pre_flight_script, "w") as fp: + fp.write("touch {}".format(ret["test_script"])) + + yield ret + if ret["thin_dir"].exists(): + shutil.rmtree(ret["thin_dir"]) + + +@pytest.mark.slow_test +def test_ssh_pre_flight(salt_ssh_cli, caplog, _create_roster): + """ + test ssh when ssh_pre_flight is set + ensure the script runs successfully + """ + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + + assert pathlib.Path(_create_roster["test_script"]).exists() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight(salt_ssh_cli, _create_roster): + """ + test ssh when --pre-flight is passed to salt-ssh + to ensure the script runs successfully + """ + # make sure we previously ran a command so the thin dir exists + ret = salt_ssh_cli.run("test.ping") + assert pathlib.Path(_create_roster["test_script"]).exists() + + # Now remeove the script to ensure pre_flight doesn't run + # without --pre-flight + pathlib.Path(_create_roster["test_script"]).unlink() + + assert salt_ssh_cli.run("test.ping").returncode == 0 + assert not pathlib.Path(_create_roster["test_script"]).exists() + + # Now ensure + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + assert pathlib.Path(_create_roster["test_script"]).exists() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight_args(salt_ssh_cli, _create_roster): + """ + test ssh when --pre-flight is passed to salt-ssh + to ensure the script runs successfully passing some args + """ + _custom_roster(salt_ssh_cli.roster_file, {"ssh_pre_flight_args": "foobar test"}) + # Create pre_flight script that accepts args + test_script = _create_roster["test_script"] + test_script_1 = pathlib.Path(test_script + "-foobar") + test_script_2 = pathlib.Path(test_script + "-test") + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp: + fp.write( + f""" + touch {str(test_script)}-$1 + touch {str(test_script)}-$2 + """ + ) + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + assert test_script_1.exists() + assert test_script_2.exists() + pathlib.Path(test_script_1).unlink() + pathlib.Path(test_script_2).unlink() + + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + assert not test_script_1.exists() + assert not test_script_2.exists() + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + assert test_script_1.exists() + assert test_script_2.exists() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight_args_prevent_injection( + salt_ssh_cli, _create_roster, tmp_path +): + """ + test ssh when --pre-flight is passed to salt-ssh + and evil arguments are used in order to produce shell injection + """ + injected_file = tmp_path / "injection" + _custom_roster( + salt_ssh_cli.roster_file, + {"ssh_pre_flight_args": f"foobar; echo injected > {str(injected_file)}"}, + ) + # Create pre_flight script that accepts args + test_script = _create_roster["test_script"] + test_script_1 = pathlib.Path(test_script + "-echo") + test_script_2 = pathlib.Path(test_script + "-foobar;") + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp: + fp.write( + f""" + touch {str(test_script)}-$1 + touch {str(test_script)}-$2 + """ + ) + + # make sure we previously ran a command so the thin dir exists + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + assert test_script_1.exists() + assert test_script_2.exists() + test_script_1.unlink() + test_script_2.unlink() + assert not injected_file.is_file() + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + + assert test_script_1.exists() + assert test_script_2.exists() + assert not pathlib.Path( + injected_file + ).is_file(), "File injection suceeded. This shouldn't happend" + + +@pytest.mark.flaky(max_runs=4) +@pytest.mark.slow_test +def test_ssh_run_pre_flight_failure(salt_ssh_cli, _create_roster): + """ + test ssh_pre_flight when there is a failure + in the script. + """ + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp_: + fp_.write("exit 2") + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.data["retcode"] == 2 + + +@pytest.fixture +def account(): + username = random_string("test-account-", uppercase=False) + with pytest.helpers.create_account(username=username) as account: + yield account + + +@pytest.mark.slow_test +def test_ssh_pre_flight_script(salt_ssh_cli, caplog, _create_roster, tmp_path, account): + """ + Test to ensure user cannot create and run a script + with the expected pre_flight script path on target. + """ + try: + script = pathlib.Path.home() / "hacked" + tmp_preflight = pathlib.Path("/tmp", "ssh_pre_flight.sh") + tmp_preflight.write_text(f"touch {script}") + os.chown(tmp_preflight, account.info.uid, account.info.gid) + ret = salt_ssh_cli.run("test.ping") + assert not script.is_file() + assert ret.returncode == 0 + assert ret.stdout == '{\n"localhost": true\n}\n' + finally: + for _file in [script, tmp_preflight]: + if _file.is_file(): + _file.unlink() + + +def demote(user_uid, user_gid): + def result(): + # os.setgid does not remove group membership, so we remove them here so they are REALLY non-root + os.setgroups([]) + os.setgid(user_gid) + os.setuid(user_uid) + + return result + + +@pytest.mark.slow_test +def test_ssh_pre_flight_perms(salt_ssh_cli, caplog, _create_roster, account): + """ + Test to ensure standard user cannot run pre flight script + on target when user sets wrong permissions (777) on + ssh_pre_flight script. + """ + try: + script = pathlib.Path("/tmp", "itworked") + preflight = pathlib.Path("/ssh_pre_flight.sh") + preflight.write_text(f"touch {str(script)}") + tmp_preflight = pathlib.Path("/tmp", preflight.name) + + _custom_roster(salt_ssh_cli.roster_file, {"ssh_pre_flight": str(preflight)}) + preflight.chmod(0o0777) + run_script = pathlib.Path("/run_script") + run_script.write_text( + f""" + x=1 + while [ $x -le 200000 ]; do + SCRIPT=`bash {str(tmp_preflight)} 2> /dev/null; echo $?` + if [ ${{SCRIPT}} == 0 ]; then + break + fi + x=$(( $x + 1 )) + done + """ + ) + run_script.chmod(0o0777) + # pylint: disable=W1509 + ret = subprocess.Popen( + ["sh", f"{run_script}"], + preexec_fn=demote(account.info.uid, account.info.gid), + stdout=None, + stderr=None, + stdin=None, + universal_newlines=True, + ) + # pylint: enable=W1509 + ret = salt_ssh_cli.run("test.ping") + assert ret.returncode == 0 + + # Lets make sure a different user other than root + # Didn't run the script + assert os.stat(script).st_uid != account.info.uid + assert script.is_file() + finally: + for _file in [script, preflight, tmp_preflight, run_script]: + if _file.is_file(): + _file.unlink() + + +@pytest.mark.slow_test +def test_ssh_run_pre_flight_target_file_perms(salt_ssh_cli, _create_roster, tmp_path): + """ + test ssh_pre_flight to ensure the target pre flight script + has the correct perms + """ + perms_file = tmp_path / "perms" + with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp_: + fp_.write( + f""" + SCRIPT_NAME=$0 + stat -L -c "%a %G %U" $SCRIPT_NAME > {perms_file} + """ + ) + + ret = salt_ssh_cli.run( + "test.ping", + "--pre-flight", + ) + assert ret.returncode == 0 + with salt.utils.files.fopen(perms_file) as fp: + data = fp.read() + assert data.split()[0] == "600" + uid = os.getuid() + gid = os.getgid() + assert data.split()[1] == grp.getgrgid(gid).gr_name + assert data.split()[2] == pwd.getpwuid(uid).pw_name From 8ed7bad4f8b9439ad2fbb86a22d120fb2fa592ce Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Thu, 28 Sep 2023 07:59:29 -0600 Subject: [PATCH 19/54] Fix CVE-2023-34049 --- changelog/cve-2023-34049.security | 2 + salt/client/ssh/__init__.py | 68 +- tests/pytests/unit/client/ssh/test_single.py | 820 +++++++++++++++++++ tests/pytests/unit/client/ssh/test_ssh.py | 277 +++++++ 4 files changed, 1149 insertions(+), 18 deletions(-) create mode 100644 changelog/cve-2023-34049.security create mode 100644 tests/pytests/unit/client/ssh/test_single.py diff --git a/changelog/cve-2023-34049.security b/changelog/cve-2023-34049.security new file mode 100644 index 000000000000..6b0ca190a277 --- /dev/null +++ b/changelog/cve-2023-34049.security @@ -0,0 +1,2 @@ +Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. +This only impacts salt-ssh users using the pre-flight option. diff --git a/salt/client/ssh/__init__.py b/salt/client/ssh/__init__.py index 5e557c51da11..1c25942d90a6 100644 --- a/salt/client/ssh/__init__.py +++ b/salt/client/ssh/__init__.py @@ -11,9 +11,11 @@ import logging import multiprocessing import os +import pathlib import queue import re import shlex +import shutil import subprocess import sys import tarfile @@ -467,7 +469,14 @@ def key_deploy(self, host, ret): if target.get("passwd", False) or self.opts["ssh_passwd"]: self._key_deploy_run(host, target, False) return ret - if ret[host].get("stderr", "").count("Permission denied"): + stderr = ret[host].get("stderr", "") + # -failed to upload file- is detecting scp errors + # Errors to ignore when Permission denied is in the stderr. For example + # scp can get a permission denied on the target host, but they where + # able to accurate authenticate against the box + ignore_err = ["failed to upload file"] + check_err = [x for x in ignore_err if stderr.count(x)] + if "Permission denied" in stderr and not check_err: target = self.targets[host] # permission denied, attempt to auto deploy ssh key print( @@ -500,7 +509,7 @@ def _key_deploy_run(self, host, target, re_run=True): mods=self.mods, fsclient=self.fsclient, thin=self.thin, - **target + **target, ) if salt.utils.path.which("ssh-copy-id"): # we have ssh-copy-id, use it! @@ -516,7 +525,7 @@ def _key_deploy_run(self, host, target, re_run=True): mods=self.mods, fsclient=self.fsclient, thin=self.thin, - **target + **target, ) stdout, stderr, retcode = single.cmd_block() try: @@ -543,7 +552,7 @@ def handle_routine(self, que, opts, host, target, mine=False): fsclient=self.fsclient, thin=self.thin, mine=mine, - **target + **target, ) ret = {"id": single.id} stdout, stderr, retcode = single.run() @@ -883,7 +892,7 @@ def __init__( remote_port_forwards=None, winrm=False, ssh_options=None, - **kwargs + **kwargs, ): # Get mine setting and mine_functions if defined in kwargs (from roster) self.mine = mine @@ -1007,11 +1016,32 @@ def run_ssh_pre_flight(self): """ Run our pre_flight script before running any ssh commands """ - script = os.path.join(tempfile.gettempdir(), self.ssh_pre_file) - - self.shell.send(self.ssh_pre_flight, script) + with tempfile.NamedTemporaryFile() as temp: + # ensure we use copyfile to not copy the file attributes + # we want to ensure we use the perms set by the secure + # NamedTemporaryFile + try: + shutil.copyfile(self.ssh_pre_flight, temp.name) + except OSError as err: + return ( + "", + f"Could not copy pre flight script {self.ssh_pre_flight} to temporary path", + 1, + ) + target_script = f".{pathlib.Path(temp.name).name}" + log.trace(f"Copying the pre flight script {self.ssh_pre_file} to target") + stdout, stderr, retcode = self.shell.send(temp.name, target_script) + if retcode != 0: + # We could not copy the script to the target + log.error( + f"Could not copy the pre flight script {self.ssh_pre_file} to target" + ) + return stdout, stderr, retcode - return self.execute_script(script, script_args=self.ssh_pre_flight_args) + log.trace(f"Executing the pre flight script {self.ssh_pre_file} on target") + return self.execute_script( + target_script, script_args=self.ssh_pre_flight_args + ) def check_thin_dir(self): """ @@ -1131,7 +1161,7 @@ def run_wfunc(self): self.id, fsclient=self.fsclient, minion_opts=self.minion_opts, - **self.target + **self.target, ) opts_pkg = pre_wrapper["test.opts_pkg"]() # pylint: disable=E1102 @@ -1210,7 +1240,7 @@ def run_wfunc(self): self.id, fsclient=self.fsclient, minion_opts=self.minion_opts, - **self.target + **self.target, ) wrapper.fsclient.opts["cachedir"] = opts["cachedir"] self.wfuncs = salt.loader.ssh_wrapper(opts, wrapper, self.context) @@ -1381,18 +1411,20 @@ def shim_cmd(self, cmd_str, extension="py"): return self.shell.exec_cmd(cmd_str) # Write the shim to a temporary file in the default temp directory - with tempfile.NamedTemporaryFile( - mode="w+b", prefix="shim_", delete=False - ) as shim_tmp_file: + with tempfile.NamedTemporaryFile(mode="w+b", delete=False) as shim_tmp_file: shim_tmp_file.write(salt.utils.stringutils.to_bytes(cmd_str)) # Copy shim to target system, under $HOME/. - target_shim_file = ".{}.{}".format( - binascii.hexlify(os.urandom(6)).decode("ascii"), extension - ) + target_shim_file = f".{pathlib.Path(shim_tmp_file.name).name}" + if self.winrm: target_shim_file = saltwinshell.get_target_shim_file(self, target_shim_file) - self.shell.send(shim_tmp_file.name, target_shim_file, makedirs=True) + stdout, stderr, retcode = self.shell.send( + shim_tmp_file.name, target_shim_file, makedirs=True + ) + if retcode != 0: + log.error(f"Could not copy the shim script to target") + return stdout, stderr, retcode # Remove our shim file try: diff --git a/tests/pytests/unit/client/ssh/test_single.py b/tests/pytests/unit/client/ssh/test_single.py new file mode 100644 index 000000000000..912c8cccec0c --- /dev/null +++ b/tests/pytests/unit/client/ssh/test_single.py @@ -0,0 +1,820 @@ +import logging +import re +from textwrap import dedent + +import pytest +import salt.client.ssh.client +import salt.config +import salt.roster +import salt.utils.files +import salt.utils.path +import salt.utils.platform +import salt.utils.thin +import salt.utils.yaml +from salt.client import ssh +from tests.support.mock import MagicMock, call, patch + +log = logging.getLogger(__name__) + + +@pytest.fixture +def opts(tmp_path): + return { + "argv": [ + "ssh.set_auth_key", + "root", + "hobn+amNAXSBTiOXEqlBjGB...rsa root@master", + ], + "__role": "master", + "cachedir": str(tmp_path), + "extension_modules": str(tmp_path / "extmods"), + } + + +@pytest.fixture +def target(): + return { + "passwd": "abc123", + "ssh_options": None, + "sudo": False, + "identities_only": False, + "host": "login1", + "user": "root", + "timeout": 65, + "remote_port_forwards": None, + "sudo_user": "", + "port": "22", + "priv": "/etc/salt/pki/master/ssh/salt-ssh.rsa", + } + + +def test_single_opts(opts, target): + """Sanity check for ssh.Single options""" + + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + assert single.shell._ssh_opts() == "" + expected_cmd = ( + "ssh login1 " + "-o KbdInteractiveAuthentication=no -o " + "PasswordAuthentication=yes -o ConnectTimeout=65 -o Port=22 " + "-o IdentityFile=/etc/salt/pki/master/ssh/salt-ssh.rsa " + "-o User=root date +%s" + ) + assert single.shell._cmd_str("date +%s") == expected_cmd + + +def test_run_with_pre_flight(opts, target, tmp_path): + """ + test Single.run() when ssh_pre_flight is set + and script successfully runs + """ + target["ssh_pre_flight"] = str(tmp_path / "script.sh") + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + cmd_ret = ("Success", "", 0) + mock_flight = MagicMock(return_value=cmd_ret) + mock_cmd = MagicMock(return_value=cmd_ret) + patch_flight = patch("salt.client.ssh.Single.run_ssh_pre_flight", mock_flight) + patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) + patch_exec_cmd = patch( + "salt.client.ssh.shell.Shell.exec_cmd", return_value=("", "", 1) + ) + patch_os = patch("os.path.exists", side_effect=[True]) + + with patch_os, patch_flight, patch_cmd, patch_exec_cmd: + ret = single.run() + mock_cmd.assert_called() + mock_flight.assert_called() + assert ret == cmd_ret + + +def test_run_with_pre_flight_with_args(opts, target, tmp_path): + """ + test Single.run() when ssh_pre_flight is set + and script successfully runs + """ + target["ssh_pre_flight"] = str(tmp_path / "script.sh") + target["ssh_pre_flight_args"] = "foobar" + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + cmd_ret = ("Success", "foobar", 0) + mock_flight = MagicMock(return_value=cmd_ret) + mock_cmd = MagicMock(return_value=cmd_ret) + patch_flight = patch("salt.client.ssh.Single.run_ssh_pre_flight", mock_flight) + patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) + patch_exec_cmd = patch( + "salt.client.ssh.shell.Shell.exec_cmd", return_value=("", "", 1) + ) + patch_os = patch("os.path.exists", side_effect=[True]) + + with patch_os, patch_flight, patch_cmd, patch_exec_cmd: + ret = single.run() + mock_cmd.assert_called() + mock_flight.assert_called() + assert ret == cmd_ret + + +def test_run_with_pre_flight_stderr(opts, target, tmp_path): + """ + test Single.run() when ssh_pre_flight is set + and script errors when run + """ + target["ssh_pre_flight"] = str(tmp_path / "script.sh") + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + cmd_ret = ("", "Error running script", 1) + mock_flight = MagicMock(return_value=cmd_ret) + mock_cmd = MagicMock(return_value=cmd_ret) + patch_flight = patch("salt.client.ssh.Single.run_ssh_pre_flight", mock_flight) + patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) + patch_exec_cmd = patch( + "salt.client.ssh.shell.Shell.exec_cmd", return_value=("", "", 1) + ) + patch_os = patch("os.path.exists", side_effect=[True]) + + with patch_os, patch_flight, patch_cmd, patch_exec_cmd: + ret = single.run() + mock_cmd.assert_not_called() + mock_flight.assert_called() + assert ret == cmd_ret + + +def test_run_with_pre_flight_script_doesnot_exist(opts, target, tmp_path): + """ + test Single.run() when ssh_pre_flight is set + and the script does not exist + """ + target["ssh_pre_flight"] = str(tmp_path / "script.sh") + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + cmd_ret = ("Success", "", 0) + mock_flight = MagicMock(return_value=cmd_ret) + mock_cmd = MagicMock(return_value=cmd_ret) + patch_flight = patch("salt.client.ssh.Single.run_ssh_pre_flight", mock_flight) + patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) + patch_exec_cmd = patch( + "salt.client.ssh.shell.Shell.exec_cmd", return_value=("", "", 1) + ) + patch_os = patch("os.path.exists", side_effect=[False]) + + with patch_os, patch_flight, patch_cmd, patch_exec_cmd: + ret = single.run() + mock_cmd.assert_called() + mock_flight.assert_not_called() + assert ret == cmd_ret + + +def test_run_with_pre_flight_thin_dir_exists(opts, target, tmp_path): + """ + test Single.run() when ssh_pre_flight is set + and thin_dir already exists + """ + target["ssh_pre_flight"] = str(tmp_path / "script.sh") + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + cmd_ret = ("", "", 0) + mock_flight = MagicMock(return_value=cmd_ret) + mock_cmd = MagicMock(return_value=cmd_ret) + patch_flight = patch("salt.client.ssh.Single.run_ssh_pre_flight", mock_flight) + patch_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_cmd) + patch_cmd_block = patch("salt.client.ssh.Single.cmd_block", mock_cmd) + patch_os = patch("os.path.exists", return_value=True) + + with patch_os, patch_flight, patch_cmd, patch_cmd_block: + ret = single.run() + mock_cmd.assert_called() + mock_flight.assert_not_called() + assert ret == cmd_ret + + +def test_run_ssh_pre_flight(opts, target, tmp_path): + """ + test Single.run_ssh_pre_flight function + """ + target["ssh_pre_flight"] = str(tmp_path / "script.sh") + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + cmd_ret = ("Success", "", 0) + mock_flight = MagicMock(return_value=cmd_ret) + mock_cmd = MagicMock(return_value=cmd_ret) + patch_flight = patch("salt.client.ssh.Single.run_ssh_pre_flight", mock_flight) + patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) + patch_exec_cmd = patch( + "salt.client.ssh.shell.Shell.exec_cmd", return_value=("", "", 1) + ) + patch_os = patch("os.path.exists", side_effect=[True]) + + with patch_os, patch_flight, patch_cmd, patch_exec_cmd: + ret = single.run() + mock_cmd.assert_called() + mock_flight.assert_called() + assert ret == cmd_ret + + +def test_execute_script(opts, target, tmp_path): + """ + test Single.execute_script() + """ + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + **target, + ) + + exp_ret = ("Success", "", 0) + mock_cmd = MagicMock(return_value=exp_ret) + patch_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_cmd) + script = str(tmp_path / "script.sh") + + with patch_cmd: + ret = single.execute_script(script=script) + assert ret == exp_ret + assert mock_cmd.call_count == 2 + assert [ + call("/bin/sh '{}'".format(script)), + call("rm '{}'".format(script)), + ] == mock_cmd.call_args_list + + +def test_shim_cmd(opts, target, tmp_path): + """ + test Single.shim_cmd() + """ + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + + exp_ret = ("Success", "", 0) + mock_cmd = MagicMock(return_value=exp_ret) + patch_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_cmd) + patch_send = patch("salt.client.ssh.shell.Shell.send", return_value=("", "", 0)) + patch_rand = patch("os.urandom", return_value=b"5\xd9l\xca\xc2\xff") + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + + with patch_cmd, patch_tmp, patch_send: + ret = single.shim_cmd(cmd_str="echo test") + assert ret == exp_ret + assert [ + call(f"/bin/sh '.{tmp_file.name}'"), + call(f"rm '.{tmp_file.name}'"), + ] == mock_cmd.call_args_list + + +def test_shim_cmd_copy_fails(opts, target, caplog): + """ + test Single.shim_cmd() when copying the file fails + """ + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + + ret_cmd = ("Success", "", 0) + mock_cmd = MagicMock(return_value=ret_cmd) + patch_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_cmd) + ret_send = ("", "General error in file copy", 1) + patch_send = patch("salt.client.ssh.shell.Shell.send", return_value=ret_send) + patch_rand = patch("os.urandom", return_value=b"5\xd9l\xca\xc2\xff") + + with patch_cmd, patch_rand, patch_send: + ret = single.shim_cmd(cmd_str="echo test") + assert ret == ret_send + assert "Could not copy the shim script to target" in caplog.text + mock_cmd.assert_not_called() + + +def test_run_ssh_pre_flight_no_connect(opts, target, tmp_path, caplog): + """ + test Single.run_ssh_pre_flight when you + cannot connect to the target + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + mock_exec_cmd = MagicMock(return_value=("", "", 1)) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + ret_send = ( + "", + "ssh: connect to host 192.168.1.186 port 22: No route to host\nscp: Connection closed\n", + 255, + ) + send_mock = MagicMock(return_value=ret_send) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) + + with caplog.at_level(logging.TRACE): + with patch_send, patch_exec_cmd, patch_tmp: + ret = single.run_ssh_pre_flight() + assert f"Copying the pre flight script {pre_flight.name}" in caplog.text + assert ( + f"Could not copy the pre flight script {pre_flight.name} to target" + in caplog.text + ) + assert ret == ret_send + assert send_mock.call_args_list[0][0][0] == tmp_file + target_script = send_mock.call_args_list[0][0][1] + assert re.search(r".[a-z0-9]+", target_script) + mock_exec_cmd.assert_not_called() + + +def test_run_ssh_pre_flight_permission_denied(opts, target, tmp_path): + """ + test Single.run_ssh_pre_flight when you + cannot copy script to the target due to + a permission denied error + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + mock_exec_cmd = MagicMock(return_value=("", "", 1)) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + ret_send = ( + "", + 'scp: dest open "/tmp/preflight.sh": Permission denied\nscp: failed to upload file /etc/salt/preflight.sh to /tmp/preflight.sh\n', + 255, + ) + send_mock = MagicMock(return_value=ret_send) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) + + with patch_send, patch_exec_cmd, patch_tmp: + ret = single.run_ssh_pre_flight() + assert ret == ret_send + assert send_mock.call_args_list[0][0][0] == tmp_file + target_script = send_mock.call_args_list[0][0][1] + assert re.search(r".[a-z0-9]+", target_script) + mock_exec_cmd.assert_not_called() + + +def test_run_ssh_pre_flight_connect(opts, target, tmp_path, caplog): + """ + test Single.run_ssh_pre_flight when you + can connect to the target + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + ret_exec_cmd = ("", "", 1) + mock_exec_cmd = MagicMock(return_value=ret_exec_cmd) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + ret_send = ( + "", + "\rroot@192.168.1.187's password: \n\rpreflight.sh 0% 0 0.0KB/s --:-- ETA\rpreflight.sh 100% 20 2.7KB/s 00:00 \n", + 0, + ) + send_mock = MagicMock(return_value=ret_send) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) + + with caplog.at_level(logging.TRACE): + with patch_send, patch_exec_cmd, patch_tmp: + ret = single.run_ssh_pre_flight() + + assert f"Executing the pre flight script {pre_flight.name} on target" in caplog.text + assert ret == ret_exec_cmd + assert send_mock.call_args_list[0][0][0] == tmp_file + target_script = send_mock.call_args_list[0][0][1] + assert re.search(r".[a-z0-9]+", target_script) + mock_exec_cmd.assert_called() + + +def test_run_ssh_pre_flight_shutil_fails(opts, target, tmp_path): + """ + test Single.run_ssh_pre_flight when cannot + copyfile with shutil + """ + pre_flight = tmp_path / "script.sh" + pre_flight.write_text("") + target["ssh_pre_flight"] = str(pre_flight) + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + tty=True, + **target, + ) + ret_exec_cmd = ("", "", 1) + mock_exec_cmd = MagicMock(return_value=ret_exec_cmd) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + tmp_file = tmp_path / "tmp_file" + mock_tmp = MagicMock() + patch_tmp = patch("tempfile.NamedTemporaryFile", mock_tmp) + mock_tmp.return_value.__enter__.return_value.name = tmp_file + send_mock = MagicMock() + mock_shutil = MagicMock(side_effect=IOError("Permission Denied")) + patch_shutil = patch("shutil.copyfile", mock_shutil) + patch_send = patch("salt.client.ssh.shell.Shell.send", send_mock) + + with patch_send, patch_exec_cmd, patch_tmp, patch_shutil: + ret = single.run_ssh_pre_flight() + + assert ret == ( + "", + f"Could not copy pre flight script {pre_flight} to temporary path", + 1, + ) + mock_exec_cmd.assert_not_called() + send_mock.assert_not_called() + + +@pytest.mark.skip_on_windows(reason="SSH_PY_SHIM not set on windows") +@pytest.mark.slow_test +def test_cmd_run_set_path(opts, target): + """ + test when set_path is set + """ + target["set_path"] = "$PATH:/tmp/path/" + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + ret = single._cmd_str() + assert re.search("\\" + target["set_path"], ret) + + +@pytest.mark.skip_on_windows(reason="SSH_PY_SHIM not set on windows") +@pytest.mark.slow_test +def test_cmd_run_not_set_path(opts, target): + """ + test when set_path is not set + """ + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + ret = single._cmd_str() + assert re.search('SET_PATH=""', ret) + + +@pytest.mark.skip_on_windows(reason="SSH_PY_SHIM not set on windows") +@pytest.mark.slow_test +def test_cmd_block_python_version_error(opts, target): + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + winrm=False, + **target, + ) + mock_shim = MagicMock( + return_value=(("", "ERROR: Unable to locate appropriate python command\n", 10)) + ) + patch_shim = patch("salt.client.ssh.Single.shim_cmd", mock_shim) + with patch_shim: + ret = single.cmd_block() + assert "ERROR: Python version error. Recommendation(s) follow:" in ret[0] + + +def _check_skip(grains): + if grains["os"] == "MacOS": + return True + return False + + +@pytest.mark.skip_initial_gh_actions_failure(skip=_check_skip) +@pytest.mark.skip_on_windows(reason="pre_flight_args is not implemented for Windows") +@pytest.mark.parametrize( + "test_opts", + [ + (None, ""), + ("one", " one"), + ("one two", " one two"), + ("| touch /tmp/test", " '|' touch /tmp/test"), + ("; touch /tmp/test", " ';' touch /tmp/test"), + (["one"], " one"), + (["one", "two"], " one two"), + (["one", "two", "| touch /tmp/test"], " one two '| touch /tmp/test'"), + (["one", "two", "; touch /tmp/test"], " one two '; touch /tmp/test'"), + ], +) +def test_run_with_pre_flight_args(opts, target, test_opts, tmp_path): + """ + test Single.run() when ssh_pre_flight is set + and script successfully runs + """ + opts["ssh_run_pre_flight"] = True + pre_flight_script = tmp_path / "script.sh" + pre_flight_script.write_text("") + target["ssh_pre_flight"] = str(pre_flight_script) + + if test_opts[0] is not None: + target["ssh_pre_flight_args"] = test_opts[0] + expected_args = test_opts[1] + + single = ssh.Single( + opts, + opts["argv"], + "localhost", + mods={}, + fsclient=None, + thin=salt.utils.thin.thin_path(opts["cachedir"]), + mine=False, + **target, + ) + + cmd_ret = ("Success", "", 0) + mock_cmd = MagicMock(return_value=cmd_ret) + mock_exec_cmd = MagicMock(return_value=("", "", 0)) + patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) + patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) + patch_shell_send = patch( + "salt.client.ssh.shell.Shell.send", return_value=("", "", 0) + ) + patch_os = patch("os.path.exists", side_effect=[True]) + + with patch_os, patch_cmd, patch_exec_cmd, patch_shell_send: + single.run() + script_args = mock_exec_cmd.mock_calls[0].args[0] + assert re.search(r"\/bin\/sh '.[a-z0-9]+", script_args) + + +@pytest.mark.slow_test +@pytest.mark.skip_on_windows(reason="Windows does not support salt-ssh") +@pytest.mark.skip_if_binaries_missing("ssh", check_all=True) +def test_ssh_single__cmd_str(opts): + argv = [] + id_ = "minion" + host = "minion" + + single = ssh.Single(opts, argv, id_, host, sudo=False) + cmd = single._cmd_str() + expected = dedent( + """ + SUDO="" + if [ -n "" ] + then SUDO=" " + fi + SUDO_USER="" + if [ "$SUDO" ] && [ "$SUDO_USER" ] + then SUDO="$SUDO -u $SUDO_USER" + fi + """ + ) + + assert expected in cmd + + +@pytest.mark.slow_test +@pytest.mark.skip_on_windows(reason="Windows does not support salt-ssh") +@pytest.mark.skip_if_binaries_missing("ssh", check_all=True) +def test_ssh_single__cmd_str_sudo(opts): + argv = [] + id_ = "minion" + host = "minion" + + single = ssh.Single(opts, argv, id_, host, sudo=True) + cmd = single._cmd_str() + expected = dedent( + """ + SUDO="" + if [ -n "sudo" ] + then SUDO="sudo " + fi + SUDO_USER="" + if [ "$SUDO" ] && [ "$SUDO_USER" ] + then SUDO="$SUDO -u $SUDO_USER" + fi + """ + ) + + assert expected in cmd + + +@pytest.mark.slow_test +@pytest.mark.skip_on_windows(reason="Windows does not support salt-ssh") +@pytest.mark.skip_if_binaries_missing("ssh", check_all=True) +def test_ssh_single__cmd_str_sudo_user(opts): + argv = [] + id_ = "minion" + host = "minion" + user = "wayne" + + single = ssh.Single(opts, argv, id_, host, sudo=True, sudo_user=user) + cmd = single._cmd_str() + expected = dedent( + """ + SUDO="" + if [ -n "sudo" ] + then SUDO="sudo " + fi + SUDO_USER="wayne" + if [ "$SUDO" ] && [ "$SUDO_USER" ] + then SUDO="$SUDO -u $SUDO_USER" + fi + """ + ) + + assert expected in cmd + + +@pytest.mark.slow_test +@pytest.mark.skip_on_windows(reason="Windows does not support salt-ssh") +@pytest.mark.skip_if_binaries_missing("ssh", check_all=True) +def test_ssh_single__cmd_str_sudo_passwd(opts): + argv = [] + id_ = "minion" + host = "minion" + passwd = "salty" + + single = ssh.Single(opts, argv, id_, host, sudo=True, passwd=passwd) + cmd = single._cmd_str() + expected = dedent( + """ + SUDO="" + if [ -n "sudo -p '[salt:sudo:d11bd4221135c33324a6bdc09674146fbfdf519989847491e34a689369bbce23]passwd:'" ] + then SUDO="sudo -p '[salt:sudo:d11bd4221135c33324a6bdc09674146fbfdf519989847491e34a689369bbce23]passwd:' " + fi + SUDO_USER="" + if [ "$SUDO" ] && [ "$SUDO_USER" ] + then SUDO="$SUDO -u $SUDO_USER" + fi + """ + ) + + assert expected in cmd + + +@pytest.mark.slow_test +@pytest.mark.skip_on_windows(reason="Windows does not support salt-ssh") +@pytest.mark.skip_if_binaries_missing("ssh", check_all=True) +def test_ssh_single__cmd_str_sudo_passwd_user(opts): + argv = [] + id_ = "minion" + host = "minion" + user = "wayne" + passwd = "salty" + + single = ssh.Single(opts, argv, id_, host, sudo=True, passwd=passwd, sudo_user=user) + cmd = single._cmd_str() + expected = dedent( + """ + SUDO="" + if [ -n "sudo -p '[salt:sudo:d11bd4221135c33324a6bdc09674146fbfdf519989847491e34a689369bbce23]passwd:'" ] + then SUDO="sudo -p '[salt:sudo:d11bd4221135c33324a6bdc09674146fbfdf519989847491e34a689369bbce23]passwd:' " + fi + SUDO_USER="wayne" + if [ "$SUDO" ] && [ "$SUDO_USER" ] + then SUDO="$SUDO -u $SUDO_USER" + fi + """ + ) + + assert expected in cmd diff --git a/tests/pytests/unit/client/ssh/test_ssh.py b/tests/pytests/unit/client/ssh/test_ssh.py index b9388f10ea2d..07f70c424376 100644 --- a/tests/pytests/unit/client/ssh/test_ssh.py +++ b/tests/pytests/unit/client/ssh/test_ssh.py @@ -194,3 +194,280 @@ def test_run_with_pre_flight_args(ssh_target, test_opts): assert mock_exec_cmd.mock_calls[0].args[ 0 ] == "/bin/sh '/tmp/script.sh'{}".format(expected_args) + + +def test_expand_target_dns(opts, roster): + """ + test expand_target when target is root@ + """ + host = "localhost" + user = "test-user@" + opts["tgt"] = user + host + + with patch("salt.utils.network.is_reachable_host", MagicMock(return_value=False)): + client = ssh.SSH(opts) + assert opts["tgt"] == user + host + with patch( + "salt.roster.get_roster_file", MagicMock(return_value="/etc/salt/roster") + ), patch( + "salt.client.ssh.compile_template", + MagicMock(return_value=salt.utils.yaml.safe_load(roster)), + ): + client._expand_target() + assert opts["tgt"] == host + + +def test_expand_target_no_user(opts, roster): + """ + test expand_target when no user defined + """ + host = "127.0.0.1" + opts["tgt"] = host + + with patch("salt.utils.network.is_reachable_host", MagicMock(return_value=False)): + client = ssh.SSH(opts) + assert opts["tgt"] == host + + with patch( + "salt.roster.get_roster_file", MagicMock(return_value="/etc/salt/roster") + ), patch( + "salt.client.ssh.compile_template", + MagicMock(return_value=salt.utils.yaml.safe_load(roster)), + ): + client._expand_target() + assert opts["tgt"] == host + + +def test_update_targets_ip_address(opts): + """ + test update_targets when host is ip address + """ + host = "127.0.0.1" + user = "test-user@" + opts["tgt"] = user + host + + with patch("salt.utils.network.is_reachable_host", MagicMock(return_value=False)): + client = ssh.SSH(opts) + assert opts["tgt"] == user + host + client._update_targets() + assert opts["tgt"] == host + assert client.targets[host]["user"] == user.split("@")[0] + + +def test_update_targets_dns(opts): + """ + test update_targets when host is dns + """ + host = "localhost" + user = "test-user@" + opts["tgt"] = user + host + + with patch("salt.utils.network.is_reachable_host", MagicMock(return_value=False)): + client = ssh.SSH(opts) + assert opts["tgt"] == user + host + client._update_targets() + assert opts["tgt"] == host + assert client.targets[host]["user"] == user.split("@")[0] + + +def test_update_targets_no_user(opts): + """ + test update_targets when no user defined + """ + host = "127.0.0.1" + opts["tgt"] = host + + with patch("salt.utils.network.is_reachable_host", MagicMock(return_value=False)): + client = ssh.SSH(opts) + assert opts["tgt"] == host + client._update_targets() + assert opts["tgt"] == host + + +def test_update_expand_target_dns(opts, roster): + """ + test update_targets and expand_target when host is dns + """ + host = "localhost" + user = "test-user@" + opts["tgt"] = user + host + + with patch("salt.utils.network.is_reachable_host", MagicMock(return_value=False)): + client = ssh.SSH(opts) + assert opts["tgt"] == user + host + with patch( + "salt.roster.get_roster_file", MagicMock(return_value="/etc/salt/roster") + ), patch( + "salt.client.ssh.compile_template", + MagicMock(return_value=salt.utils.yaml.safe_load(roster)), + ): + client._expand_target() + client._update_targets() + assert opts["tgt"] == host + assert client.targets[host]["user"] == user.split("@")[0] + + +def test_parse_tgt(opts): + """ + test parse_tgt when user and host set on + the ssh cli tgt + """ + host = "localhost" + user = "test-user@" + opts["tgt"] = user + host + + with patch("salt.utils.network.is_reachable_host", MagicMock(return_value=False)): + assert not opts.get("ssh_cli_tgt") + client = ssh.SSH(opts) + assert client.parse_tgt["hostname"] == host + assert client.parse_tgt["user"] == user.split("@")[0] + assert opts.get("ssh_cli_tgt") == user + host + + +def test_parse_tgt_no_user(opts): + """ + test parse_tgt when only the host set on + the ssh cli tgt + """ + host = "localhost" + opts["ssh_user"] = "ssh-usr" + opts["tgt"] = host + + with patch("salt.utils.network.is_reachable_host", MagicMock(return_value=False)): + assert not opts.get("ssh_cli_tgt") + client = ssh.SSH(opts) + assert client.parse_tgt["hostname"] == host + assert client.parse_tgt["user"] == opts["ssh_user"] + assert opts.get("ssh_cli_tgt") == host + + +def test_extra_filerefs(tmp_path, opts): + """ + test "extra_filerefs" are not excluded from kwargs + when preparing the SSH opts + """ + ssh_opts = { + "eauth": "auto", + "username": "test", + "password": "test", + "client": "ssh", + "tgt": "localhost", + "fun": "test.ping", + "ssh_port": 22, + "extra_filerefs": "salt://foobar", + } + roster = str(tmp_path / "roster") + client = salt.client.ssh.client.SSHClient(mopts=opts, disable_custom_roster=True) + with patch("salt.roster.get_roster_file", MagicMock(return_value=roster)): + ssh_obj = client._prep_ssh(**ssh_opts) + assert ssh_obj.opts.get("extra_filerefs", None) == "salt://foobar" + + +def test_key_deploy_permission_denied_scp(tmp_path, opts): + """ + test "key_deploy" function when + permission denied authentication error + when attempting to use scp to copy file + to target + """ + host = "localhost" + passwd = "password" + usr = "ssh-usr" + opts["ssh_user"] = usr + opts["tgt"] = host + + ssh_ret = { + host: { + "stdout": "\rroot@192.168.1.187's password: \n\rroot@192.168.1.187's password: \n\rroot@192.168.1.187's password: \n", + "stderr": "Permission denied, please try again.\nPermission denied, please try again.\nroot@192.168.1.187: Permission denied (publickey,gssapi-keyex,gssapi-with-micimport pudb; pu.dbassword).\nscp: Connection closed\n", + "retcode": 255, + } + } + key_run_ret = { + "localhost": { + "jid": "20230922155652279959", + "return": "test", + "retcode": 0, + "id": "test", + "fun": "cmd.run", + "fun_args": ["echo test"], + } + } + patch_roster_file = patch("salt.roster.get_roster_file", MagicMock(return_value="")) + with patch_roster_file: + client = ssh.SSH(opts) + patch_input = patch("builtins.input", side_effect=["y"]) + patch_getpass = patch("getpass.getpass", return_value=["password"]) + mock_key_run = MagicMock(return_value=key_run_ret) + patch_key_run = patch("salt.client.ssh.SSH._key_deploy_run", mock_key_run) + with patch_input, patch_getpass, patch_key_run: + ret = client.key_deploy(host, ssh_ret) + assert mock_key_run.call_args_list[0][0] == ( + host, + {"passwd": [passwd], "host": host, "user": usr}, + True, + ) + assert ret == key_run_ret + assert mock_key_run.call_count == 1 + + +def test_key_deploy_permission_denied_file_scp(tmp_path, opts): + """ + test "key_deploy" function when permission denied + due to not having access to copy the file to the target + We do not want to deploy the key, because this is not + an authentication to the target error. + """ + host = "localhost" + passwd = "password" + usr = "ssh-usr" + opts["ssh_user"] = usr + opts["tgt"] = host + + mock_key_run = MagicMock(return_value=False) + patch_key_run = patch("salt.client.ssh.SSH._key_deploy_run", mock_key_run) + + ssh_ret = { + "localhost": { + "stdout": "", + "stderr": 'scp: dest open "/tmp/preflight.sh": Permission denied\nscp: failed to upload file /etc/salt/preflight.sh to /tmp/preflight.sh\n', + "retcode": 1, + } + } + patch_roster_file = patch("salt.roster.get_roster_file", MagicMock(return_value="")) + with patch_roster_file: + client = ssh.SSH(opts) + ret = client.key_deploy(host, ssh_ret) + assert ret == ssh_ret + assert mock_key_run.call_count == 0 + + +def test_key_deploy_no_permission_denied(tmp_path, opts): + """ + test "key_deploy" function when no permission denied + is returned + """ + host = "localhost" + passwd = "password" + usr = "ssh-usr" + opts["ssh_user"] = usr + opts["tgt"] = host + + mock_key_run = MagicMock(return_value=False) + patch_key_run = patch("salt.client.ssh.SSH._key_deploy_run", mock_key_run) + ssh_ret = { + "localhost": { + "jid": "20230922161937998385", + "return": "test", + "retcode": 0, + "id": "test", + "fun": "cmd.run", + "fun_args": ["echo test"], + } + } + patch_roster_file = patch("salt.roster.get_roster_file", MagicMock(return_value="")) + with patch_roster_file: + client = ssh.SSH(opts) + ret = client.key_deploy(host, ssh_ret) + assert ret == ssh_ret + assert mock_key_run.call_count == 0 From a05bd144db17bf50bb4e9ac1e97bb10733aae235 Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Thu, 28 Sep 2023 11:19:03 -0600 Subject: [PATCH 20/54] Do not run ssh integration tests on windows --- tests/pytests/integration/ssh/test_pre_flight.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/pytests/integration/ssh/test_pre_flight.py b/tests/pytests/integration/ssh/test_pre_flight.py index 0f97424b5c83..4cbe07900199 100644 --- a/tests/pytests/integration/ssh/test_pre_flight.py +++ b/tests/pytests/integration/ssh/test_pre_flight.py @@ -2,10 +2,14 @@ Test for ssh_pre_flight roster option """ -import grp +try: + import grp + import pwd +except ImportError: + # windows stacktraces on import of these modules + pass import os import pathlib -import pwd import shutil import subprocess @@ -14,6 +18,8 @@ import yaml from saltfactories.utils import random_string +pytestmark = pytest.mark.skip_on_windows(reason="Salt-ssh not available on Windows") + def _custom_roster(roster_file, roster_data): with salt.utils.files.fopen(roster_file, "r") as fp: From e85ff36292cd0628eafc0090b574650fd706d753 Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Fri, 29 Sep 2023 11:24:55 -0600 Subject: [PATCH 21/54] Fix ssh tests on 3005 --- tests/pytests/unit/client/ssh/test_ssh.py | 87 ++++++++--------------- tests/unit/client/test_ssh.py | 66 ----------------- 2 files changed, 28 insertions(+), 125 deletions(-) diff --git a/tests/pytests/unit/client/ssh/test_ssh.py b/tests/pytests/unit/client/ssh/test_ssh.py index 07f70c424376..6e487651ae2c 100644 --- a/tests/pytests/unit/client/ssh/test_ssh.py +++ b/tests/pytests/unit/client/ssh/test_ssh.py @@ -1,11 +1,8 @@ -import os - import pytest import salt.client.ssh.client import salt.utils.msgpack from salt.client import ssh from tests.support.mock import MagicMock, patch -from tests.support.runtests import RUNTIME_VARS pytestmark = [ pytest.mark.skip_if_binaries_missing("ssh", "ssh-keygen", check_all=True), @@ -42,6 +39,34 @@ def ssh_target(tmp_path): return opts, target +@pytest.fixture +def opts(tmp_path, temp_salt_master): + updated_values = { + "argv": [ + "ssh.set_auth_key", + "root", + "hobn+amNAXSBTiOXEqlBjGB...rsa root@master", + ], + "__role": "master", + "cachedir": str(tmp_path), + "extension_modules": str(tmp_path / "extmods"), + "selected_target_option": "glob", + } + + opts = temp_salt_master.config.copy() + opts.update(updated_values) + return opts + + +@pytest.fixture +def roster(): + return """ + localhost: + host: 127.0.0.1 + port: 2827 + """ + + @pytest.mark.skip_on_windows(reason="SSH_PY_SHIM not set on windows") def test_cmd_block_python_version_error(ssh_target): opts = ssh_target[0] @@ -140,62 +165,6 @@ def test_ssh_kwargs(test_opts): assert ssh_obj.opts.get(opt_key, None) == opt_value -@pytest.mark.skip_on_windows(reason="pre_flight_args is not implemented for Windows") -@pytest.mark.parametrize( - "test_opts", - [ - (None, ""), - ("one", " one"), - ("one two", " one two"), - ("| touch /tmp/test", " '|' touch /tmp/test"), - ("; touch /tmp/test", " ';' touch /tmp/test"), - (["one"], " one"), - (["one", "two"], " one two"), - (["one", "two", "| touch /tmp/test"], " one two '| touch /tmp/test'"), - (["one", "two", "; touch /tmp/test"], " one two '; touch /tmp/test'"), - ], -) -def test_run_with_pre_flight_args(ssh_target, test_opts): - """ - test Single.run() when ssh_pre_flight is set - and script successfully runs - """ - opts = ssh_target[0] - target = ssh_target[1] - - opts["ssh_run_pre_flight"] = True - target["ssh_pre_flight"] = os.path.join(RUNTIME_VARS.TMP, "script.sh") - - if test_opts[0] is not None: - target["ssh_pre_flight_args"] = test_opts[0] - expected_args = test_opts[1] - - single = ssh.Single( - opts, - opts["argv"], - "localhost", - mods={}, - fsclient=None, - thin=salt.utils.thin.thin_path(opts["cachedir"]), - mine=False, - **target - ) - - cmd_ret = ("Success", "", 0) - mock_cmd = MagicMock(return_value=cmd_ret) - mock_exec_cmd = MagicMock(return_value=("", "", 0)) - patch_cmd = patch("salt.client.ssh.Single.cmd_block", mock_cmd) - patch_exec_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_exec_cmd) - patch_shell_send = patch("salt.client.ssh.shell.Shell.send", return_value=None) - patch_os = patch("os.path.exists", side_effect=[True]) - - with patch_os, patch_cmd, patch_exec_cmd, patch_shell_send: - ret = single.run() - assert mock_exec_cmd.mock_calls[0].args[ - 0 - ] == "/bin/sh '/tmp/script.sh'{}".format(expected_args) - - def test_expand_target_dns(opts, roster): """ test expand_target when target is root@ diff --git a/tests/unit/client/test_ssh.py b/tests/unit/client/test_ssh.py index 00313ed55f19..64ba9e22e141 100644 --- a/tests/unit/client/test_ssh.py +++ b/tests/unit/client/test_ssh.py @@ -399,72 +399,6 @@ def test_execute_script(self): call("rm '{}'".format(script)), ] == mock_cmd.call_args_list - def test_shim_cmd(self): - """ - test Single.shim_cmd() - """ - single = ssh.Single( - self.opts, - self.opts["argv"], - "localhost", - mods={}, - fsclient=None, - thin=salt.utils.thin.thin_path(self.opts["cachedir"]), - mine=False, - winrm=False, - tty=True, - **self.target - ) - - exp_ret = ("Success", "", 0) - mock_cmd = MagicMock(return_value=exp_ret) - patch_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_cmd) - patch_send = patch("salt.client.ssh.shell.Shell.send", return_value=("", "", 0)) - patch_rand = patch("os.urandom", return_value=b"5\xd9l\xca\xc2\xff") - - with patch_cmd, patch_rand, patch_send: - ret = single.shim_cmd(cmd_str="echo test") - assert ret == exp_ret - assert [ - call("/bin/sh '.35d96ccac2ff.py'"), - call("rm '.35d96ccac2ff.py'"), - ] == mock_cmd.call_args_list - - def test_run_ssh_pre_flight(self): - """ - test Single.run_ssh_pre_flight - """ - target = self.target.copy() - target["ssh_pre_flight"] = os.path.join(RUNTIME_VARS.TMP, "script.sh") - single = ssh.Single( - self.opts, - self.opts["argv"], - "localhost", - mods={}, - fsclient=None, - thin=salt.utils.thin.thin_path(self.opts["cachedir"]), - mine=False, - winrm=False, - tty=True, - **target - ) - - exp_ret = ("Success", "", 0) - mock_cmd = MagicMock(return_value=exp_ret) - patch_cmd = patch("salt.client.ssh.shell.Shell.exec_cmd", mock_cmd) - patch_send = patch("salt.client.ssh.shell.Shell.send", return_value=exp_ret) - exp_tmp = os.path.join( - tempfile.gettempdir(), os.path.basename(target["ssh_pre_flight"]) - ) - - with patch_cmd, patch_send: - ret = single.run_ssh_pre_flight() - assert ret == exp_ret - assert [ - call("/bin/sh '{}'".format(exp_tmp)), - call("rm '{}'".format(exp_tmp)), - ] == mock_cmd.call_args_list - @skipIf(salt.utils.platform.is_windows(), "SSH_PY_SHIM not set on windows") def test_cmd_run_set_path(self): """ From 22afb445651652128265d81b893d2e5898ecb1bb Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Mon, 2 Oct 2023 12:51:49 -0600 Subject: [PATCH 22/54] Fix pre_flight tests on darwin --- .../integration/ssh/test_pre_flight.py | 28 ++++++++++++++++--- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/tests/pytests/integration/ssh/test_pre_flight.py b/tests/pytests/integration/ssh/test_pre_flight.py index 4cbe07900199..ed2dfeee61c5 100644 --- a/tests/pytests/integration/ssh/test_pre_flight.py +++ b/tests/pytests/integration/ssh/test_pre_flight.py @@ -12,9 +12,11 @@ import pathlib import shutil import subprocess +import tempfile import pytest import salt.utils.files +import salt.utils.platform import yaml from saltfactories.utils import random_string @@ -240,15 +242,22 @@ def test_ssh_pre_flight_perms(salt_ssh_cli, caplog, _create_roster, account): on target when user sets wrong permissions (777) on ssh_pre_flight script. """ + is_darwin = salt.utils.platform.is_darwin() try: script = pathlib.Path("/tmp", "itworked") preflight = pathlib.Path("/ssh_pre_flight.sh") + if is_darwin: + preflight = pathlib.Path("/etc/ssh_pre_flight.sh") preflight.write_text(f"touch {str(script)}") tmp_preflight = pathlib.Path("/tmp", preflight.name) + if is_darwin: + tmp_preflight = pathlib.Path(tempfile.gettempdir(), preflight.name) _custom_roster(salt_ssh_cli.roster_file, {"ssh_pre_flight": str(preflight)}) preflight.chmod(0o0777) run_script = pathlib.Path("/run_script") + if is_darwin: + run_script = pathlib.Path("/etc/run_script") run_script.write_text( f""" x=1 @@ -291,12 +300,16 @@ def test_ssh_run_pre_flight_target_file_perms(salt_ssh_cli, _create_roster, tmp_ test ssh_pre_flight to ensure the target pre flight script has the correct perms """ + is_darwin = salt.utils.platform.is_darwin() + stat_cmd = 'stat -L -c "%a %G %U"' + if is_darwin: + stat_cmd = 'stat -L -f"%p %g %u"' perms_file = tmp_path / "perms" with salt.utils.files.fopen(_create_roster["data"]["ssh_pre_flight"], "w") as fp_: fp_.write( f""" SCRIPT_NAME=$0 - stat -L -c "%a %G %U" $SCRIPT_NAME > {perms_file} + {stat_cmd} $SCRIPT_NAME > {perms_file} """ ) @@ -307,8 +320,15 @@ def test_ssh_run_pre_flight_target_file_perms(salt_ssh_cli, _create_roster, tmp_ assert ret.returncode == 0 with salt.utils.files.fopen(perms_file) as fp: data = fp.read() - assert data.split()[0] == "600" + if is_darwin: + assert data.split()[0] == "100600" + else: + assert data.split()[0] == "600" uid = os.getuid() gid = os.getgid() - assert data.split()[1] == grp.getgrgid(gid).gr_name - assert data.split()[2] == pwd.getpwuid(uid).pw_name + if is_darwin: + assert int(data.split()[1]) == gid + assert int(data.split()[2]) == uid + else: + assert data.split()[1] == grp.getgrgid(gid).gr_name + assert data.split()[2] == pwd.getpwuid(uid).pw_name From 71589535e87e3e326577560fdcb7bd878c47442c Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Tue, 3 Oct 2023 13:49:41 -0600 Subject: [PATCH 23/54] Remove filename from logs --- salt/client/ssh/__init__.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/salt/client/ssh/__init__.py b/salt/client/ssh/__init__.py index 1c25942d90a6..ff484597b256 100644 --- a/salt/client/ssh/__init__.py +++ b/salt/client/ssh/__init__.py @@ -1025,20 +1025,18 @@ def run_ssh_pre_flight(self): except OSError as err: return ( "", - f"Could not copy pre flight script {self.ssh_pre_flight} to temporary path", + "Could not copy pre flight script to temporary path", 1, ) target_script = f".{pathlib.Path(temp.name).name}" - log.trace(f"Copying the pre flight script {self.ssh_pre_file} to target") + log.trace("Copying the pre flight script to target") stdout, stderr, retcode = self.shell.send(temp.name, target_script) if retcode != 0: # We could not copy the script to the target - log.error( - f"Could not copy the pre flight script {self.ssh_pre_file} to target" - ) + log.error("Could not copy the pre flight script to target") return stdout, stderr, retcode - log.trace(f"Executing the pre flight script {self.ssh_pre_file} on target") + log.trace("Executing the pre flight script on target") return self.execute_script( target_script, script_args=self.ssh_pre_flight_args ) @@ -1423,7 +1421,7 @@ def shim_cmd(self, cmd_str, extension="py"): shim_tmp_file.name, target_shim_file, makedirs=True ) if retcode != 0: - log.error(f"Could not copy the shim script to target") + log.error("Could not copy the shim script to target") return stdout, stderr, retcode # Remove our shim file From 805a8deb74e35dde23b906ecacccba852a707a73 Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Tue, 3 Oct 2023 13:50:50 -0600 Subject: [PATCH 24/54] Fix logs in ssh tests --- tests/pytests/unit/client/ssh/test_single.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/tests/pytests/unit/client/ssh/test_single.py b/tests/pytests/unit/client/ssh/test_single.py index 912c8cccec0c..68457147e6f4 100644 --- a/tests/pytests/unit/client/ssh/test_single.py +++ b/tests/pytests/unit/client/ssh/test_single.py @@ -410,11 +410,8 @@ def test_run_ssh_pre_flight_no_connect(opts, target, tmp_path, caplog): with caplog.at_level(logging.TRACE): with patch_send, patch_exec_cmd, patch_tmp: ret = single.run_ssh_pre_flight() - assert f"Copying the pre flight script {pre_flight.name}" in caplog.text - assert ( - f"Could not copy the pre flight script {pre_flight.name} to target" - in caplog.text - ) + assert "Copying the pre flight script" in caplog.text + assert "Could not copy the pre flight script to target" in caplog.text assert ret == ret_send assert send_mock.call_args_list[0][0][0] == tmp_file target_script = send_mock.call_args_list[0][0][1] @@ -505,7 +502,7 @@ def test_run_ssh_pre_flight_connect(opts, target, tmp_path, caplog): with patch_send, patch_exec_cmd, patch_tmp: ret = single.run_ssh_pre_flight() - assert f"Executing the pre flight script {pre_flight.name} on target" in caplog.text + assert "Executing the pre flight script on target" in caplog.text assert ret == ret_exec_cmd assert send_mock.call_args_list[0][0][0] == tmp_file target_script = send_mock.call_args_list[0][0][1] @@ -550,7 +547,7 @@ def test_run_ssh_pre_flight_shutil_fails(opts, target, tmp_path): assert ret == ( "", - f"Could not copy pre flight script {pre_flight} to temporary path", + "Could not copy pre flight script to temporary path", 1, ) mock_exec_cmd.assert_not_called() From f805bc98af3394ddc0d289d428afa854abdb2ed6 Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Thu, 5 Oct 2023 08:03:31 -0600 Subject: [PATCH 25/54] [3005.4] Update amazon linux 2 AMI --- cicd/amis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/amis.yml b/cicd/amis.yml index 47f6691883fd..5197c9b51e47 100644 --- a/cicd/amis.yml +++ b/cicd/amis.yml @@ -1,5 +1,5 @@ alma-8-x86_64: ami-0594d7cf435c3d2f7 -amazon-2-x86_64: ami-0695f87baa5b5ce15 +amazon-2-x86_64: ami-09682e96e7785642d arch-lts-x86_64: ami-018a6b479dcb87969 centos-7-x86_64: ami-05764f27cdf8f99e0 centosstream-8-x86_64: ami-02fc0a57f9b1fa4ed From e31b6e21b44c9f33842ec4e1ebed7362a46b5a8d Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Thu, 5 Oct 2023 17:53:01 -0600 Subject: [PATCH 26/54] Set version for redis docker tests --- tests/pytests/functional/cache/test_redis.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/pytests/functional/cache/test_redis.py b/tests/pytests/functional/cache/test_redis.py index 9b3d5aa27e99..d56b0c864294 100644 --- a/tests/pytests/functional/cache/test_redis.py +++ b/tests/pytests/functional/cache/test_redis.py @@ -22,7 +22,7 @@ def redis_container(salt_factories): container = salt_factories.get_container( random_string("redis-server-"), - image_name="redis:alpine", + image_name="redis:7.2.0-alpine", container_run_kwargs={"ports": {"6379/tcp": None}}, ) with container.started() as factory: From 1175529e25e3369ab177c82cc25feb83dd59d428 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Sun, 1 Oct 2023 21:19:20 +0100 Subject: [PATCH 27/54] Write directly to `$GITHUB_OUTPUT` Signed-off-by: Pedro Algarvio --- .github/workflows/test-action-macos.yml | 4 +--- .github/workflows/test-action.yml | 4 +--- tools/ci.py | 19 ++++++++++++++----- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/.github/workflows/test-action-macos.yml b/.github/workflows/test-action-macos.yml index 18f413ca8743..217dbdacc06f 100644 --- a/.github/workflows/test-action-macos.yml +++ b/.github/workflows/test-action-macos.yml @@ -81,9 +81,7 @@ jobs: - name: Generate Test Matrix id: generate-matrix run: | - TEST_MATRIX=$(tools ci matrix ${{ inputs.distro-slug }}) - echo "$TEST_MATRIX" - echo "matrix=$TEST_MATRIX" >> "$GITHUB_OUTPUT" + tools ci matrix ${{ inputs.distro-slug }} - name: Generate Transport Matrix id: generate-transport-matrix diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml index 31945d0a8a44..f794ee07908c 100644 --- a/.github/workflows/test-action.yml +++ b/.github/workflows/test-action.yml @@ -81,9 +81,7 @@ jobs: - name: Generate Test Matrix id: generate-matrix run: | - TEST_MATRIX=$(tools ci matrix ${{ inputs.distro-slug }}) - echo "$TEST_MATRIX" - echo "matrix=$TEST_MATRIX" >> "$GITHUB_OUTPUT" + tools ci matrix ${{ inputs.distro-slug }} - name: Generate Transport Matrix id: generate-transport-matrix diff --git a/tools/ci.py b/tools/ci.py index 08264bb4e509..c62850ddbec0 100644 --- a/tools/ci.py +++ b/tools/ci.py @@ -633,7 +633,14 @@ def matrix(ctx: Context, distro_slug: str): if "macos" in distro_slug and chunk == "scenarios": continue _matrix.append({"transport": transport, "tests-chunk": chunk}) - print(json.dumps(_matrix)) + + ctx.info("Generated matrix:") + ctx.print(_matrix, soft_wrap=True) + + github_output = os.environ.get("GITHUB_OUTPUT") + if github_output is not None: + with open(github_output, "a", encoding="utf-8") as wfh: + wfh.write(f"matrix={json.dumps(_matrix)}\n") ctx.exit(0) @@ -694,7 +701,7 @@ def pkg_matrix( ctx.warn("The 'GITHUB_OUTPUT' variable is not set.") if TYPE_CHECKING: assert testing_releases - matrix = [] + _matrix = [] sessions = [ "install", ] @@ -741,18 +748,20 @@ def pkg_matrix( if version < tools.utils.Version("3006.0") ] for version in versions: - matrix.append( + _matrix.append( { "test-chunk": session, "version": version, } ) + if distro_slug.startswith("windows"): + _matrix[-1]["pkg-type"] = pkg_type.upper() ctx.info("Generated matrix:") - ctx.print(matrix, soft_wrap=True) + ctx.print(_matrix, soft_wrap=True) if github_output is not None: with open(github_output, "a", encoding="utf-8") as wfh: - wfh.write(f"matrix={json.dumps(matrix)}\n") + wfh.write(f"matrix={json.dumps(_matrix)}\n") ctx.exit(0) From 57d138ab32c44cbf07211aba011c7c9248d400bc Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 3 Oct 2023 13:55:03 +0100 Subject: [PATCH 28/54] Upgrade to `mock==5.1.0` Signed-off-by: Pedro Algarvio --- requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 3 +-- requirements/static/ci/py3.10/freebsd.txt | 3 +-- requirements/static/ci/py3.10/linux.txt | 3 +-- requirements/static/ci/py3.10/windows.txt | 3 +-- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 3 +-- requirements/static/ci/py3.7/linux.txt | 3 +-- requirements/static/ci/py3.7/windows.txt | 3 +-- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 3 +-- requirements/static/ci/py3.8/linux.txt | 3 +-- requirements/static/ci/py3.8/windows.txt | 3 +-- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 3 +-- requirements/static/ci/py3.9/freebsd.txt | 3 +-- requirements/static/ci/py3.9/linux.txt | 3 +-- requirements/static/ci/py3.9/windows.txt | 3 +-- tests/support/mock.py | 1 + 19 files changed, 19 insertions(+), 32 deletions(-) diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index 3760311cf5c9..aaa9eeab32d9 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -502,7 +502,7 @@ markupsafe==2.1.2 # mako # moto # werkzeug -mock==4.0.3 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.8.0 # via diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 3c82e233bf8c..26f65c085590 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -505,7 +505,7 @@ markupsafe==2.1.2 # werkzeug mercurial==6.0.1 # via -r requirements/static/ci/darwin.in -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.2.0 # via @@ -809,7 +809,6 @@ six==1.16.0 # jsonschema # junos-eznc # kubernetes - # mock # msrestazure # ncclient # paramiko diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index f2ce437f32f3..0954e12ecefa 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -503,7 +503,7 @@ markupsafe==2.1.2 # werkzeug mercurial==6.0.1 # via -r requirements/static/ci/freebsd.in -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==5.0.0 # via @@ -809,7 +809,6 @@ six==1.16.0 # junos-eznc # kazoo # kubernetes - # mock # more-itertools # msrestazure # ncclient diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index d313d2a4d4ee..6d6a7d7eb7ce 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -518,7 +518,7 @@ markupsafe==2.1.2 # werkzeug mercurial==6.0.1 # via -r requirements/static/ci/linux.in -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==5.0.0 # via @@ -846,7 +846,6 @@ six==1.16.0 # junos-eznc # kazoo # kubernetes - # mock # more-itertools # ncclient # paramiko diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index a24a499a4940..e840fcba26ff 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -172,7 +172,7 @@ markupsafe==2.1.1 # mako # moto # werkzeug -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.2.0 # via @@ -362,7 +362,6 @@ six==1.15.0 # google-auth # jsonschema # kubernetes - # mock # python-dateutil # pyvmomi # pywinrm diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 3f7b17caf101..1994333e54b5 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -529,7 +529,7 @@ markupsafe==2.1.2 # mako # moto # werkzeug -mock==4.0.3 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.8.0 # via diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 1e7afdb6cd2d..dabd10cc635b 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -527,7 +527,7 @@ markupsafe==2.1.2 # werkzeug mercurial==6.0.1 # via -r requirements/static/ci/freebsd.in -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==5.0.0 # via @@ -852,7 +852,6 @@ six==1.16.0 # junos-eznc # kazoo # kubernetes - # mock # more-itertools # msrestazure # ncclient diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index f3199f753cd2..0ab876ce56ee 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -542,7 +542,7 @@ markupsafe==2.1.2 # werkzeug mercurial==6.0.1 # via -r requirements/static/ci/linux.in -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==5.0.0 # via @@ -891,7 +891,6 @@ six==1.16.0 # junos-eznc # kazoo # kubernetes - # mock # more-itertools # ncclient # paramiko diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 7fc815947766..fdd9bd2c9c79 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -186,7 +186,7 @@ markupsafe==2.1.2 # mako # moto # werkzeug -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.2.0 # via @@ -376,7 +376,6 @@ six==1.15.0 # google-auth # jsonschema # kubernetes - # mock # python-dateutil # pyvmomi # pywinrm diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 26e8ac212c72..8c140ec29367 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -518,7 +518,7 @@ markupsafe==2.1.2 # mako # moto # werkzeug -mock==4.0.3 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.8.0 # via diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index e0ac76d3098b..9e558df206db 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -517,7 +517,7 @@ markupsafe==2.1.2 # werkzeug mercurial==6.0.1 # via -r requirements/static/ci/freebsd.in -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==5.0.0 # via @@ -842,7 +842,6 @@ six==1.16.0 # junos-eznc # kazoo # kubernetes - # mock # more-itertools # msrestazure # ncclient diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 6a2e2c8af41d..2784ec6a38f3 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -532,7 +532,7 @@ markupsafe==2.1.2 # werkzeug mercurial==6.0.1 # via -r requirements/static/ci/linux.in -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==5.0.0 # via @@ -879,7 +879,6 @@ six==1.16.0 # junos-eznc # kazoo # kubernetes - # mock # more-itertools # ncclient # paramiko diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 6a23c545a54f..702f54718911 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -174,7 +174,7 @@ markupsafe==2.1.2 # mako # moto # werkzeug -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.2.0 # via @@ -364,7 +364,6 @@ six==1.15.0 # google-auth # jsonschema # kubernetes - # mock # python-dateutil # pyvmomi # pywinrm diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 34d8818c179b..7ea58dcb8abf 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -518,7 +518,7 @@ markupsafe==2.1.2 # mako # moto # werkzeug -mock==4.0.3 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.8.0 # via diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index a9904314b470..724fb21f85a0 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -519,7 +519,7 @@ markupsafe==2.1.2 # werkzeug mercurial==6.0.1 # via -r requirements/static/ci/darwin.in -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.2.0 # via @@ -845,7 +845,6 @@ six==1.16.0 # jsonschema # junos-eznc # kubernetes - # mock # msrestazure # ncclient # paramiko diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index c6c242c3d1fd..cdaa74f68a1f 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -517,7 +517,7 @@ markupsafe==2.1.2 # werkzeug mercurial==6.0.1 # via -r requirements/static/ci/freebsd.in -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==5.0.0 # via @@ -845,7 +845,6 @@ six==1.16.0 # junos-eznc # kazoo # kubernetes - # mock # more-itertools # msrestazure # ncclient diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index eeb78f5534d1..9c340545d4b6 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -534,7 +534,7 @@ markupsafe==2.1.2 # werkzeug mercurial==6.0.1 # via -r requirements/static/ci/linux.in -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==5.0.0 # via @@ -884,7 +884,6 @@ six==1.16.0 # junos-eznc # kazoo # kubernetes - # mock # more-itertools # ncclient # paramiko diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 8699cd051249..168916f60629 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -174,7 +174,7 @@ markupsafe==2.1.2 # mako # moto # werkzeug -mock==3.0.5 +mock==5.1.0 # via -r requirements/pytest.txt more-itertools==8.2.0 # via @@ -365,7 +365,6 @@ six==1.15.0 # google-auth # jsonschema # kubernetes - # mock # python-dateutil # pyvmomi # pywinrm diff --git a/tests/support/mock.py b/tests/support/mock.py index 2256ad8f5da9..c050d0bf4e65 100644 --- a/tests/support/mock.py +++ b/tests/support/mock.py @@ -27,6 +27,7 @@ ANY, DEFAULT, FILTER_DIR, + AsyncMock, MagicMock, Mock, NonCallableMagicMock, From 0823ea818ea7b7fbec0f8fdd322ef2ea0706c4b3 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 3 Oct 2023 13:57:07 +0100 Subject: [PATCH 29/54] Properly mock async method Signed-off-by: Pedro Algarvio --- .../unit/fileclient/test_fileclient.py | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/tests/pytests/unit/fileclient/test_fileclient.py b/tests/pytests/unit/fileclient/test_fileclient.py index 20eebb2bd51e..0b020a4fd738 100644 --- a/tests/pytests/unit/fileclient/test_fileclient.py +++ b/tests/pytests/unit/fileclient/test_fileclient.py @@ -1,8 +1,6 @@ """ Tests for the salt fileclient """ - - import errno import logging import os @@ -11,7 +9,7 @@ import salt.utils.files from salt import fileclient -from tests.support.mock import MagicMock, Mock, patch +from tests.support.mock import AsyncMock, MagicMock, Mock, patch log = logging.getLogger(__name__) @@ -125,20 +123,17 @@ def test_fileclient_timeout(minion_opts, master_opts): master_ip="localhost", master_port=minion_opts["master_port"] ) - async def mock_auth(): - return True - def mock_dumps(*args): return b"meh" with fileclient.get_file_client(minion_opts) as client: # Authenticate must return true - client.auth.authenticate = mock_auth - # Crypticle must return bytes to pass to transport.RequestClient.send - client.auth._crypticle = Mock() - client.auth._crypticle.dumps = mock_dumps - with pytest.raises(salt.exceptions.SaltClientError): - client.file_list() + with patch.object(client.auth, "authenticate", AsyncMock(return_value=True)): + # Crypticle must return bytes to pass to transport.RequestClient.send + client.auth._crypticle = Mock() + client.auth._crypticle.dumps = mock_dumps + with pytest.raises(salt.exceptions.SaltClientError): + client.file_list() def test_cache_skips_makedirs_on_race_condition(client_opts): From 963f1ce6691870e7e7076e53b75c990ed17b519e Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 13 Jun 2023 07:37:19 +0100 Subject: [PATCH 30/54] Fix mock calls Signed-off-by: Pedro Algarvio --- tests/pytests/unit/modules/test_aptpkg.py | 12 +++++----- .../pytests/unit/modules/test_linux_sysctl.py | 8 +++---- tests/pytests/unit/modules/test_win_ip.py | 4 ++-- tests/pytests/unit/test_master.py | 2 +- tests/pytests/unit/utils/event/test_event.py | 24 +++++++++---------- tests/unit/modules/test_nilrt_ip.py | 4 ++-- .../unit/netapi/rest_tornado/test_saltnado.py | 22 +++++++---------- 7 files changed, 35 insertions(+), 41 deletions(-) diff --git a/tests/pytests/unit/modules/test_aptpkg.py b/tests/pytests/unit/modules/test_aptpkg.py index 33d976b84279..9a812d817ced 100644 --- a/tests/pytests/unit/modules/test_aptpkg.py +++ b/tests/pytests/unit/modules/test_aptpkg.py @@ -1298,17 +1298,17 @@ def test_call_apt_dpkg_lock(): ] cmd_mock = MagicMock(side_effect=cmd_side_effect) - cmd_call = ( + cmd_call = [ call( ["dpkg", "-l", "python"], - env={}, - ignore_retcode=False, output_loglevel="quiet", python_shell=True, + env={}, + ignore_retcode=False, username="Darth Vader", ), - ) - expected_calls = [cmd_call * 5] + ] + expected_calls = cmd_call * 5 with patch.dict( aptpkg.__salt__, @@ -1328,7 +1328,7 @@ def test_call_apt_dpkg_lock(): # We should attempt to call the cmd 5 times assert cmd_mock.call_count == 5 - cmd_mock.has_calls(expected_calls) + cmd_mock.assert_has_calls(expected_calls) def test_services_need_restart_checkrestart_missing(): diff --git a/tests/pytests/unit/modules/test_linux_sysctl.py b/tests/pytests/unit/modules/test_linux_sysctl.py index 0bdd24039d77..6b0875bc4602 100644 --- a/tests/pytests/unit/modules/test_linux_sysctl.py +++ b/tests/pytests/unit/modules/test_linux_sysctl.py @@ -215,7 +215,7 @@ def test_persist_no_conf_failure(): ): with pytest.raises(CommandExecutionError): linux_sysctl.persist("net.ipv4.ip_forward", 42, config=None) - fopen_mock.called_once() + fopen_mock.assert_called_once() def test_persist_no_conf_success(): @@ -353,7 +353,7 @@ def test_persist_value_with_spaces_already_set(tmp_path): """ config = str(tmp_path / "existing_sysctl_with_spaces.conf") value = "|/usr/share/kdump-tools/dump-core %p %s %t %e" - config_file_content = "kernel.core_pattern = {}\n".format(value) + config_file_content = f"kernel.core_pattern = {value}\n" with fopen(config, "w", encoding="utf-8") as config_file: config_file.write(config_file_content) mock_run = MagicMock(return_value=value) @@ -383,7 +383,7 @@ def test_persist_value_with_spaces_already_configured(tmp_path): """ config = str(tmp_path / "existing_sysctl_with_spaces.conf") value = "|/usr/share/kdump-tools/dump-core %p %s %t %e" - config_file_content = "kernel.core_pattern = {}\n".format(value) + config_file_content = f"kernel.core_pattern = {value}\n" with fopen(config, "w", encoding="utf-8") as config_file: config_file.write(config_file_content) mock_run = MagicMock(return_value="") @@ -451,7 +451,7 @@ def test_persist_value_with_spaces_update_config(tmp_path): assert os.path.isfile(config) with fopen(config, encoding="utf-8") as config_file: written = config_file.read() - assert written == "kernel.core_pattern = {}\n".format(value) + assert written == f"kernel.core_pattern = {value}\n" def test_persist_value_with_spaces_new_file(tmp_path): diff --git a/tests/pytests/unit/modules/test_win_ip.py b/tests/pytests/unit/modules/test_win_ip.py index 38eb6b1ac5f1..94a3fe7ca938 100644 --- a/tests/pytests/unit/modules/test_win_ip.py +++ b/tests/pytests/unit/modules/test_win_ip.py @@ -151,7 +151,7 @@ def test_enable(): ): assert win_ip.enable("Ethernet") - mock_cmd.called_once_with( + mock_cmd.assert_called_once_with( [ "netsh", "interface", @@ -180,7 +180,7 @@ def test_disable(): ): assert win_ip.disable("Ethernet") - mock_cmd.called_once_with( + mock_cmd.assert_called_once_with( [ "netsh", "interface", diff --git a/tests/pytests/unit/test_master.py b/tests/pytests/unit/test_master.py index cd11d217c793..502767d3e343 100644 --- a/tests/pytests/unit/test_master.py +++ b/tests/pytests/unit/test_master.py @@ -60,7 +60,7 @@ def test_fileserver_duration(): end = time.time() # Interval is equal to timeout so the _do_update method will be called # one time. - update.called_once() + update.assert_called_once() # Timeout is 1 second duration = end - start if duration > 2 and salt.utils.platform.spawning_platform(): diff --git a/tests/pytests/unit/utils/event/test_event.py b/tests/pytests/unit/utils/event/test_event.py index e289e72dad03..f4b6c1599966 100644 --- a/tests/pytests/unit/utils/event/test_event.py +++ b/tests/pytests/unit/utils/event/test_event.py @@ -38,7 +38,7 @@ def sock_dir(tmp_path): def _assert_got_event(evt, data, msg=None, expected_failure=False): assert evt is not None, msg for key in data: - assert key in evt, "{}: Key {} missing".format(msg, key) + assert key in evt, f"{msg}: Key {key} missing" assertMsg = "{0}: Key {1} value mismatch, {2} != {3}" assertMsg = assertMsg.format(msg, key, data[key], evt[key]) if not expected_failure: @@ -59,8 +59,8 @@ def test_minion_event(sock_dir): :10 ] with salt.utils.event.MinionEvent(opts, listen=False) as me: - assert me.puburi == str(sock_dir / "minion_event_{}_pub.ipc".format(id_hash)) - assert me.pulluri == str(sock_dir / "minion_event_{}_pull.ipc".format(id_hash)) + assert me.puburi == str(sock_dir / f"minion_event_{id_hash}_pub.ipc") + assert me.pulluri == str(sock_dir / f"minion_event_{id_hash}_pull.ipc") def test_minion_event_tcp_ipc_mode(): @@ -73,8 +73,8 @@ def test_minion_event_tcp_ipc_mode(): def test_minion_event_no_id(sock_dir): with salt.utils.event.MinionEvent(dict(sock_dir=str(sock_dir)), listen=False) as me: id_hash = hashlib.sha256(salt.utils.stringutils.to_bytes("")).hexdigest()[:10] - assert me.puburi == str(sock_dir / "minion_event_{}_pub.ipc".format(id_hash)) - assert me.pulluri == str(sock_dir / "minion_event_{}_pull.ipc".format(id_hash)) + assert me.puburi == str(sock_dir / f"minion_event_{id_hash}_pub.ipc") + assert me.pulluri == str(sock_dir / f"minion_event_{id_hash}_pull.ipc") @pytest.mark.slow_test @@ -256,9 +256,9 @@ def test_event_many(sock_dir): with eventpublisher_process(str(sock_dir)): with salt.utils.event.MasterEvent(str(sock_dir), listen=True) as me: for i in range(500): - me.fire_event({"data": "{}".format(i)}, "testevents") + me.fire_event({"data": f"{i}"}, "testevents") evt = me.get_event(tag="testevents") - _assert_got_event(evt, {"data": "{}".format(i)}, "Event {}".format(i)) + _assert_got_event(evt, {"data": f"{i}"}, f"Event {i}") @pytest.mark.slow_test @@ -268,10 +268,10 @@ def test_event_many_backlog(sock_dir): with salt.utils.event.MasterEvent(str(sock_dir), listen=True) as me: # Must not exceed zmq HWM for i in range(500): - me.fire_event({"data": "{}".format(i)}, "testevents") + me.fire_event({"data": f"{i}"}, "testevents") for i in range(500): evt = me.get_event(tag="testevents") - _assert_got_event(evt, {"data": "{}".format(i)}, "Event {}".format(i)) + _assert_got_event(evt, {"data": f"{i}"}, f"Event {i}") # Test the fire_master function. As it wraps the underlying fire_event, @@ -300,7 +300,7 @@ def test_connect_pull_should_debug_log_on_StreamClosedError(): event = SaltEvent(node=None) with patch.object(event, "pusher") as mock_pusher: with patch.object( - salt.utils.event.log, "debug", auto_spec=True + salt.utils.event.log, "debug", autospec=True ) as mock_log_debug: mock_pusher.connect.side_effect = ( salt.ext.tornado.iostream.StreamClosedError @@ -317,10 +317,10 @@ def test_connect_pull_should_error_log_on_other_errors(error): event = SaltEvent(node=None) with patch.object(event, "pusher") as mock_pusher: with patch.object( - salt.utils.event.log, "debug", auto_spec=True + salt.utils.event.log, "debug", autospec=True ) as mock_log_debug: with patch.object( - salt.utils.event.log, "error", auto_spec=True + salt.utils.event.log, "error", autospec=True ) as mock_log_error: mock_pusher.connect.side_effect = error event.connect_pull() diff --git a/tests/unit/modules/test_nilrt_ip.py b/tests/unit/modules/test_nilrt_ip.py index 1261473edb45..50dc13b20b80 100644 --- a/tests/unit/modules/test_nilrt_ip.py +++ b/tests/unit/modules/test_nilrt_ip.py @@ -28,7 +28,7 @@ def test_change_state_down_state(self): "salt.modules.nilrt_ip._change_dhcp_config", return_value=True ) as change_dhcp_config_mock: assert nilrt_ip._change_state("test_interface", "down") - assert change_dhcp_config_mock.called_with("test_interface", False) + change_dhcp_config_mock.assert_called_with("test_interface", False) def test_change_state_up_state(self): """ @@ -42,7 +42,7 @@ def test_change_state_up_state(self): "salt.modules.nilrt_ip._change_dhcp_config", return_value=True ) as change_dhcp_config_mock: assert nilrt_ip._change_state("test_interface", "up") - assert change_dhcp_config_mock.called_with("test_interface") + change_dhcp_config_mock.assert_called_with("test_interface") def test_set_static_all_with_dns(self): """ diff --git a/tests/unit/netapi/rest_tornado/test_saltnado.py b/tests/unit/netapi/rest_tornado/test_saltnado.py index 7b63a65d4f30..c4758e700aba 100644 --- a/tests/unit/netapi/rest_tornado/test_saltnado.py +++ b/tests/unit/netapi/rest_tornado/test_saltnado.py @@ -647,7 +647,6 @@ def completer(): with patch.object( self.handler.application.event_listener, "get_event", - autospec=True, side_effect=fancy_get_event, ), patch.dict( self.handler.application.opts, @@ -698,7 +697,6 @@ def toggle_is_finished(*args, **kwargs): with patch.object( self.handler.application.event_listener, "get_event", - autospec=True, side_effect=fancy_get_event, ), patch.object( self.handler, @@ -729,8 +727,8 @@ def test_when_is_finished_then_all_collected_data_should_be_returned(self): { "tag": "fnord", "data": { - "return": "return from fnord {}".format(i), - "id": "fnord {}".format(i), + "return": f"return from fnord {i}", + "id": f"fnord {i}", }, } ) @@ -760,7 +758,6 @@ def toggle_is_finished(*args, **kwargs): with patch.object( self.handler.application.event_listener, "get_event", - autospec=True, side_effect=fancy_get_event, ), patch.object( self.handler, @@ -794,8 +791,8 @@ def test_when_is_timed_out_then_all_collected_data_should_be_returned(self): { "tag": "fnord", "data": { - "return": "return from fnord {}".format(i), - "id": "fnord {}".format(i), + "return": f"return from fnord {i}", + "id": f"fnord {i}", }, } ) @@ -820,7 +817,6 @@ def fancy_get_event(*args, **kwargs): with patch.object( self.handler.application.event_listener, "get_event", - autospec=True, side_effect=fancy_get_event, ), patch.dict( self.handler.application.opts, @@ -843,12 +839,12 @@ def test_when_minions_all_return_then_all_collected_data_should_be_returned(self completed_events = [salt.ext.tornado.gen.Future() for _ in range(10)] events_by_id = {} for i, event in enumerate(completed_events): - id_ = "fnord {}".format(i) + id_ = f"fnord {i}" events_by_id[id_] = event event.set_result( { "tag": "fnord", - "data": {"return": "return from {}".format(id_), "id": id_}, + "data": {"return": f"return from {id_}", "id": id_}, } ) expected_result = { @@ -878,7 +874,6 @@ def fancy_get_event(*args, **kwargs): with patch.object( self.handler.application.event_listener, "get_event", - autospec=True, side_effect=fancy_get_event, ), patch.dict( self.handler.application.opts, @@ -904,12 +899,12 @@ def test_when_min_wait_time_has_not_passed_then_disbatch_should_not_return_expec events_by_id = {} # Setup some real-enough looking return data for i, event in enumerate(completed_events): - id_ = "fnord {}".format(i) + id_ = f"fnord {i}" events_by_id[id_] = event event.set_result( { "tag": "fnord", - "data": {"return": "return from {}".format(id_), "id": id_}, + "data": {"return": f"return from {id_}", "id": id_}, } ) # Hard coded instead of dynamic to avoid potentially writing a test @@ -971,7 +966,6 @@ def fake_sleep(timer): with patch.object( self.handler.application.event_listener, "get_event", - autospec=True, side_effect=fancy_get_event, ), patch.object( self.handler, From c7fbbd42ec6e02d31dd5b46e54cb4d7cb9adb9a5 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 12 Sep 2023 13:04:03 +0100 Subject: [PATCH 31/54] The correct method is `assert_called_once_with` not `called_once_with` Signed-off-by: Pedro Algarvio --- tests/pytests/unit/modules/test_msteams.py | 2 +- tests/pytests/unit/states/test_file.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/pytests/unit/modules/test_msteams.py b/tests/pytests/unit/modules/test_msteams.py index 05e6a3d22849..1307cd854bda 100644 --- a/tests/pytests/unit/modules/test_msteams.py +++ b/tests/pytests/unit/modules/test_msteams.py @@ -24,7 +24,7 @@ def test_post_card(): with patch("salt.utils.http.query", http_mock): ret = msteams.post_card("test") assert ret - assert http_mock.called_once_with( + assert http_mock.assert_called_once_with( method="POST", header_dict={"Content-Type": "application/json"}, data='{"text": "test", "title": Null, "themeColor": Null}', diff --git a/tests/pytests/unit/states/test_file.py b/tests/pytests/unit/states/test_file.py index bb040f0fc60f..393ede9b397b 100644 --- a/tests/pytests/unit/states/test_file.py +++ b/tests/pytests/unit/states/test_file.py @@ -87,6 +87,6 @@ def test_file_recurse_directory_test(): "name": "/tmp/test", "result": False, } - assert salt_dunder["cp.list_master_dirs"].called_once_with( + assert salt_dunder["cp.list_master_dirs"].assert_called_once_with( prefix="does_not_exist/" ) From 5e1b7a21013eb18eef5b8f4835dc13c079b72481 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Thu, 14 Sep 2023 08:03:14 +0100 Subject: [PATCH 32/54] Fix failing tests Signed-off-by: Pedro Algarvio --- tests/pytests/unit/modules/test_msteams.py | 6 ++++-- tests/pytests/unit/states/test_file.py | 5 +++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/pytests/unit/modules/test_msteams.py b/tests/pytests/unit/modules/test_msteams.py index 1307cd854bda..a374dd903218 100644 --- a/tests/pytests/unit/modules/test_msteams.py +++ b/tests/pytests/unit/modules/test_msteams.py @@ -24,8 +24,10 @@ def test_post_card(): with patch("salt.utils.http.query", http_mock): ret = msteams.post_card("test") assert ret - assert http_mock.assert_called_once_with( + http_mock.assert_called_once_with( + "https://example.com/web_hook", method="POST", header_dict={"Content-Type": "application/json"}, - data='{"text": "test", "title": Null, "themeColor": Null}', + data='{"text": "test", "title": null, "themeColor": null}', + status=True, ) diff --git a/tests/pytests/unit/states/test_file.py b/tests/pytests/unit/states/test_file.py index 393ede9b397b..03ee53626eea 100644 --- a/tests/pytests/unit/states/test_file.py +++ b/tests/pytests/unit/states/test_file.py @@ -87,6 +87,7 @@ def test_file_recurse_directory_test(): "name": "/tmp/test", "result": False, } - assert salt_dunder["cp.list_master_dirs"].assert_called_once_with( - prefix="does_not_exist/" + salt_dunder["cp.list_master_dirs"].assert_called_once_with( + saltenv="base", + prefix="does_not_exist/", ) From d295e24f4354d62a6c53b9f6f99696b987eb15a1 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Thu, 14 Sep 2023 08:05:22 +0100 Subject: [PATCH 33/54] Switch to the correct fixture usage Signed-off-by: Pedro Algarvio --- tests/pytests/unit/states/test_file.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/pytests/unit/states/test_file.py b/tests/pytests/unit/states/test_file.py index 03ee53626eea..b7e239045b4e 100644 --- a/tests/pytests/unit/states/test_file.py +++ b/tests/pytests/unit/states/test_file.py @@ -7,19 +7,17 @@ from tests.support.mock import MagicMock, call, create_autospec, patch -@pytest.fixture(autouse=True) -def setup_loader(request): - setup_loader_modules = { +@pytest.fixture +def configure_loader_modules(minion_opts): + return { file: { "__opts__": {"test": False}, "__env__": "base", } } - with pytest.helpers.loader_mock(request, setup_loader_modules) as loader_mock: - yield loader_mock -@pytest.fixture() +@pytest.fixture def fake_remove(): fake_remove_mod = create_autospec(filemod.remove) with patch.dict(file.__salt__, {"file.remove": fake_remove_mod}): From 94ca7456c9d122815df03966f4d969193b31e67f Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 4 Oct 2023 13:46:43 +0100 Subject: [PATCH 34/54] Update to latest golden images Signed-off-by: Pedro Algarvio --- cicd/amis.yml | 2 +- cicd/golden-images.json | 224 +++++++++++++++++++++++++++++----------- 2 files changed, 163 insertions(+), 63 deletions(-) diff --git a/cicd/amis.yml b/cicd/amis.yml index 8fb4513180f5..8d0c0a4d9225 100644 --- a/cicd/amis.yml +++ b/cicd/amis.yml @@ -1 +1 @@ -centosstream-9-x86_64: ami-0bd92f4dca5d74017 +centosstream-9-x86_64: ami-0f474b360fca72512 diff --git a/cicd/golden-images.json b/cicd/golden-images.json index 21c702ca7327..9a3f06f705a0 100644 --- a/cicd/golden-images.json +++ b/cicd/golden-images.json @@ -1,8 +1,8 @@ { "almalinux-8-arm64": { - "ami": "ami-05c1d3dbdeeb94bc6", + "ami": "ami-0f08fc00f1689a8ec", "ami_description": "CI Image of AlmaLinux 8 arm64", - "ami_name": "salt-project/ci/almalinux/8/arm64/20230522.0606", + "ami_name": "salt-project/ci/almalinux/8/arm64/20231003.2057", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -10,9 +10,9 @@ "ssh_username": "ec2-user" }, "almalinux-8": { - "ami": "ami-0ec1cbc531f10105b", + "ami": "ami-08f648e0e6fa619c2", "ami_description": "CI Image of AlmaLinux 8 x86_64", - "ami_name": "salt-project/ci/almalinux/8/x86_64/20230522.0606", + "ami_name": "salt-project/ci/almalinux/8/x86_64/20231003.2058", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -20,9 +20,9 @@ "ssh_username": "ec2-user" }, "almalinux-9-arm64": { - "ami": "ami-036c495af9dfcf852", + "ami": "ami-0394b210e1e09b962", "ami_description": "CI Image of AlmaLinux 9 arm64", - "ami_name": "salt-project/ci/almalinux/9/arm64/20230522.0606", + "ami_name": "salt-project/ci/almalinux/9/arm64/20231003.2058", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -30,9 +30,9 @@ "ssh_username": "ec2-user" }, "almalinux-9": { - "ami": "ami-0dbc7030666419671", + "ami": "ami-0a909a150cfebea5b", "ami_description": "CI Image of AlmaLinux 9 x86_64", - "ami_name": "salt-project/ci/almalinux/9/x86_64/20230522.0606", + "ami_name": "salt-project/ci/almalinux/9/x86_64/20231003.2100", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -40,9 +40,9 @@ "ssh_username": "ec2-user" }, "amazonlinux-2-arm64": { - "ami": "ami-022232915c2a5f2d0", + "ami": "ami-038eac6a08feecdb2", "ami_description": "CI Image of AmazonLinux 2 arm64", - "ami_name": "salt-project/ci/amazonlinux/2/arm64/20230522.0621", + "ami_name": "salt-project/ci/amazonlinux/2/arm64/20231003.2104", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -50,9 +50,29 @@ "ssh_username": "ec2-user" }, "amazonlinux-2": { - "ami": "ami-0695f87baa5b5ce15", + "ami": "ami-09682e96e7785642d", "ami_description": "CI Image of AmazonLinux 2 x86_64", - "ami_name": "salt-project/ci/amazonlinux/2/x86_64/20230522.0620", + "ami_name": "salt-project/ci/amazonlinux/2/x86_64/20231003.2104", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "amazonlinux-2023.1-arm64": { + "ami": "ami-0e46c84fb43817334", + "ami_description": "CI Image of AmazonLinux 2023.1 arm64", + "ami_name": "salt-project/ci/amazonlinux/2023.1/arm64/20231003.2103", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "amazonlinux-2023.1": { + "ami": "ami-0ac591368ec230345", + "ami_description": "CI Image of AmazonLinux 2023.1 x86_64", + "ami_name": "salt-project/ci/amazonlinux/2023.1/x86_64/20231003.2103", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -60,9 +80,9 @@ "ssh_username": "ec2-user" }, "archlinux-lts": { - "ami": "ami-0f6424847f98afc04", + "ami": "ami-017de6f1e636021a0", "ami_description": "CI Image of ArchLinux lts x86_64", - "ami_name": "salt-project/ci/archlinux/lts/x86_64/20230522.0606", + "ami_name": "salt-project/ci/archlinux/lts/x86_64/20231003.2108", "arch": "x86_64", "cloudwatch-agent-available": "false", "instance_type": "t3a.large", @@ -70,9 +90,9 @@ "ssh_username": "arch" }, "centos-7-arm64": { - "ami": "ami-0908831c364e33a37", + "ami": "ami-088cb5f3066efa748", "ami_description": "CI Image of CentOS 7 arm64", - "ami_name": "salt-project/ci/centos/7/arm64/20230522.0606", + "ami_name": "salt-project/ci/centos/7/arm64/20231003.2108", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -80,9 +100,9 @@ "ssh_username": "centos" }, "centos-7": { - "ami": "ami-0ace33028ada62ddb", + "ami": "ami-05c4056c36cecc136", "ami_description": "CI Image of CentOS 7 x86_64", - "ami_name": "salt-project/ci/centos/7/x86_64/20230522.0606", + "ami_name": "salt-project/ci/centos/7/x86_64/20231003.2107", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -90,9 +110,9 @@ "ssh_username": "centos" }, "centosstream-8-arm64": { - "ami": "ami-0b30827dc592b2695", + "ami": "ami-0e2a761782490f7c2", "ami_description": "CI Image of CentOSStream 8 arm64", - "ami_name": "salt-project/ci/centosstream/8/arm64/20230522.0618", + "ami_name": "salt-project/ci/centosstream/8/arm64/20231003.2109", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -100,9 +120,9 @@ "ssh_username": "centos" }, "centosstream-8": { - "ami": "ami-0929882a7e5cfba5f", + "ami": "ami-06178cd094ea71c34", "ami_description": "CI Image of CentOSStream 8 x86_64", - "ami_name": "salt-project/ci/centosstream/8/x86_64/20230522.0618", + "ami_name": "salt-project/ci/centosstream/8/x86_64/20231003.2108", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -110,9 +130,9 @@ "ssh_username": "centos" }, "centosstream-9-arm64": { - "ami": "ami-00700fb8821b8b8c7", + "ami": "ami-0ea1025028e6fe700", "ami_description": "CI Image of CentOSStream 9 arm64", - "ami_name": "salt-project/ci/centosstream/9/arm64/20230522.0619", + "ami_name": "salt-project/ci/centosstream/9/arm64/20231003.2109", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -120,9 +140,9 @@ "ssh_username": "ec2-user" }, "centosstream-9": { - "ami": "ami-0bd92f4dca5d74017", + "ami": "ami-0f474b360fca72512", "ami_description": "CI Image of CentOSStream 9 x86_64", - "ami_name": "salt-project/ci/centosstream/9/x86_64/20230522.0619", + "ami_name": "salt-project/ci/centosstream/9/x86_64/20231003.2109", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -130,9 +150,9 @@ "ssh_username": "ec2-user" }, "debian-10-arm64": { - "ami": "ami-0f681fc9d5de0c3df", + "ami": "ami-0b9cbee875ae2e145", "ami_description": "CI Image of Debian 10 arm64", - "ami_name": "salt-project/ci/debian/10/arm64/20230522.0606", + "ami_name": "salt-project/ci/debian/10/arm64/20231003.2114", "arch": "arm64", "cloudwatch-agent-available": "false", "instance_type": "m6g.large", @@ -140,9 +160,9 @@ "ssh_username": "admin" }, "debian-10": { - "ami": "ami-0dcf5610590139238", + "ami": "ami-03b713e88ac915c18", "ami_description": "CI Image of Debian 10 x86_64", - "ami_name": "salt-project/ci/debian/10/x86_64/20230522.0606", + "ami_name": "salt-project/ci/debian/10/x86_64/20231003.2112", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -150,9 +170,9 @@ "ssh_username": "admin" }, "debian-11-arm64": { - "ami": "ami-062b4bf11a864825c", + "ami": "ami-0e48f24d9def8d84c", "ami_description": "CI Image of Debian 11 arm64", - "ami_name": "salt-project/ci/debian/11/arm64/20230522.0606", + "ami_name": "salt-project/ci/debian/11/arm64/20231003.2114", "arch": "arm64", "cloudwatch-agent-available": "false", "instance_type": "m6g.large", @@ -160,9 +180,29 @@ "ssh_username": "admin" }, "debian-11": { - "ami": "ami-0f400e5fa6806bbca", + "ami": "ami-07a2fb75d29d0d6f7", "ami_description": "CI Image of Debian 11 x86_64", - "ami_name": "salt-project/ci/debian/11/x86_64/20230522.0606", + "ami_name": "salt-project/ci/debian/11/x86_64/20231003.2116", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "admin" + }, + "debian-12-arm64": { + "ami": "ami-027199ded9ce9f659", + "ami_description": "CI Image of Debian 12 arm64", + "ami_name": "salt-project/ci/debian/12/arm64/20231003.2117", + "arch": "arm64", + "cloudwatch-agent-available": "false", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "admin" + }, + "debian-12": { + "ami": "ami-02156ad853a403599", + "ami_description": "CI Image of Debian 12 x86_64", + "ami_name": "salt-project/ci/debian/12/x86_64/20231003.2119", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -170,9 +210,9 @@ "ssh_username": "admin" }, "fedora-37-arm64": { - "ami": "ami-0d71d6f2b0869842f", + "ami": "ami-0dfb1b2e3b6cd8847", "ami_description": "CI Image of Fedora 37 arm64", - "ami_name": "salt-project/ci/fedora/37/arm64/20230522.0606", + "ami_name": "salt-project/ci/fedora/37/arm64/20231003.2119", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -180,9 +220,9 @@ "ssh_username": "fedora" }, "fedora-37": { - "ami": "ami-026f494dd4b9d40e8", + "ami": "ami-0d27e014bf07af18b", "ami_description": "CI Image of Fedora 37 x86_64", - "ami_name": "salt-project/ci/fedora/37/x86_64/20230522.0606", + "ami_name": "salt-project/ci/fedora/37/x86_64/20231003.2120", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -190,9 +230,9 @@ "ssh_username": "fedora" }, "fedora-38-arm64": { - "ami": "ami-01ba8a7951daf68fb", + "ami": "ami-04f5a34bae3040974", "ami_description": "CI Image of Fedora 38 arm64", - "ami_name": "salt-project/ci/fedora/38/arm64/20230522.0606", + "ami_name": "salt-project/ci/fedora/38/arm64/20231003.2120", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -200,9 +240,9 @@ "ssh_username": "fedora" }, "fedora-38": { - "ami": "ami-0699dbe70b69e96aa", + "ami": "ami-0e69802061ed79891", "ami_description": "CI Image of Fedora 38 x86_64", - "ami_name": "salt-project/ci/fedora/38/x86_64/20230522.0606", + "ami_name": "salt-project/ci/fedora/38/x86_64/20231003.2123", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -210,29 +250,69 @@ "ssh_username": "fedora" }, "opensuse-15": { - "ami": "ami-0c594da84f6e1cd96", + "ami": "ami-0ebb684e16914ad0a", "ami_description": "CI Image of Opensuse 15 x86_64", - "ami_name": "salt-project/ci/opensuse/15/x86_64/20230522.0619", + "ami_name": "salt-project/ci/opensuse/15/x86_64/20231003.2110", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", "is_windows": "false", "ssh_username": "ec2-user" }, + "photonos-3-arm64": { + "ami": "ami-054765b3beb6dd97c", + "ami_description": "CI Image of PhotonOS 3 arm64", + "ami_name": "salt-project/ci/photonos/3/arm64/20231003.2129", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "root" + }, "photonos-3": { - "ami": "ami-0db2ebdb9bc3400ef", + "ami": "ami-0224e8a4471113ebb", "ami_description": "CI Image of PhotonOS 3 x86_64", - "ami_name": "salt-project/ci/photonos/3/x86_64/20230522.0617", + "ami_name": "salt-project/ci/photonos/3/x86_64/20231003.2128", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", "is_windows": "false", "ssh_username": "root" }, + "photonos-4-arm64": { + "ami": "ami-091f6d77aa3921394", + "ami_description": "CI Image of PhotonOS 4 arm64", + "ami_name": "salt-project/ci/photonos/4/arm64/20231003.2124", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "root" + }, "photonos-4": { - "ami": "ami-08a6b6bbf6779a538", + "ami": "ami-0714704e9471a8e0c", "ami_description": "CI Image of PhotonOS 4 x86_64", - "ami_name": "salt-project/ci/photonos/4/x86_64/20230522.0606", + "ami_name": "salt-project/ci/photonos/4/x86_64/20231003.2130", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "root" + }, + "photonos-5-arm64": { + "ami": "ami-05ebc5bddb487c20b", + "ami_description": "CI Image of PhotonOS 5 arm64", + "ami_name": "salt-project/ci/photonos/5/arm64/20231003.2130", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "root" + }, + "photonos-5": { + "ami": "ami-0b7e17bc1990da3af", + "ami_description": "CI Image of PhotonOS 5 x86_64", + "ami_name": "salt-project/ci/photonos/5/x86_64/20231003.2131", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -240,9 +320,9 @@ "ssh_username": "root" }, "ubuntu-20.04-arm64": { - "ami": "ami-0dccc0de7a38cca90", + "ami": "ami-09210544c9163df86", "ami_description": "CI Image of Ubuntu 20.04 arm64", - "ami_name": "salt-project/ci/ubuntu/20.04/arm64/20230522.0606", + "ami_name": "salt-project/ci/ubuntu/20.04/arm64/20231003.2110", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -250,9 +330,9 @@ "ssh_username": "ubuntu" }, "ubuntu-20.04": { - "ami": "ami-05e51f893a626b579", + "ami": "ami-05894335447f4c052", "ami_description": "CI Image of Ubuntu 20.04 x86_64", - "ami_name": "salt-project/ci/ubuntu/20.04/x86_64/20230522.0606", + "ami_name": "salt-project/ci/ubuntu/20.04/x86_64/20231003.2110", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -260,9 +340,9 @@ "ssh_username": "ubuntu" }, "ubuntu-22.04-arm64": { - "ami": "ami-0c958272da6c09ca6", + "ami": "ami-090423dbe605f6d3e", "ami_description": "CI Image of Ubuntu 22.04 arm64", - "ami_name": "salt-project/ci/ubuntu/22.04/arm64/20230522.0606", + "ami_name": "salt-project/ci/ubuntu/22.04/arm64/20231003.2111", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -270,9 +350,29 @@ "ssh_username": "ubuntu" }, "ubuntu-22.04": { - "ami": "ami-09e45f31ccafcdcec", + "ami": "ami-0a465357b34ea7fdc", "ami_description": "CI Image of Ubuntu 22.04 x86_64", - "ami_name": "salt-project/ci/ubuntu/22.04/x86_64/20230522.0606", + "ami_name": "salt-project/ci/ubuntu/22.04/x86_64/20231003.2111", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "ubuntu" + }, + "ubuntu-23.04-arm64": { + "ami": "ami-0ed81524d646f95ee", + "ami_description": "CI Image of Ubuntu 23.04 arm64", + "ami_name": "salt-project/ci/ubuntu/23.04/arm64/20231003.2111", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "ubuntu" + }, + "ubuntu-23.04": { + "ami": "ami-02c7edd6357be51b6", + "ami_description": "CI Image of Ubuntu 23.04 x86_64", + "ami_name": "salt-project/ci/ubuntu/23.04/x86_64/20231003.2112", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -280,9 +380,9 @@ "ssh_username": "ubuntu" }, "windows-2016": { - "ami": "ami-099db55543619f54a", + "ami": "ami-04f113ff291a8953f", "ami_description": "CI Image of Windows 2016 x86_64", - "ami_name": "salt-project/ci/windows/2016/x86_64/20230522.0606", + "ami_name": "salt-project/ci/windows/2016/x86_64/20231003.2104", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.xlarge", @@ -290,9 +390,9 @@ "ssh_username": "Administrator" }, "windows-2019": { - "ami": "ami-0860ee5bc9ee93e13", + "ami": "ami-06475f495e0151fc9", "ami_description": "CI Image of Windows 2019 x86_64", - "ami_name": "salt-project/ci/windows/2019/x86_64/20230522.0606", + "ami_name": "salt-project/ci/windows/2019/x86_64/20231003.2106", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.xlarge", @@ -300,9 +400,9 @@ "ssh_username": "Administrator" }, "windows-2022": { - "ami": "ami-032e3abce2aa98da7", + "ami": "ami-0558da89560480f32", "ami_description": "CI Image of Windows 2022 x86_64", - "ami_name": "salt-project/ci/windows/2022/x86_64/20230522.0606", + "ami_name": "salt-project/ci/windows/2022/x86_64/20231003.2106", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.xlarge", From 7f230f5e803fb0a3d6cf55172e58da2a58280480 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 4 Oct 2023 13:20:29 +0100 Subject: [PATCH 35/54] De-whitelist, again, since it's hanging on the newer windows golden images Signed-off-by: Pedro Algarvio --- tests/integration/modules/test_ssh.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/integration/modules/test_ssh.py b/tests/integration/modules/test_ssh.py index 0817877c86b5..55586211622f 100644 --- a/tests/integration/modules/test_ssh.py +++ b/tests/integration/modules/test_ssh.py @@ -26,7 +26,8 @@ def check_status(): return False -@pytest.mark.windows_whitelisted +# @pytest.mark.windows_whitelisted +# De-whitelist windows since it's hanging on the newer windows golden images @pytest.mark.skip_if_binaries_missing("ssh", "ssh-keygen", check_all=True) class SSHModuleTest(ModuleCase): """ From 9d441d6aa1bb8633e231f228381cc9ed017d7322 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 4 Oct 2023 16:23:59 +0100 Subject: [PATCH 36/54] Force package tests to run when golden images change Signed-off-by: Pedro Algarvio --- tools/ci.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/ci.py b/tools/ci.py index c62850ddbec0..0a920237d692 100644 --- a/tools/ci.py +++ b/tools/ci.py @@ -370,6 +370,7 @@ def define_jobs( required_pkg_test_changes: set[str] = { changed_files_contents["pkg_tests"], changed_files_contents["workflows"], + changed_files_contents["golden_images"], } if jobs["test-pkg"] and required_pkg_test_changes == {"false"}: if "test:pkg" in labels: From a0558d6967d6e28bd366dbb47b299e82e18334b4 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 4 Oct 2023 16:42:24 +0100 Subject: [PATCH 37/54] Fix the security groups selection for developer created VMs Signed-off-by: Pedro Algarvio --- tools/vm.py | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/tools/vm.py b/tools/vm.py index f35102ad01b2..20d1079938a5 100644 --- a/tools/vm.py +++ b/tools/vm.py @@ -950,7 +950,6 @@ def create( else: # This is a developer running log.info("Starting Developer configured VM") - # Get the develpers security group security_group_filters = [ { "Name": "vpc-id", @@ -960,10 +959,6 @@ def create( "Name": "tag:spb:project", "Values": ["salt-project"], }, - { - "Name": "tag:spb:developer", - "Values": ["true"], - }, ] response = client.describe_security_groups(Filters=security_group_filters) if not response.get("SecurityGroups"): @@ -974,6 +969,26 @@ def create( self.ctx.exit(1) # Override the launch template network interfaces config security_group_ids = [sg["GroupId"] for sg in response["SecurityGroups"]] + security_group_filters = [ + { + "Name": "vpc-id", + "Values": [vpc.id], + }, + { + "Name": "tag:Name", + "Values": [f"saltproject-{environment}-client-vpn-remote-access"], + }, + ] + response = client.describe_security_groups(Filters=security_group_filters) + if not response.get("SecurityGroups"): + self.ctx.error( + "Could not find the right VPN access security group. " + f"Filters:\n{pprint.pformat(security_group_filters)}" + ) + self.ctx.exit(1) + security_group_ids.extend( + [sg["GroupId"] for sg in response["SecurityGroups"]] + ) progress = create_progress_bar() create_task = progress.add_task( From 5c154ba14aa14a421f7bf13a9ab2e026e2e8be12 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 4 Oct 2023 17:04:03 +0100 Subject: [PATCH 38/54] Log in which environment the developer VM is getting created Signed-off-by: Pedro Algarvio --- tools/vm.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/vm.py b/tools/vm.py index 20d1079938a5..0d27cda2707f 100644 --- a/tools/vm.py +++ b/tools/vm.py @@ -949,7 +949,7 @@ def create( log.info("Starting CI configured VM") else: # This is a developer running - log.info("Starting Developer configured VM") + log.info(f"Starting Developer configured VM In Environment '{environment}'") security_group_filters = [ { "Name": "vpc-id", From dd49164eec4eec14e6a62785888755b0be52af30 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Wed, 4 Oct 2023 15:00:16 +0100 Subject: [PATCH 39/54] Avoid problematic `grub-efi-amd64-signed` package on Ubuntu Signed-off-by: Pedro Algarvio --- pkg/tests/conftest.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pkg/tests/conftest.py b/pkg/tests/conftest.py index 257f4615fb32..f73cb948ae2d 100644 --- a/pkg/tests/conftest.py +++ b/pkg/tests/conftest.py @@ -49,6 +49,18 @@ def _system_up_to_date( grains, shell, ): + if grains["os"] == "Ubuntu" and grains["osarch"] == "amd64": + # The grub-efi-amd64-signed package seems to be a problem + # right now when updating the system + env = os.environ.copy() + env["DEBIAN_FRONTEND"] = "noninteractive" + ret = shell.run( + "apt-mark", + "hold", + "grub-efi-amd64-signed", + env=env, + ) + assert ret.returncode == 0 if grains["os_family"] == "Debian": ret = shell.run("apt", "update") assert ret.returncode == 0 From 52d0153772c2bfc9dd6b66ea2d69fc2502b88422 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Fri, 6 Oct 2023 08:17:24 +0100 Subject: [PATCH 40/54] Update to the latest golden images Signed-off-by: Pedro Algarvio --- cicd/golden-images.json | 164 ++++++++++++++++++++-------------------- pkg/tests/conftest.py | 12 --- 2 files changed, 82 insertions(+), 94 deletions(-) diff --git a/cicd/golden-images.json b/cicd/golden-images.json index 9a3f06f705a0..962af9809e68 100644 --- a/cicd/golden-images.json +++ b/cicd/golden-images.json @@ -1,8 +1,8 @@ { "almalinux-8-arm64": { - "ami": "ami-0f08fc00f1689a8ec", + "ami": "ami-04c86a9990a3836b9", "ami_description": "CI Image of AlmaLinux 8 arm64", - "ami_name": "salt-project/ci/almalinux/8/arm64/20231003.2057", + "ami_name": "salt-project/ci/almalinux/8/arm64/20231005.1556", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -10,9 +10,9 @@ "ssh_username": "ec2-user" }, "almalinux-8": { - "ami": "ami-08f648e0e6fa619c2", + "ami": "ami-059ed5c00c02c564b", "ami_description": "CI Image of AlmaLinux 8 x86_64", - "ami_name": "salt-project/ci/almalinux/8/x86_64/20231003.2058", + "ami_name": "salt-project/ci/almalinux/8/x86_64/20231005.1557", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -20,9 +20,9 @@ "ssh_username": "ec2-user" }, "almalinux-9-arm64": { - "ami": "ami-0394b210e1e09b962", + "ami": "ami-0213f3e31656f7393", "ami_description": "CI Image of AlmaLinux 9 arm64", - "ami_name": "salt-project/ci/almalinux/9/arm64/20231003.2058", + "ami_name": "salt-project/ci/almalinux/9/arm64/20231005.1557", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -30,9 +30,9 @@ "ssh_username": "ec2-user" }, "almalinux-9": { - "ami": "ami-0a909a150cfebea5b", + "ami": "ami-0c4e36d63e728ee21", "ami_description": "CI Image of AlmaLinux 9 x86_64", - "ami_name": "salt-project/ci/almalinux/9/x86_64/20231003.2100", + "ami_name": "salt-project/ci/almalinux/9/x86_64/20231005.1557", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -40,9 +40,9 @@ "ssh_username": "ec2-user" }, "amazonlinux-2-arm64": { - "ami": "ami-038eac6a08feecdb2", + "ami": "ami-010d24ab23bfb0330", "ami_description": "CI Image of AmazonLinux 2 arm64", - "ami_name": "salt-project/ci/amazonlinux/2/arm64/20231003.2104", + "ami_name": "salt-project/ci/amazonlinux/2/arm64/20231005.1614", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -50,9 +50,9 @@ "ssh_username": "ec2-user" }, "amazonlinux-2": { - "ami": "ami-09682e96e7785642d", + "ami": "ami-0ad016fe17f923c6b", "ami_description": "CI Image of AmazonLinux 2 x86_64", - "ami_name": "salt-project/ci/amazonlinux/2/x86_64/20231003.2104", + "ami_name": "salt-project/ci/amazonlinux/2/x86_64/20231005.1614", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -60,9 +60,9 @@ "ssh_username": "ec2-user" }, "amazonlinux-2023.1-arm64": { - "ami": "ami-0e46c84fb43817334", + "ami": "ami-037b7d6177ec8259d", "ami_description": "CI Image of AmazonLinux 2023.1 arm64", - "ami_name": "salt-project/ci/amazonlinux/2023.1/arm64/20231003.2103", + "ami_name": "salt-project/ci/amazonlinux/2023.1/arm64/20231005.1555", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -70,9 +70,9 @@ "ssh_username": "ec2-user" }, "amazonlinux-2023.1": { - "ami": "ami-0ac591368ec230345", + "ami": "ami-08e04f6dd44c858fa", "ami_description": "CI Image of AmazonLinux 2023.1 x86_64", - "ami_name": "salt-project/ci/amazonlinux/2023.1/x86_64/20231003.2103", + "ami_name": "salt-project/ci/amazonlinux/2023.1/x86_64/20231005.1555", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -80,9 +80,9 @@ "ssh_username": "ec2-user" }, "archlinux-lts": { - "ami": "ami-017de6f1e636021a0", + "ami": "ami-0b88ddfb321aff9ba", "ami_description": "CI Image of ArchLinux lts x86_64", - "ami_name": "salt-project/ci/archlinux/lts/x86_64/20231003.2108", + "ami_name": "salt-project/ci/archlinux/lts/x86_64/20231005.1555", "arch": "x86_64", "cloudwatch-agent-available": "false", "instance_type": "t3a.large", @@ -90,9 +90,9 @@ "ssh_username": "arch" }, "centos-7-arm64": { - "ami": "ami-088cb5f3066efa748", + "ami": "ami-01d5ee66081a02154", "ami_description": "CI Image of CentOS 7 arm64", - "ami_name": "salt-project/ci/centos/7/arm64/20231003.2108", + "ami_name": "salt-project/ci/centos/7/arm64/20231005.1617", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -100,9 +100,9 @@ "ssh_username": "centos" }, "centos-7": { - "ami": "ami-05c4056c36cecc136", + "ami": "ami-020fcff1da1f72f27", "ami_description": "CI Image of CentOS 7 x86_64", - "ami_name": "salt-project/ci/centos/7/x86_64/20231003.2107", + "ami_name": "salt-project/ci/centos/7/x86_64/20231005.1616", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -110,9 +110,9 @@ "ssh_username": "centos" }, "centosstream-8-arm64": { - "ami": "ami-0e2a761782490f7c2", + "ami": "ami-0ac6238b6506f7b8f", "ami_description": "CI Image of CentOSStream 8 arm64", - "ami_name": "salt-project/ci/centosstream/8/arm64/20231003.2109", + "ami_name": "salt-project/ci/centosstream/8/arm64/20231005.1614", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -120,9 +120,9 @@ "ssh_username": "centos" }, "centosstream-8": { - "ami": "ami-06178cd094ea71c34", + "ami": "ami-0bfceb03d43d0ba0e", "ami_description": "CI Image of CentOSStream 8 x86_64", - "ami_name": "salt-project/ci/centosstream/8/x86_64/20231003.2108", + "ami_name": "salt-project/ci/centosstream/8/x86_64/20231005.1615", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -130,9 +130,9 @@ "ssh_username": "centos" }, "centosstream-9-arm64": { - "ami": "ami-0ea1025028e6fe700", + "ami": "ami-04db23ba9082a01bf", "ami_description": "CI Image of CentOSStream 9 arm64", - "ami_name": "salt-project/ci/centosstream/9/arm64/20231003.2109", + "ami_name": "salt-project/ci/centosstream/9/arm64/20231005.1615", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -140,9 +140,9 @@ "ssh_username": "ec2-user" }, "centosstream-9": { - "ami": "ami-0f474b360fca72512", + "ami": "ami-0a47f4f785cb7a81c", "ami_description": "CI Image of CentOSStream 9 x86_64", - "ami_name": "salt-project/ci/centosstream/9/x86_64/20231003.2109", + "ami_name": "salt-project/ci/centosstream/9/x86_64/20231005.1615", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -150,9 +150,9 @@ "ssh_username": "ec2-user" }, "debian-10-arm64": { - "ami": "ami-0b9cbee875ae2e145", + "ami": "ami-015d30e48fa213528", "ami_description": "CI Image of Debian 10 arm64", - "ami_name": "salt-project/ci/debian/10/arm64/20231003.2114", + "ami_name": "salt-project/ci/debian/10/arm64/20231005.1601", "arch": "arm64", "cloudwatch-agent-available": "false", "instance_type": "m6g.large", @@ -160,9 +160,9 @@ "ssh_username": "admin" }, "debian-10": { - "ami": "ami-03b713e88ac915c18", + "ami": "ami-0397043698fedfa4c", "ami_description": "CI Image of Debian 10 x86_64", - "ami_name": "salt-project/ci/debian/10/x86_64/20231003.2112", + "ami_name": "salt-project/ci/debian/10/x86_64/20231005.1606", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -170,9 +170,9 @@ "ssh_username": "admin" }, "debian-11-arm64": { - "ami": "ami-0e48f24d9def8d84c", + "ami": "ami-008dbab5525972174", "ami_description": "CI Image of Debian 11 arm64", - "ami_name": "salt-project/ci/debian/11/arm64/20231003.2114", + "ami_name": "salt-project/ci/debian/11/arm64/20231005.1607", "arch": "arm64", "cloudwatch-agent-available": "false", "instance_type": "m6g.large", @@ -180,9 +180,9 @@ "ssh_username": "admin" }, "debian-11": { - "ami": "ami-07a2fb75d29d0d6f7", + "ami": "ami-04fc56501daaf3c94", "ami_description": "CI Image of Debian 11 x86_64", - "ami_name": "salt-project/ci/debian/11/x86_64/20231003.2116", + "ami_name": "salt-project/ci/debian/11/x86_64/20231005.1607", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -190,9 +190,9 @@ "ssh_username": "admin" }, "debian-12-arm64": { - "ami": "ami-027199ded9ce9f659", + "ami": "ami-0956b73228a7368c3", "ami_description": "CI Image of Debian 12 arm64", - "ami_name": "salt-project/ci/debian/12/arm64/20231003.2117", + "ami_name": "salt-project/ci/debian/12/arm64/20231005.1610", "arch": "arm64", "cloudwatch-agent-available": "false", "instance_type": "m6g.large", @@ -200,9 +200,9 @@ "ssh_username": "admin" }, "debian-12": { - "ami": "ami-02156ad853a403599", + "ami": "ami-0d0aa04bb5c49e54f", "ami_description": "CI Image of Debian 12 x86_64", - "ami_name": "salt-project/ci/debian/12/x86_64/20231003.2119", + "ami_name": "salt-project/ci/debian/12/x86_64/20231005.1613", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -210,9 +210,9 @@ "ssh_username": "admin" }, "fedora-37-arm64": { - "ami": "ami-0dfb1b2e3b6cd8847", + "ami": "ami-0201f64fda9f1ca6d", "ami_description": "CI Image of Fedora 37 arm64", - "ami_name": "salt-project/ci/fedora/37/arm64/20231003.2119", + "ami_name": "salt-project/ci/fedora/37/arm64/20231005.1617", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -220,9 +220,9 @@ "ssh_username": "fedora" }, "fedora-37": { - "ami": "ami-0d27e014bf07af18b", + "ami": "ami-02dfc80c8b14fd5bc", "ami_description": "CI Image of Fedora 37 x86_64", - "ami_name": "salt-project/ci/fedora/37/x86_64/20231003.2120", + "ami_name": "salt-project/ci/fedora/37/x86_64/20231005.1618", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -230,9 +230,9 @@ "ssh_username": "fedora" }, "fedora-38-arm64": { - "ami": "ami-04f5a34bae3040974", + "ami": "ami-0b03c270c7f50165d", "ami_description": "CI Image of Fedora 38 arm64", - "ami_name": "salt-project/ci/fedora/38/arm64/20231003.2120", + "ami_name": "salt-project/ci/fedora/38/arm64/20231005.1618", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -240,9 +240,9 @@ "ssh_username": "fedora" }, "fedora-38": { - "ami": "ami-0e69802061ed79891", + "ami": "ami-0927a80620f670c23", "ami_description": "CI Image of Fedora 38 x86_64", - "ami_name": "salt-project/ci/fedora/38/x86_64/20231003.2123", + "ami_name": "salt-project/ci/fedora/38/x86_64/20231005.1626", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -250,9 +250,9 @@ "ssh_username": "fedora" }, "opensuse-15": { - "ami": "ami-0ebb684e16914ad0a", + "ami": "ami-0b51e3479fabb4078", "ami_description": "CI Image of Opensuse 15 x86_64", - "ami_name": "salt-project/ci/opensuse/15/x86_64/20231003.2110", + "ami_name": "salt-project/ci/opensuse/15/x86_64/20231005.1614", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -260,9 +260,9 @@ "ssh_username": "ec2-user" }, "photonos-3-arm64": { - "ami": "ami-054765b3beb6dd97c", + "ami": "ami-0a33037524874686c", "ami_description": "CI Image of PhotonOS 3 arm64", - "ami_name": "salt-project/ci/photonos/3/arm64/20231003.2129", + "ami_name": "salt-project/ci/photonos/3/arm64/20231005.1558", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -270,9 +270,9 @@ "ssh_username": "root" }, "photonos-3": { - "ami": "ami-0224e8a4471113ebb", + "ami": "ami-068c5c07aa91d84d1", "ami_description": "CI Image of PhotonOS 3 x86_64", - "ami_name": "salt-project/ci/photonos/3/x86_64/20231003.2128", + "ami_name": "salt-project/ci/photonos/3/x86_64/20231005.1558", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -280,9 +280,9 @@ "ssh_username": "root" }, "photonos-4-arm64": { - "ami": "ami-091f6d77aa3921394", + "ami": "ami-0f8c72854c5b5679c", "ami_description": "CI Image of PhotonOS 4 arm64", - "ami_name": "salt-project/ci/photonos/4/arm64/20231003.2124", + "ami_name": "salt-project/ci/photonos/4/arm64/20231005.1558", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -290,9 +290,9 @@ "ssh_username": "root" }, "photonos-4": { - "ami": "ami-0714704e9471a8e0c", + "ami": "ami-04b8974b830b5adb0", "ami_description": "CI Image of PhotonOS 4 x86_64", - "ami_name": "salt-project/ci/photonos/4/x86_64/20231003.2130", + "ami_name": "salt-project/ci/photonos/4/x86_64/20231005.1559", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -300,9 +300,9 @@ "ssh_username": "root" }, "photonos-5-arm64": { - "ami": "ami-05ebc5bddb487c20b", + "ami": "ami-0f466b198cbcaf380", "ami_description": "CI Image of PhotonOS 5 arm64", - "ami_name": "salt-project/ci/photonos/5/arm64/20231003.2130", + "ami_name": "salt-project/ci/photonos/5/arm64/20231005.1559", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -310,9 +310,9 @@ "ssh_username": "root" }, "photonos-5": { - "ami": "ami-0b7e17bc1990da3af", + "ami": "ami-01bb09f84464b243e", "ami_description": "CI Image of PhotonOS 5 x86_64", - "ami_name": "salt-project/ci/photonos/5/x86_64/20231003.2131", + "ami_name": "salt-project/ci/photonos/5/x86_64/20231005.1601", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -320,9 +320,9 @@ "ssh_username": "root" }, "ubuntu-20.04-arm64": { - "ami": "ami-09210544c9163df86", + "ami": "ami-06d9a9e3b5ae369c7", "ami_description": "CI Image of Ubuntu 20.04 arm64", - "ami_name": "salt-project/ci/ubuntu/20.04/arm64/20231003.2110", + "ami_name": "salt-project/ci/ubuntu/20.04/arm64/20231005.1555", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -330,9 +330,9 @@ "ssh_username": "ubuntu" }, "ubuntu-20.04": { - "ami": "ami-05894335447f4c052", + "ami": "ami-080a55fb6cb08134d", "ami_description": "CI Image of Ubuntu 20.04 x86_64", - "ami_name": "salt-project/ci/ubuntu/20.04/x86_64/20231003.2110", + "ami_name": "salt-project/ci/ubuntu/20.04/x86_64/20231005.1555", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -340,9 +340,9 @@ "ssh_username": "ubuntu" }, "ubuntu-22.04-arm64": { - "ami": "ami-090423dbe605f6d3e", + "ami": "ami-0c87b8f0b8794f32e", "ami_description": "CI Image of Ubuntu 22.04 arm64", - "ami_name": "salt-project/ci/ubuntu/22.04/arm64/20231003.2111", + "ami_name": "salt-project/ci/ubuntu/22.04/arm64/20231005.1555", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -350,9 +350,9 @@ "ssh_username": "ubuntu" }, "ubuntu-22.04": { - "ami": "ami-0a465357b34ea7fdc", + "ami": "ami-0ce98043f227c9ac0", "ami_description": "CI Image of Ubuntu 22.04 x86_64", - "ami_name": "salt-project/ci/ubuntu/22.04/x86_64/20231003.2111", + "ami_name": "salt-project/ci/ubuntu/22.04/x86_64/20231005.1555", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -360,9 +360,9 @@ "ssh_username": "ubuntu" }, "ubuntu-23.04-arm64": { - "ami": "ami-0ed81524d646f95ee", + "ami": "ami-0519c583e36309fef", "ami_description": "CI Image of Ubuntu 23.04 arm64", - "ami_name": "salt-project/ci/ubuntu/23.04/arm64/20231003.2111", + "ami_name": "salt-project/ci/ubuntu/23.04/arm64/20231005.1555", "arch": "arm64", "cloudwatch-agent-available": "true", "instance_type": "m6g.large", @@ -370,9 +370,9 @@ "ssh_username": "ubuntu" }, "ubuntu-23.04": { - "ami": "ami-02c7edd6357be51b6", + "ami": "ami-063ad5dfb49f09182", "ami_description": "CI Image of Ubuntu 23.04 x86_64", - "ami_name": "salt-project/ci/ubuntu/23.04/x86_64/20231003.2112", + "ami_name": "salt-project/ci/ubuntu/23.04/x86_64/20231005.1555", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.large", @@ -380,9 +380,9 @@ "ssh_username": "ubuntu" }, "windows-2016": { - "ami": "ami-04f113ff291a8953f", + "ami": "ami-0f1ac34593b8b044f", "ami_description": "CI Image of Windows 2016 x86_64", - "ami_name": "salt-project/ci/windows/2016/x86_64/20231003.2104", + "ami_name": "salt-project/ci/windows/2016/x86_64/20231005.1615", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.xlarge", @@ -390,9 +390,9 @@ "ssh_username": "Administrator" }, "windows-2019": { - "ami": "ami-06475f495e0151fc9", + "ami": "ami-09100ff6a103a28ab", "ami_description": "CI Image of Windows 2019 x86_64", - "ami_name": "salt-project/ci/windows/2019/x86_64/20231003.2106", + "ami_name": "salt-project/ci/windows/2019/x86_64/20231005.1615", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.xlarge", @@ -400,9 +400,9 @@ "ssh_username": "Administrator" }, "windows-2022": { - "ami": "ami-0558da89560480f32", + "ami": "ami-0266dc6a12bc9fca6", "ami_description": "CI Image of Windows 2022 x86_64", - "ami_name": "salt-project/ci/windows/2022/x86_64/20231003.2106", + "ami_name": "salt-project/ci/windows/2022/x86_64/20231005.1616", "arch": "x86_64", "cloudwatch-agent-available": "true", "instance_type": "t3a.xlarge", diff --git a/pkg/tests/conftest.py b/pkg/tests/conftest.py index f73cb948ae2d..257f4615fb32 100644 --- a/pkg/tests/conftest.py +++ b/pkg/tests/conftest.py @@ -49,18 +49,6 @@ def _system_up_to_date( grains, shell, ): - if grains["os"] == "Ubuntu" and grains["osarch"] == "amd64": - # The grub-efi-amd64-signed package seems to be a problem - # right now when updating the system - env = os.environ.copy() - env["DEBIAN_FRONTEND"] = "noninteractive" - ret = shell.run( - "apt-mark", - "hold", - "grub-efi-amd64-signed", - env=env, - ) - assert ret.returncode == 0 if grains["os_family"] == "Debian": ret = shell.run("apt", "update") assert ret.returncode == 0 From f7142cbc97afc64cd87b9311efa473b5c250fffe Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Fri, 22 Sep 2023 15:27:41 +0100 Subject: [PATCH 41/54] Try a few times before raising the error Signed-off-by: Pedro Algarvio --- .../pytests/functional/channel/test_server.py | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/tests/pytests/functional/channel/test_server.py b/tests/pytests/functional/channel/test_server.py index bdf96679b78c..82a9450450fc 100644 --- a/tests/pytests/functional/channel/test_server.py +++ b/tests/pytests/functional/channel/test_server.py @@ -165,11 +165,21 @@ def handle_payload(payload): req_server_channel.post_fork(handle_payload, io_loop=io_loop) if master_config["transport"] == "zeromq": - p = Path(str(master_config["sock_dir"])) / "workers.ipc" - mode = os.lstat(p).st_mode - assert bool(os.lstat(p).st_mode & stat.S_IRUSR) - assert not bool(os.lstat(p).st_mode & stat.S_IRGRP) - assert not bool(os.lstat(p).st_mode & stat.S_IROTH) + time.sleep(1) + attempts = 5 + while True: + try: + p = Path(str(master_config["sock_dir"])) / "workers.ipc" + mode = os.lstat(p).st_mode + assert bool(os.lstat(p).st_mode & stat.S_IRUSR) + assert not bool(os.lstat(p).st_mode & stat.S_IRGRP) + assert not bool(os.lstat(p).st_mode & stat.S_IROTH) + break + except FileNotFoundError as exc: + if not attempts: + raise exc from None + attempts -= 1 + time.sleep(2.5) pub_channel = salt.channel.client.AsyncPubChannel.factory(minion_config) received = [] From e7bcad0567048b2052c8c0f2bf7797e89c3c5c6a Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Tue, 3 Oct 2023 13:49:41 -0600 Subject: [PATCH 42/54] Remove filename from logs --- salt/client/ssh/__init__.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/salt/client/ssh/__init__.py b/salt/client/ssh/__init__.py index e9c290e13ff4..067d4575f9bd 100644 --- a/salt/client/ssh/__init__.py +++ b/salt/client/ssh/__init__.py @@ -1025,20 +1025,18 @@ def run_ssh_pre_flight(self): except OSError as err: return ( "", - f"Could not copy pre flight script {self.ssh_pre_flight} to temporary path", + "Could not copy pre flight script to temporary path", 1, ) target_script = f".{pathlib.Path(temp.name).name}" - log.trace(f"Copying the pre flight script {self.ssh_pre_file} to target") + log.trace("Copying the pre flight script to target") stdout, stderr, retcode = self.shell.send(temp.name, target_script) if retcode != 0: # We could not copy the script to the target - log.error( - f"Could not copy the pre flight script {self.ssh_pre_file} to target" - ) + log.error("Could not copy the pre flight script to target") return stdout, stderr, retcode - log.trace(f"Executing the pre flight script {self.ssh_pre_file} on target") + log.trace("Executing the pre flight script on target") return self.execute_script( target_script, script_args=self.ssh_pre_flight_args ) @@ -1430,7 +1428,7 @@ def shim_cmd(self, cmd_str, extension="py"): shim_tmp_file.name, target_shim_file, makedirs=True ) if retcode != 0: - log.error(f"Could not copy the shim script to target") + log.error("Could not copy the shim script to target") return stdout, stderr, retcode # Remove our shim file From f41ed71b13241fff9c9e4c3caae8efa638e5b0f8 Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Tue, 3 Oct 2023 13:50:50 -0600 Subject: [PATCH 43/54] Fix logs in ssh tests --- tests/pytests/unit/client/ssh/test_single.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/tests/pytests/unit/client/ssh/test_single.py b/tests/pytests/unit/client/ssh/test_single.py index 91c5e7db914c..c88a1c2127f3 100644 --- a/tests/pytests/unit/client/ssh/test_single.py +++ b/tests/pytests/unit/client/ssh/test_single.py @@ -411,11 +411,8 @@ def test_run_ssh_pre_flight_no_connect(opts, target, tmp_path, caplog): with caplog.at_level(logging.TRACE): with patch_send, patch_exec_cmd, patch_tmp: ret = single.run_ssh_pre_flight() - assert f"Copying the pre flight script {pre_flight.name}" in caplog.text - assert ( - f"Could not copy the pre flight script {pre_flight.name} to target" - in caplog.text - ) + assert "Copying the pre flight script" in caplog.text + assert "Could not copy the pre flight script to target" in caplog.text assert ret == ret_send assert send_mock.call_args_list[0][0][0] == tmp_file target_script = send_mock.call_args_list[0][0][1] @@ -506,7 +503,7 @@ def test_run_ssh_pre_flight_connect(opts, target, tmp_path, caplog): with patch_send, patch_exec_cmd, patch_tmp: ret = single.run_ssh_pre_flight() - assert f"Executing the pre flight script {pre_flight.name} on target" in caplog.text + assert "Executing the pre flight script on target" in caplog.text assert ret == ret_exec_cmd assert send_mock.call_args_list[0][0][0] == tmp_file target_script = send_mock.call_args_list[0][0][1] @@ -551,7 +548,7 @@ def test_run_ssh_pre_flight_shutil_fails(opts, target, tmp_path): assert ret == ( "", - f"Could not copy pre flight script {pre_flight} to temporary path", + "Could not copy pre flight script to temporary path", 1, ) mock_exec_cmd.assert_not_called() From d7b8fdf9d7a4a6819d445c0beda4c0e01780e6d4 Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Tue, 3 Oct 2023 13:02:19 -0600 Subject: [PATCH 44/54] Bump urllib3 to 1.26.17 or 2.0.6 --- changelog/65334.security.md | 1 + requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/docs.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.10/pkgtests-windows.txt | 2 +- requirements/static/ci/py3.10/pkgtests.txt | 2 +- requirements/static/ci/py3.10/tools.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.11/tools.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/docs.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/docs.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/docs.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/tools.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.10/freebsd.txt | 2 +- requirements/static/pkg/py3.10/linux.txt | 2 +- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.7/freebsd.txt | 2 +- requirements/static/pkg/py3.7/linux.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/freebsd.txt | 2 +- requirements/static/pkg/py3.8/linux.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/freebsd.txt | 2 +- requirements/static/pkg/py3.9/linux.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- 46 files changed, 46 insertions(+), 45 deletions(-) create mode 100644 changelog/65334.security.md diff --git a/changelog/65334.security.md b/changelog/65334.security.md new file mode 100644 index 000000000000..9f1e2ecb0a81 --- /dev/null +++ b/changelog/65334.security.md @@ -0,0 +1 @@ +Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index aaa9eeab32d9..5ecd1d9b654a 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -858,7 +858,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 26f65c085590..65e51c1fa5f7 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -839,7 +839,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.10/docs.txt b/requirements/static/ci/py3.10/docs.txt index 588b8682f569..dada0d8deb41 100644 --- a/requirements/static/ci/py3.10/docs.txt +++ b/requirements/static/ci/py3.10/docs.txt @@ -183,7 +183,7 @@ typing-extensions==4.2.0 # myst-docutils uc-micro-py==1.0.1 # via linkify-it-py -urllib3==1.26.6 +urllib3==1.26.17 # via # -c requirements/static/ci/py3.10/linux.txt # requests diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 0954e12ecefa..1a8856b54730 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -840,7 +840,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index 42e3bb70d53a..dd8769b2d2bc 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -830,7 +830,7 @@ twilio==7.9.2 # via -r requirements/static/ci/linux.in tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index 6d6a7d7eb7ce..8f9946909738 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -887,7 +887,7 @@ typing-extensions==4.2.0 # pytest-system-statistics tzlocal==2.1 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.10/pkgtests-windows.txt b/requirements/static/ci/py3.10/pkgtests-windows.txt index 88e31addbb22..cb162d41783f 100644 --- a/requirements/static/ci/py3.10/pkgtests-windows.txt +++ b/requirements/static/ci/py3.10/pkgtests-windows.txt @@ -155,7 +155,7 @@ typing-extensions==4.4.0 # pydantic # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.14 +urllib3==2.0.6 # via requests virtualenv==20.18.0 # via pytest-salt-factories diff --git a/requirements/static/ci/py3.10/pkgtests.txt b/requirements/static/ci/py3.10/pkgtests.txt index 170a81d2350f..9765f12b662b 100644 --- a/requirements/static/ci/py3.10/pkgtests.txt +++ b/requirements/static/ci/py3.10/pkgtests.txt @@ -145,7 +145,7 @@ typing-extensions==4.4.0 # pydantic # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.14 +urllib3==2.0.6 # via # docker # requests diff --git a/requirements/static/ci/py3.10/tools.txt b/requirements/static/ci/py3.10/tools.txt index 071ccd01dcdf..7f5565ced7f8 100644 --- a/requirements/static/ci/py3.10/tools.txt +++ b/requirements/static/ci/py3.10/tools.txt @@ -52,7 +52,7 @@ six==1.16.0 # via python-dateutil typing-extensions==4.4.0 # via python-tools-scripts -urllib3==1.26.12 +urllib3==1.26.17 # via # botocore # requests diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index e840fcba26ff..3fae46375430 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -385,7 +385,7 @@ typing-extensions==4.4.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # -r requirements/windows.txt # botocore diff --git a/requirements/static/ci/py3.11/tools.txt b/requirements/static/ci/py3.11/tools.txt index f32fde3f91d5..9bc4de833c0e 100644 --- a/requirements/static/ci/py3.11/tools.txt +++ b/requirements/static/ci/py3.11/tools.txt @@ -50,7 +50,7 @@ s3transfer==0.5.2 # via boto3 six==1.16.0 # via python-dateutil -urllib3==1.26.12 +urllib3==1.26.17 # via # botocore # requests diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 1994333e54b5..ffafc70cb5d6 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -920,7 +920,7 @@ typing-extensions==3.10.0.0 # pytest-shell-utilities # pytest-system-statistics # yarl -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.7/docs.txt b/requirements/static/ci/py3.7/docs.txt index 31209a994b27..0780e7cc3cfe 100644 --- a/requirements/static/ci/py3.7/docs.txt +++ b/requirements/static/ci/py3.7/docs.txt @@ -193,7 +193,7 @@ typing-extensions==3.10.0.0 # myst-docutils uc-micro-py==1.0.1 # via linkify-it-py -urllib3==1.26.6 +urllib3==1.26.17 # via # -c requirements/static/ci/py3.7/linux.txt # requests diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index dabd10cc635b..408377d55078 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -896,7 +896,7 @@ typing-extensions==3.10.0.0 # pytest-shell-utilities # pytest-system-statistics # yarl -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index d7dfa7be3e98..f1f2f6ea4fe4 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -897,7 +897,7 @@ typing-extensions==4.6.3 # yarl tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 0ab876ce56ee..30444a687c5e 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -945,7 +945,7 @@ typing-extensions==3.10.0.0 # yarl tzlocal==2.1 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index fdd9bd2c9c79..7ef90d82ad2b 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -405,7 +405,7 @@ typing-extensions==4.2.0 # pytest-shell-utilities # pytest-system-statistics # yarl -urllib3==1.26.6 +urllib3==1.26.17 # via # -r requirements/windows.txt # botocore diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 8c140ec29367..943675c9f555 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -903,7 +903,7 @@ typing-extensions==3.10.0.2 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.8/docs.txt b/requirements/static/ci/py3.8/docs.txt index da96a0c3bfb9..2924bc5041c0 100644 --- a/requirements/static/ci/py3.8/docs.txt +++ b/requirements/static/ci/py3.8/docs.txt @@ -183,7 +183,7 @@ typing-extensions==4.2.0 # myst-docutils uc-micro-py==1.0.1 # via linkify-it-py -urllib3==1.26.6 +urllib3==1.26.17 # via # -c requirements/static/ci/py3.8/linux.txt # requests diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 9e558df206db..1bde4d188993 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -881,7 +881,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index 9e85b9f0848d..37391798b2cf 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -878,7 +878,7 @@ twilio==7.9.2 # via -r requirements/static/ci/linux.in tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 2784ec6a38f3..d2cd10082436 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -928,7 +928,7 @@ typing-extensions==4.2.0 # pytest-system-statistics tzlocal==2.1 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 702f54718911..9aba30cafa87 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -388,7 +388,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # -r requirements/windows.txt # botocore diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 7ea58dcb8abf..d54814113850 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -906,7 +906,7 @@ typing-extensions==3.10.0.2 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 724fb21f85a0..90cbc5f22e4d 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -883,7 +883,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.9/docs.txt b/requirements/static/ci/py3.9/docs.txt index 772a37c357aa..63268ca8d225 100644 --- a/requirements/static/ci/py3.9/docs.txt +++ b/requirements/static/ci/py3.9/docs.txt @@ -187,7 +187,7 @@ typing-extensions==4.2.0 # myst-docutils uc-micro-py==1.0.1 # via linkify-it-py -urllib3==1.26.6 +urllib3==1.26.17 # via # -c requirements/static/ci/py3.9/linux.txt # requests diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index cdaa74f68a1f..e45b1cf5e800 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -884,7 +884,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 690aceb8677c..4201e01999ea 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -879,7 +879,7 @@ twilio==7.9.2 # via -r requirements/static/ci/linux.in tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 9c340545d4b6..d278e2bbf686 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -933,7 +933,7 @@ typing-extensions==4.2.0 # pytest-system-statistics tzlocal==2.1 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # docker diff --git a/requirements/static/ci/py3.9/tools.txt b/requirements/static/ci/py3.9/tools.txt index cd973f2c5464..5b1a57c8490e 100644 --- a/requirements/static/ci/py3.9/tools.txt +++ b/requirements/static/ci/py3.9/tools.txt @@ -52,7 +52,7 @@ six==1.16.0 # via python-dateutil typing-extensions==4.4.0 # via python-tools-scripts -urllib3==1.26.12 +urllib3==1.26.17 # via # botocore # requests diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 168916f60629..cc37f0e1429d 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -389,7 +389,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # -r requirements/windows.txt # botocore diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index 4bee194057e9..eee8b8835a70 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -110,7 +110,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/darwin.txt -urllib3==1.26.6 +urllib3==2.0.6 # via requests vultr==1.0.1 # via -r requirements/darwin.txt diff --git a/requirements/static/pkg/py3.10/freebsd.txt b/requirements/static/pkg/py3.10/freebsd.txt index c874a498b9f1..42296124df10 100644 --- a/requirements/static/pkg/py3.10/freebsd.txt +++ b/requirements/static/pkg/py3.10/freebsd.txt @@ -96,7 +96,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.10/linux.txt b/requirements/static/pkg/py3.10/linux.txt index 576625229ed2..5a122faf61ed 100644 --- a/requirements/static/pkg/py3.10/linux.txt +++ b/requirements/static/pkg/py3.10/linux.txt @@ -96,7 +96,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/linux.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index 59b57dab0a80..6945e3eac543 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -124,7 +124,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/windows.txt -urllib3==1.26.6 +urllib3==2.0.6 # via # -r requirements/windows.txt # requests diff --git a/requirements/static/pkg/py3.7/freebsd.txt b/requirements/static/pkg/py3.7/freebsd.txt index 392d78aab835..1a2274ff3318 100644 --- a/requirements/static/pkg/py3.7/freebsd.txt +++ b/requirements/static/pkg/py3.7/freebsd.txt @@ -96,7 +96,7 @@ timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in typing-extensions==3.10.0.0 # via importlib-metadata -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.7/linux.txt b/requirements/static/pkg/py3.7/linux.txt index 476f570aea0b..7f4276888d4a 100644 --- a/requirements/static/pkg/py3.7/linux.txt +++ b/requirements/static/pkg/py3.7/linux.txt @@ -96,7 +96,7 @@ timelib==0.2.5 # via -r requirements/static/pkg/linux.in typing-extensions==3.10.0.0 # via importlib-metadata -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index 1a570a4602a8..9ad0601b5fcc 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -129,7 +129,7 @@ typing-extensions==4.4.0 # via # gitpython # importlib-metadata -urllib3==1.26.6 +urllib3==2.0.6 # via # -r requirements/windows.txt # requests diff --git a/requirements/static/pkg/py3.8/freebsd.txt b/requirements/static/pkg/py3.8/freebsd.txt index 725e7580c700..53a7d32e476d 100644 --- a/requirements/static/pkg/py3.8/freebsd.txt +++ b/requirements/static/pkg/py3.8/freebsd.txt @@ -94,7 +94,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.8/linux.txt b/requirements/static/pkg/py3.8/linux.txt index e2bcef47b55c..a4a7b5bd4000 100644 --- a/requirements/static/pkg/py3.8/linux.txt +++ b/requirements/static/pkg/py3.8/linux.txt @@ -94,7 +94,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/linux.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index 7a5669c534ec..6e8ac4fc6535 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -125,7 +125,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/windows.txt -urllib3==1.26.6 +urllib3==2.0.6 # via # -r requirements/windows.txt # requests diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index f8b866e2b624..8ed6a476f3e5 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -110,7 +110,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/darwin.txt -urllib3==1.26.6 +urllib3==2.0.6 # via requests vultr==1.0.1 # via -r requirements/darwin.txt diff --git a/requirements/static/pkg/py3.9/freebsd.txt b/requirements/static/pkg/py3.9/freebsd.txt index 6f53c93dc14d..7ca30b97f680 100644 --- a/requirements/static/pkg/py3.9/freebsd.txt +++ b/requirements/static/pkg/py3.9/freebsd.txt @@ -96,7 +96,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.9/linux.txt b/requirements/static/pkg/py3.9/linux.txt index 314e4b7c6cd3..2bcffd2470b1 100644 --- a/requirements/static/pkg/py3.9/linux.txt +++ b/requirements/static/pkg/py3.9/linux.txt @@ -96,7 +96,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/linux.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index c243742d9ea3..11423afa70b7 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -125,7 +125,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/windows.txt -urllib3==1.26.6 +urllib3==2.0.6 # via # -r requirements/windows.txt # requests From ef76fb36288d58bd1ea472587cc0be531fd214ec Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Thu, 28 Sep 2023 14:37:53 -0700 Subject: [PATCH 45/54] Upgrade relenv to 0.13.12 --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/nightly.yml | 12 ++++++------ .github/workflows/scheduled.yml | 12 ++++++------ .github/workflows/staging.yml | 12 ++++++------ changelog/65316.fixed.md | 1 + cicd/shared-gh-workflows-context.yml | 2 +- 6 files changed, 26 insertions(+), 25 deletions(-) create mode 100644 changelog/65316.fixed.md diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c07cb5ccc480..9f4cefeb660b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -442,7 +442,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-salt-onedir: @@ -458,7 +458,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-rpm-pkgs: @@ -470,7 +470,7 @@ jobs: uses: ./.github/workflows/build-rpm-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-deb-pkgs: @@ -482,7 +482,7 @@ jobs: uses: ./.github/workflows/build-deb-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-windows-pkgs: @@ -494,7 +494,7 @@ jobs: uses: ./.github/workflows/build-windows-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-macos-pkgs: @@ -506,7 +506,7 @@ jobs: uses: ./.github/workflows/build-macos-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" amazonlinux-2-pkg-tests: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 6dc8dc192e6e..40c07b9154cf 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -491,7 +491,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-salt-onedir: @@ -507,7 +507,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-rpm-pkgs: @@ -519,7 +519,7 @@ jobs: uses: ./.github/workflows/build-rpm-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-deb-pkgs: @@ -531,7 +531,7 @@ jobs: uses: ./.github/workflows/build-deb-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-windows-pkgs: @@ -543,7 +543,7 @@ jobs: uses: ./.github/workflows/build-windows-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" environment: nightly sign-packages: false @@ -558,7 +558,7 @@ jobs: uses: ./.github/workflows/build-macos-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" environment: nightly sign-packages: true diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index 2a2d617f5dc1..b29a3581cd78 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -476,7 +476,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-salt-onedir: @@ -492,7 +492,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-rpm-pkgs: @@ -504,7 +504,7 @@ jobs: uses: ./.github/workflows/build-rpm-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-deb-pkgs: @@ -516,7 +516,7 @@ jobs: uses: ./.github/workflows/build-deb-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-windows-pkgs: @@ -528,7 +528,7 @@ jobs: uses: ./.github/workflows/build-windows-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-macos-pkgs: @@ -540,7 +540,7 @@ jobs: uses: ./.github/workflows/build-macos-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" amazonlinux-2-pkg-tests: diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index a709d95bf281..02e2a1a11344 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -486,7 +486,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-salt-onedir: @@ -502,7 +502,7 @@ jobs: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-rpm-pkgs: @@ -514,7 +514,7 @@ jobs: uses: ./.github/workflows/build-rpm-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-deb-pkgs: @@ -526,7 +526,7 @@ jobs: uses: ./.github/workflows/build-deb-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" build-windows-pkgs: @@ -538,7 +538,7 @@ jobs: uses: ./.github/workflows/build-windows-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" environment: staging sign-packages: ${{ inputs.sign-windows-packages }} @@ -553,7 +553,7 @@ jobs: uses: ./.github/workflows/build-macos-packages.yml with: salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" - relenv-version: "0.13.10" + relenv-version: "0.13.12" python-version: "3.10.13" environment: staging sign-packages: true diff --git a/changelog/65316.fixed.md b/changelog/65316.fixed.md new file mode 100644 index 000000000000..f9afcd0a7e48 --- /dev/null +++ b/changelog/65316.fixed.md @@ -0,0 +1 @@ +Upgrade relenv to 0.13.12 to address CVE-2023-4807 diff --git a/cicd/shared-gh-workflows-context.yml b/cicd/shared-gh-workflows-context.yml index 13d7bbb7754f..4d7e68a2dded 100644 --- a/cicd/shared-gh-workflows-context.yml +++ b/cicd/shared-gh-workflows-context.yml @@ -1,3 +1,3 @@ nox_version: "2022.8.7" python_version: "3.10.13" -relenv_version: "0.13.10" +relenv_version: "0.13.12" From aad7618098afdc5de010e80ca628752f2483b03b Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Wed, 4 Oct 2023 15:25:49 -0700 Subject: [PATCH 46/54] Update changelog extension to denote security fix --- changelog/{65316.fixed.md => 65316.security.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename changelog/{65316.fixed.md => 65316.security.md} (100%) diff --git a/changelog/65316.fixed.md b/changelog/65316.security.md similarity index 100% rename from changelog/65316.fixed.md rename to changelog/65316.security.md From 5c236eaac16964e1e7d925232d1ccec038c004c2 Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Tue, 3 Oct 2023 12:36:33 -0600 Subject: [PATCH 47/54] Bump urllib3 to 1.26.17 or 2.0.6 --- changelog/65334.security | 1 + requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/docs.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.6/cloud.txt | 2 +- requirements/static/ci/py3.6/docs.txt | 2 +- requirements/static/ci/py3.6/lint.txt | 2 +- requirements/static/ci/py3.6/linux.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/docs.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/docs.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/docs.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.10/freebsd.txt | 2 +- requirements/static/pkg/py3.10/linux.txt | 2 +- requirements/static/pkg/py3.6/linux.txt | 2 +- requirements/static/pkg/py3.7/freebsd.txt | 2 +- requirements/static/pkg/py3.7/linux.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/freebsd.txt | 2 +- requirements/static/pkg/py3.8/linux.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/freebsd.txt | 2 +- requirements/static/pkg/py3.9/linux.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- 44 files changed, 44 insertions(+), 43 deletions(-) create mode 100644 changelog/65334.security diff --git a/changelog/65334.security b/changelog/65334.security new file mode 100644 index 000000000000..9f1e2ecb0a81 --- /dev/null +++ b/changelog/65334.security @@ -0,0 +1 @@ +Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index 3e163e77a18e..6a85808c774f 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -845,7 +845,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 1cfb54e74267..55b40a44ce84 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -833,7 +833,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.10/docs.txt b/requirements/static/ci/py3.10/docs.txt index d8aa8cbaeaaa..fd3a8fbb80d7 100644 --- a/requirements/static/ci/py3.10/docs.txt +++ b/requirements/static/ci/py3.10/docs.txt @@ -833,7 +833,7 @@ twilio==7.9.2 # via -r requirements/static/ci/linux.in tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 5dc862b00c53..4cbd3c8e568f 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -830,7 +830,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index 96865dc989e0..0f1259f7fae9 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -819,7 +819,7 @@ twilio==7.9.2 # via -r requirements/static/ci/linux.in tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index b9a9f45fcb81..c35ad1305c0e 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -878,7 +878,7 @@ typing-extensions==4.2.0 # pytest-system-statistics tzlocal==2.1 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.6/cloud.txt b/requirements/static/ci/py3.6/cloud.txt index be1bc344e21a..f775f838e040 100644 --- a/requirements/static/ci/py3.6/cloud.txt +++ b/requirements/static/ci/py3.6/cloud.txt @@ -876,7 +876,7 @@ typing-extensions==3.10.0.0 # pytest-shell-utilities # pytest-system-statistics # yarl -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.6/docs.txt b/requirements/static/ci/py3.6/docs.txt index 3a2c32fbaa81..745087510a4d 100644 --- a/requirements/static/ci/py3.6/docs.txt +++ b/requirements/static/ci/py3.6/docs.txt @@ -865,7 +865,7 @@ typing-extensions==3.10.0.0 # yarl tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.6/lint.txt b/requirements/static/ci/py3.6/lint.txt index 2946e3602bab..e82930b1b5e7 100644 --- a/requirements/static/ci/py3.6/lint.txt +++ b/requirements/static/ci/py3.6/lint.txt @@ -856,7 +856,7 @@ typing-extensions==3.10.0.0 # yarl tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.6/linux.txt b/requirements/static/ci/py3.6/linux.txt index 1c81008cda06..b7a1e63faf9d 100644 --- a/requirements/static/ci/py3.6/linux.txt +++ b/requirements/static/ci/py3.6/linux.txt @@ -910,7 +910,7 @@ typing-extensions==3.10.0.0 # yarl tzlocal==2.1 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index f903b2d6d298..230731944033 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -906,7 +906,7 @@ typing-extensions==3.10.0.0 # pytest-shell-utilities # pytest-system-statistics # yarl -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.7/docs.txt b/requirements/static/ci/py3.7/docs.txt index c67e346203fc..2b752fc5f401 100644 --- a/requirements/static/ci/py3.7/docs.txt +++ b/requirements/static/ci/py3.7/docs.txt @@ -894,7 +894,7 @@ typing-extensions==3.10.0.0 # yarl tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 4976c9fbb6c1..5d973d418373 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -887,7 +887,7 @@ typing-extensions==3.10.0.0 # pytest-shell-utilities # pytest-system-statistics # yarl -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index dd5932f1caa8..c32356af790b 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -885,7 +885,7 @@ typing-extensions==3.10.0.0 # yarl tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 09dad7aa75a3..65ff4877046c 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -933,7 +933,7 @@ typing-extensions==3.10.0.0 # yarl tzlocal==2.1 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index d0d6085415f9..d39a2c370207 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -401,7 +401,7 @@ typing-extensions==3.10.0.0 # pytest-shell-utilities # pytest-system-statistics # yarl -urllib3==1.26.6 +urllib3==1.26.17 # via # -r requirements/windows.txt # botocore diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index d47a2de683ab..ac77ecc13ff2 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -890,7 +890,7 @@ typing-extensions==3.10.0.2 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.8/docs.txt b/requirements/static/ci/py3.8/docs.txt index af50b9ad185c..a84e86f21569 100644 --- a/requirements/static/ci/py3.8/docs.txt +++ b/requirements/static/ci/py3.8/docs.txt @@ -879,7 +879,7 @@ twilio==7.9.2 # via -r requirements/static/ci/linux.in tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 408b9308c10a..766805cf7ea5 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -873,7 +873,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index 63e853bf68f9..df356e75c32e 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -867,7 +867,7 @@ twilio==7.9.2 # via -r requirements/static/ci/linux.in tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 8cfc4e8a092c..274fde2325f2 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -919,7 +919,7 @@ typing-extensions==4.2.0 # pytest-system-statistics tzlocal==2.1 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 5b2ba5adace9..ed29068ec306 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -387,7 +387,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # -r requirements/windows.txt # botocore diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 10730f00910e..562928442d7b 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -893,7 +893,7 @@ typing-extensions==3.10.0.2 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 277defef4d54..afeec28a1d4d 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -879,7 +879,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.9/docs.txt b/requirements/static/ci/py3.9/docs.txt index 4ed09bed8ebf..8d7fb6f43023 100644 --- a/requirements/static/ci/py3.9/docs.txt +++ b/requirements/static/ci/py3.9/docs.txt @@ -880,7 +880,7 @@ twilio==7.9.2 # via -r requirements/static/ci/linux.in tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 119b9a7e39ba..a09f0e7578c8 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -876,7 +876,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 87b7665c97b8..e69756544c11 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -868,7 +868,7 @@ twilio==7.9.2 # via -r requirements/static/ci/linux.in tzlocal==3.0 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 8c635fd7cf39..01ca0c0e9e6e 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -924,7 +924,7 @@ typing-extensions==4.2.0 # pytest-system-statistics tzlocal==2.1 # via apscheduler -urllib3==1.26.6 +urllib3==1.26.17 # via # botocore # kubernetes diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index 280315b4c8a8..edc7125397e8 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -388,7 +388,7 @@ typing-extensions==4.2.0 # via # pytest-shell-utilities # pytest-system-statistics -urllib3==1.26.6 +urllib3==1.26.17 # via # -r requirements/windows.txt # botocore diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index d3250c794d4a..9a684e23867e 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -107,7 +107,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/darwin.txt -urllib3==1.26.6 +urllib3==2.0.6 # via requests vultr==1.0.1 # via -r requirements/darwin.txt diff --git a/requirements/static/pkg/py3.10/freebsd.txt b/requirements/static/pkg/py3.10/freebsd.txt index 2ff655041f36..3ef547e4f577 100644 --- a/requirements/static/pkg/py3.10/freebsd.txt +++ b/requirements/static/pkg/py3.10/freebsd.txt @@ -90,7 +90,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.10/linux.txt b/requirements/static/pkg/py3.10/linux.txt index 04ca508c92fe..568fce73ae09 100644 --- a/requirements/static/pkg/py3.10/linux.txt +++ b/requirements/static/pkg/py3.10/linux.txt @@ -92,7 +92,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/linux.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.6/linux.txt b/requirements/static/pkg/py3.6/linux.txt index f49dfbcd7c5b..eaf2f2feddc6 100644 --- a/requirements/static/pkg/py3.6/linux.txt +++ b/requirements/static/pkg/py3.6/linux.txt @@ -96,7 +96,7 @@ timelib==0.2.5 # via -r requirements/static/pkg/linux.in typing-extensions==3.10.0.0 # via importlib-metadata -urllib3==1.26.6 +urllib3==1.26.17 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.7/freebsd.txt b/requirements/static/pkg/py3.7/freebsd.txt index 6aa3ccea8f9b..927e0f068aab 100644 --- a/requirements/static/pkg/py3.7/freebsd.txt +++ b/requirements/static/pkg/py3.7/freebsd.txt @@ -92,7 +92,7 @@ timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in typing-extensions==3.10.0.0 # via importlib-metadata -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.7/linux.txt b/requirements/static/pkg/py3.7/linux.txt index 0b88348435bd..678c9ca8935a 100644 --- a/requirements/static/pkg/py3.7/linux.txt +++ b/requirements/static/pkg/py3.7/linux.txt @@ -92,7 +92,7 @@ timelib==0.2.5 # via -r requirements/static/pkg/linux.in typing-extensions==3.10.0.0 # via importlib-metadata -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index 99733fb8079b..60d844351eed 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -130,7 +130,7 @@ typing-extensions==3.10.0.0 # via # gitpython # importlib-metadata -urllib3==1.26.6 +urllib3==2.0.6 # via # -r requirements/windows.txt # requests diff --git a/requirements/static/pkg/py3.8/freebsd.txt b/requirements/static/pkg/py3.8/freebsd.txt index fd731dee62d7..ef0df9d3ee5d 100644 --- a/requirements/static/pkg/py3.8/freebsd.txt +++ b/requirements/static/pkg/py3.8/freebsd.txt @@ -90,7 +90,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.8/linux.txt b/requirements/static/pkg/py3.8/linux.txt index 82dde6a54965..e561616094a8 100644 --- a/requirements/static/pkg/py3.8/linux.txt +++ b/requirements/static/pkg/py3.8/linux.txt @@ -90,7 +90,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/linux.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index c1eff89b5695..9b2261039a0f 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -126,7 +126,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/windows.txt -urllib3==1.26.6 +urllib3==2.0.6 # via # -r requirements/windows.txt # requests diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index 2acb0ce72571..f96e4ed8b116 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -109,7 +109,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/darwin.txt -urllib3==1.26.6 +urllib3==2.0.6 # via requests vultr==1.0.1 # via -r requirements/darwin.txt diff --git a/requirements/static/pkg/py3.9/freebsd.txt b/requirements/static/pkg/py3.9/freebsd.txt index 04cd71935915..ab146d121aba 100644 --- a/requirements/static/pkg/py3.9/freebsd.txt +++ b/requirements/static/pkg/py3.9/freebsd.txt @@ -92,7 +92,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/freebsd.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.9/linux.txt b/requirements/static/pkg/py3.9/linux.txt index 870ee43ba11d..9430433f1b1e 100644 --- a/requirements/static/pkg/py3.9/linux.txt +++ b/requirements/static/pkg/py3.9/linux.txt @@ -92,7 +92,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/static/pkg/linux.in -urllib3==1.26.6 +urllib3==2.0.6 # via requests zc.lockfile==1.4 # via cherrypy diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index c9cc3c067dc3..2500bf4d1e39 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -126,7 +126,7 @@ tempora==4.1.1 # via portend timelib==0.2.5 # via -r requirements/windows.txt -urllib3==1.26.6 +urllib3==2.0.6 # via # -r requirements/windows.txt # requests From db4636b4021ffc7b904ea8ee44b944b5b6efdcc9 Mon Sep 17 00:00:00 2001 From: ScriptAutomate Date: Tue, 10 Oct 2023 13:17:18 -0500 Subject: [PATCH 48/54] [3005.4] Update Amazon Linux 2 AMI --- cicd/amis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/amis.yml b/cicd/amis.yml index 5197c9b51e47..d7792c7ef938 100644 --- a/cicd/amis.yml +++ b/cicd/amis.yml @@ -1,5 +1,5 @@ alma-8-x86_64: ami-0594d7cf435c3d2f7 -amazon-2-x86_64: ami-09682e96e7785642d +amazon-2-x86_64: ami-01cef47eb0f1d5363 arch-lts-x86_64: ami-018a6b479dcb87969 centos-7-x86_64: ami-05764f27cdf8f99e0 centosstream-8-x86_64: ami-02fc0a57f9b1fa4ed From ec38a2e5bb7451df0933ca3b02690f40ba8a714b Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Wed, 11 Oct 2023 09:01:36 -0600 Subject: [PATCH 49/54] [3006.4] Update gitpython to 3.1.37 --- changelog/65383.security.md | 1 + requirements/darwin.txt | 2 +- requirements/static/ci/common.in | 2 +- requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.10/windows.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.10/windows.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- requirements/windows.txt | 2 +- 32 files changed, 32 insertions(+), 31 deletions(-) create mode 100644 changelog/65383.security.md diff --git a/changelog/65383.security.md b/changelog/65383.security.md new file mode 100644 index 000000000000..d7a4d86f94d6 --- /dev/null +++ b/changelog/65383.security.md @@ -0,0 +1 @@ +Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c diff --git a/requirements/darwin.txt b/requirements/darwin.txt index 7e9fccb25dcd..fc689ebb13b8 100644 --- a/requirements/darwin.txt +++ b/requirements/darwin.txt @@ -5,7 +5,7 @@ apache-libcloud>=2.4.0 cherrypy>=17.4.1 cryptography>=41.0.3 -gitpython>=3.1.35 +gitpython>=3.1.37 idna>=2.8 linode-python>=1.1.1 pyasn1>=0.4.8 diff --git a/requirements/static/ci/common.in b/requirements/static/ci/common.in index ca4663b38055..21d26ddb4800 100644 --- a/requirements/static/ci/common.in +++ b/requirements/static/ci/common.in @@ -14,7 +14,7 @@ croniter>=0.3.0,!=0.3.22"; sys_platform != 'win32' dnspython docker etcd3-py==0.1.6 -gitpython>=3.1.35 +gitpython>=3.1.37 jmespath jsonschema junos-eznc; sys_platform != 'win32' and python_version <= '3.10' diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index 5ecd1d9b654a..9de8768d2321 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -432,7 +432,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 65e51c1fa5f7..db1dd68dfad0 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -430,7 +430,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -r requirements/darwin.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 1a8856b54730..008fdce604a4 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -429,7 +429,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index dd8769b2d2bc..f384c6c3124d 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -427,7 +427,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index 8f9946909738..9b345d0836ca 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -443,7 +443,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index 3fae46375430..2b72e08326c2 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -111,7 +111,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index ffafc70cb5d6..318ade84aa07 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -444,7 +444,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 408377d55078..cdea75c32f11 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -441,7 +441,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index f1f2f6ea4fe4..970a0502c58e 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -441,7 +441,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 30444a687c5e..c10ad5cb3be6 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -455,7 +455,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 7ef90d82ad2b..cd931be34c88 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -117,7 +117,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index 943675c9f555..08b1512955be 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -442,7 +442,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 1bde4d188993..81a1377522b0 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index 37391798b2cf..5c74f46f3ec2 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index d2cd10082436..41ed82778346 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -453,7 +453,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 9aba30cafa87..64819ffb2632 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -113,7 +113,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index d54814113850..b51469f9b58e 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -442,7 +442,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 90cbc5f22e4d..af967b835395 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -440,7 +440,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -r requirements/darwin.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index e45b1cf5e800..09ef061ecbfd 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 4201e01999ea..7a5d64abfb83 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -437,7 +437,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index d278e2bbf686..93fe29110ec8 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -455,7 +455,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index cc37f0e1429d..698a206e1fad 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -113,7 +113,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index eee8b8835a70..f44090815351 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/darwin.txt idna==2.8 # via diff --git a/requirements/static/pkg/py3.10/windows.txt b/requirements/static/pkg/py3.10/windows.txt index 6945e3eac543..3b42a56fa241 100644 --- a/requirements/static/pkg/py3.10/windows.txt +++ b/requirements/static/pkg/py3.10/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index 9ad0601b5fcc..cceb48e7e741 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index 6e8ac4fc6535..0bcdc7e8e8ff 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index 8ed6a476f3e5..b229d01adb0d 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.5 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/darwin.txt idna==2.8 # via diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index 11423afa70b7..247b74c74740 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -31,7 +31,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.35 +gitpython==3.1.37 # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/windows.txt b/requirements/windows.txt index b2553ae2fca3..19ae0c889df6 100644 --- a/requirements/windows.txt +++ b/requirements/windows.txt @@ -10,7 +10,7 @@ certifi>=2022.12.07 cffi>=1.14.5 cherrypy>=18.6.1 cryptography>=41.0.3 -gitpython>=3.1.35 +gitpython>=3.1.37 ioloop>=0.1a0 lxml>=4.6.3 pyasn1>=0.4.8 From e37fbda4de3f428fb1d3a1dd9c2bb834304365da Mon Sep 17 00:00:00 2001 From: Salt Project Packaging Date: Mon, 16 Oct 2023 17:32:52 +0000 Subject: [PATCH 50/54] Release v3006.4 --- CHANGELOG.md | 14 +++++++++ changelog/65163.security.md | 1 - changelog/65268.security.md | 1 - changelog/65316.security.md | 1 - changelog/65334.security.md | 1 - changelog/65383.security.md | 1 - changelog/cve-2023-34049.security.md | 2 -- doc/man/salt-api.1 | 2 +- doc/man/salt-call.1 | 2 +- doc/man/salt-cloud.1 | 2 +- doc/man/salt-cp.1 | 2 +- doc/man/salt-key.1 | 2 +- doc/man/salt-master.1 | 2 +- doc/man/salt-minion.1 | 2 +- doc/man/salt-proxy.1 | 2 +- doc/man/salt-run.1 | 2 +- doc/man/salt-ssh.1 | 2 +- doc/man/salt-syndic.1 | 2 +- doc/man/salt.1 | 2 +- doc/man/salt.7 | 25 ++++++++++++++-- doc/man/spm.1 | 2 +- doc/topics/releases/3006.4.md | 29 +++++++++++++++++++ .../releases/templates/3006.4.md.template | 14 +++++++++ pkg/debian/changelog | 16 ++++++++++ pkg/rpm/salt.spec | 15 +++++++++- 25 files changed, 122 insertions(+), 24 deletions(-) delete mode 100644 changelog/65163.security.md delete mode 100644 changelog/65268.security.md delete mode 100644 changelog/65316.security.md delete mode 100644 changelog/65334.security.md delete mode 100644 changelog/65383.security.md delete mode 100644 changelog/cve-2023-34049.security.md create mode 100644 doc/topics/releases/3006.4.md create mode 100644 doc/topics/releases/templates/3006.4.md.template diff --git a/CHANGELOG.md b/CHANGELOG.md index 9035a3667df6..f82a29c7b336 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,20 @@ Versions are `MAJOR.PATCH`. # Changelog +## 3006.4 (2023-10-16) + + +### Security + +- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt-ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049) +- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163) +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) +- Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316) +- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334) +- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383) + + ## 3006.3 (2023-09-06) diff --git a/changelog/65163.security.md b/changelog/65163.security.md deleted file mode 100644 index 8d6f57c7d0c7..000000000000 --- a/changelog/65163.security.md +++ /dev/null @@ -1 +0,0 @@ -Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c diff --git a/changelog/65268.security.md b/changelog/65268.security.md deleted file mode 100644 index 15588570ad69..000000000000 --- a/changelog/65268.security.md +++ /dev/null @@ -1 +0,0 @@ -Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 diff --git a/changelog/65316.security.md b/changelog/65316.security.md deleted file mode 100644 index f9afcd0a7e48..000000000000 --- a/changelog/65316.security.md +++ /dev/null @@ -1 +0,0 @@ -Upgrade relenv to 0.13.12 to address CVE-2023-4807 diff --git a/changelog/65334.security.md b/changelog/65334.security.md deleted file mode 100644 index 9f1e2ecb0a81..000000000000 --- a/changelog/65334.security.md +++ /dev/null @@ -1 +0,0 @@ -Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f diff --git a/changelog/65383.security.md b/changelog/65383.security.md deleted file mode 100644 index d7a4d86f94d6..000000000000 --- a/changelog/65383.security.md +++ /dev/null @@ -1 +0,0 @@ -Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c diff --git a/changelog/cve-2023-34049.security.md b/changelog/cve-2023-34049.security.md deleted file mode 100644 index 6b0ca190a277..000000000000 --- a/changelog/cve-2023-34049.security.md +++ /dev/null @@ -1,2 +0,0 @@ -Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. -This only impacts salt-ssh users using the pre-flight option. diff --git a/doc/man/salt-api.1 b/doc/man/salt-api.1 index 1b084240c54a..cfbe64d172ad 100644 --- a/doc/man/salt-api.1 +++ b/doc/man/salt-api.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-API" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-API" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-api \- salt-api Command .sp diff --git a/doc/man/salt-call.1 b/doc/man/salt-call.1 index 56c5c5c83191..2a964330511f 100644 --- a/doc/man/salt-call.1 +++ b/doc/man/salt-call.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CALL" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-CALL" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-call \- salt-call Documentation .SH SYNOPSIS diff --git a/doc/man/salt-cloud.1 b/doc/man/salt-cloud.1 index 757a3e1eb9d7..e3866a63e31e 100644 --- a/doc/man/salt-cloud.1 +++ b/doc/man/salt-cloud.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CLOUD" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-CLOUD" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-cloud \- Salt Cloud Command .sp diff --git a/doc/man/salt-cp.1 b/doc/man/salt-cp.1 index e3386d6d343e..0ad964aaf7b5 100644 --- a/doc/man/salt-cp.1 +++ b/doc/man/salt-cp.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CP" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-CP" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-cp \- salt-cp Documentation .sp diff --git a/doc/man/salt-key.1 b/doc/man/salt-key.1 index 7aca0353f865..913c2cf5b9ed 100644 --- a/doc/man/salt-key.1 +++ b/doc/man/salt-key.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-KEY" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-KEY" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-key \- salt-key Documentation .SH SYNOPSIS diff --git a/doc/man/salt-master.1 b/doc/man/salt-master.1 index 1762910298ed..b8bd9056ff33 100644 --- a/doc/man/salt-master.1 +++ b/doc/man/salt-master.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-MASTER" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-MASTER" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-master \- salt-master Documentation .sp diff --git a/doc/man/salt-minion.1 b/doc/man/salt-minion.1 index 62aeafada86e..5fb106bf3f29 100644 --- a/doc/man/salt-minion.1 +++ b/doc/man/salt-minion.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-MINION" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-MINION" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-minion \- salt-minion Documentation .sp diff --git a/doc/man/salt-proxy.1 b/doc/man/salt-proxy.1 index 1475d70de9e0..97fdfa6c6ae5 100644 --- a/doc/man/salt-proxy.1 +++ b/doc/man/salt-proxy.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-PROXY" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-PROXY" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-proxy \- salt-proxy Documentation .sp diff --git a/doc/man/salt-run.1 b/doc/man/salt-run.1 index 0efc3d39e35f..6954234ae0c0 100644 --- a/doc/man/salt-run.1 +++ b/doc/man/salt-run.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-RUN" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-RUN" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-run \- salt-run Documentation .sp diff --git a/doc/man/salt-ssh.1 b/doc/man/salt-ssh.1 index 743f004ec500..b085a6a6cde6 100644 --- a/doc/man/salt-ssh.1 +++ b/doc/man/salt-ssh.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-SSH" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-SSH" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-ssh \- salt-ssh Documentation .SH SYNOPSIS diff --git a/doc/man/salt-syndic.1 b/doc/man/salt-syndic.1 index 3a71a02eee7f..5e26b223e349 100644 --- a/doc/man/salt-syndic.1 +++ b/doc/man/salt-syndic.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-SYNDIC" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT-SYNDIC" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt-syndic \- salt-syndic Documentation .sp diff --git a/doc/man/salt.1 b/doc/man/salt.1 index 08cf0bc7b416..852508174cc9 100644 --- a/doc/man/salt.1 +++ b/doc/man/salt.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt \- salt .SH SYNOPSIS diff --git a/doc/man/salt.7 b/doc/man/salt.7 index 051ad6a0e759..37909803cad1 100644 --- a/doc/man/salt.7 +++ b/doc/man/salt.7 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT" "7" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SALT" "7" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME salt \- Salt Documentation .SH SALT PROJECT @@ -194128,7 +194128,7 @@ Passes through all the parameters described in the \fI\%utils.http.query function\fP: .INDENT 7.0 .TP -.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.3\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) +.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.4\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) Query a resource, and decode the return data .UNINDENT .INDENT 7.0 @@ -457626,7 +457626,7 @@ installed2 .UNINDENT .INDENT 0.0 .TP -.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt/salt/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs) +.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt\-priv/salt\-priv/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs) Install buildout in a specific directory .sp It is a thin wrapper to modules.buildout.buildout @@ -477556,6 +477556,25 @@ Addresses multiple CVEs in Python\(aqs dependencies: \fI\%https://docs.python.or .IP \(bu 2 Update to \fBgitpython>=3.1.32\fP due to \fI\%https://github.com/advisories/GHSA\-pr76\-5cm5\-w9cj\fP \fI\%#64988\fP .UNINDENT +(release\-3006.4)= +.SS Salt 3006.4 release notes +.SS Changelog +.SS Security +.INDENT 0.0 +.IP \(bu 2 +Fix CVE\-2023\-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. +This only impacts salt\-ssh users using the pre\-flight option. \fI\%#cve\-2023\-34049\fP +.IP \(bu 2 +Update to \fBgitpython>=3.1.35\fP due to \fI\%https://github.com/advisories/GHSA\-wfm5\-v35h\-vwf4\fP and \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP \fI\%#65163\fP +.IP \(bu 2 +Bump to \fBcryptography==41.0.4\fP due to \fI\%https://github.com/advisories/GHSA\-v8gr\-m533\-ghj9\fP \fI\%#65268\fP +.IP \(bu 2 +Upgrade relenv to 0.13.12 to address CVE\-2023\-4807 \fI\%#65316\fP +.IP \(bu 2 +Bump to \fBurllib3==1.26.17\fP or \fBurllib3==2.0.6\fP due to \fI\%https://github.com/advisories/GHSA\-v845\-jxx5\-vc9f\fP \fI\%#65334\fP +.IP \(bu 2 +Bump to \fBgitpython==3.1.37\fP due to \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP \fI\%#65383\fP +.UNINDENT .sp See \fI\%Install a release candidate\fP for more information about installing an RC when one is available. diff --git a/doc/man/spm.1 b/doc/man/spm.1 index 9353636a20b8..686ce512eeba 100644 --- a/doc/man/spm.1 +++ b/doc/man/spm.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SPM" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt" +.TH "SPM" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" .SH NAME spm \- Salt Package Manager Command .sp diff --git a/doc/topics/releases/3006.4.md b/doc/topics/releases/3006.4.md new file mode 100644 index 000000000000..83478f1cc994 --- /dev/null +++ b/doc/topics/releases/3006.4.md @@ -0,0 +1,29 @@ +(release-3006.4)= +# Salt 3006.4 release notes + + + + + + + +## Changelog + +### Security + +- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt-ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049) +- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163) +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) +- Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316) +- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334) +- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383) diff --git a/doc/topics/releases/templates/3006.4.md.template b/doc/topics/releases/templates/3006.4.md.template new file mode 100644 index 000000000000..a11ede9bf4c8 --- /dev/null +++ b/doc/topics/releases/templates/3006.4.md.template @@ -0,0 +1,14 @@ +(release-3006.4)= +# Salt 3006.4 release notes{{ unreleased }} +{{ warning }} + + + + +## Changelog +{{ changelog }} diff --git a/pkg/debian/changelog b/pkg/debian/changelog index bd27fccf007a..e45d8665d162 100644 --- a/pkg/debian/changelog +++ b/pkg/debian/changelog @@ -1,3 +1,19 @@ +salt (3006.4) stable; urgency=medium + + + # Security + + * Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt*ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049) + * Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163) + * Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) + * Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316) + * Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334) + * Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383) + + + -- Salt Project Packaging Mon, 16 Oct 2023 17:22:41 +0000 + salt (3006.3) stable; urgency=medium diff --git a/pkg/rpm/salt.spec b/pkg/rpm/salt.spec index eaeae33320fa..6cc4e85c23c3 100644 --- a/pkg/rpm/salt.spec +++ b/pkg/rpm/salt.spec @@ -31,7 +31,7 @@ %define fish_dir %{_datadir}/fish/vendor_functions.d Name: salt -Version: 3006.3 +Version: 3006.4 Release: 0 Summary: A parallel remote execution system Group: System Environment/Daemons @@ -563,6 +563,19 @@ fi %changelog +* Mon Oct 16 2023 Salt Project Packaging - 3006.4 + +# Security + +- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt-ssh users using the pre-flight option. [#cve-2023-34049](https://github.com/saltstack/salt/issues/cve-2023-34049) +- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65163](https://github.com/saltstack/salt/issues/65163) +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) +- Upgrade relenv to 0.13.12 to address CVE-2023-4807 [#65316](https://github.com/saltstack/salt/issues/65316) +- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f [#65334](https://github.com/saltstack/salt/issues/65334) +- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65383](https://github.com/saltstack/salt/issues/65383) + + * Wed Sep 06 2023 Salt Project Packaging - 3006.3 # Removed From 1184c5ebfaae8458b7ba27c9965adfd9216c311c Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Wed, 11 Oct 2023 08:51:56 -0600 Subject: [PATCH 51/54] [3005.4] Update gitpython to 3.1.37 --- changelog/65383.security | 1 + requirements/darwin.txt | 2 +- requirements/static/ci/common.in | 2 +- requirements/static/ci/py3.10/cloud.txt | 2 +- requirements/static/ci/py3.10/darwin.txt | 2 +- requirements/static/ci/py3.10/docs.txt | 2 +- requirements/static/ci/py3.10/freebsd.txt | 2 +- requirements/static/ci/py3.10/lint.txt | 2 +- requirements/static/ci/py3.10/linux.txt | 2 +- requirements/static/ci/py3.7/cloud.txt | 2 +- requirements/static/ci/py3.7/docs.txt | 2 +- requirements/static/ci/py3.7/freebsd.txt | 2 +- requirements/static/ci/py3.7/lint.txt | 2 +- requirements/static/ci/py3.7/linux.txt | 2 +- requirements/static/ci/py3.7/windows.txt | 2 +- requirements/static/ci/py3.8/cloud.txt | 2 +- requirements/static/ci/py3.8/docs.txt | 2 +- requirements/static/ci/py3.8/freebsd.txt | 2 +- requirements/static/ci/py3.8/lint.txt | 2 +- requirements/static/ci/py3.8/linux.txt | 2 +- requirements/static/ci/py3.8/windows.txt | 2 +- requirements/static/ci/py3.9/cloud.txt | 2 +- requirements/static/ci/py3.9/darwin.txt | 2 +- requirements/static/ci/py3.9/docs.txt | 2 +- requirements/static/ci/py3.9/freebsd.txt | 2 +- requirements/static/ci/py3.9/lint.txt | 2 +- requirements/static/ci/py3.9/linux.txt | 2 +- requirements/static/ci/py3.9/windows.txt | 2 +- requirements/static/pkg/py3.10/darwin.txt | 2 +- requirements/static/pkg/py3.7/windows.txt | 2 +- requirements/static/pkg/py3.8/windows.txt | 2 +- requirements/static/pkg/py3.9/darwin.txt | 2 +- requirements/static/pkg/py3.9/windows.txt | 2 +- requirements/windows.txt | 2 +- 34 files changed, 34 insertions(+), 33 deletions(-) create mode 100644 changelog/65383.security diff --git a/changelog/65383.security b/changelog/65383.security new file mode 100644 index 000000000000..d7a4d86f94d6 --- /dev/null +++ b/changelog/65383.security @@ -0,0 +1 @@ +Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c diff --git a/requirements/darwin.txt b/requirements/darwin.txt index c723a896dee6..e61265a9310f 100644 --- a/requirements/darwin.txt +++ b/requirements/darwin.txt @@ -9,7 +9,7 @@ cryptography>=41.0.3 ; python_version >= "3.7" cryptography<=40.0.2 ; python_version == "3.6" cryptography<=3.2.1 ; python_version <= "3.5" gitpython>=2.1.15 ; python_version <= "3.6" -gitpython>=3.1.35 ; python_version >= "3.7" +gitpython>=3.1.37 ; python_version >= "3.7" idna>=2.8 linode-python>=1.1.1 mako>=1.0.7 diff --git a/requirements/static/ci/common.in b/requirements/static/ci/common.in index 6defcad9fde2..be3a30727cf6 100644 --- a/requirements/static/ci/common.in +++ b/requirements/static/ci/common.in @@ -17,7 +17,7 @@ dnspython docker etcd3-py==0.1.6 ; python_version >= '3.6' gitpython>=2.1.15 ; python_version <= "3.6" -gitpython>=3.1.35 ; python_version >= "3.7" +gitpython>=3.1.37 ; python_version >= "3.7" jmespath jsonschema junos-eznc==2.4.0; sys_platform != 'win32' and python_version <= '3.9' diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index 6a85808c774f..38e94b85a202 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -427,7 +427,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 55b40a44ce84..ac3eede42cf4 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -428,7 +428,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via # -r requirements/darwin.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.10/docs.txt b/requirements/static/ci/py3.10/docs.txt index fd3a8fbb80d7..202bdbe0e7ca 100644 --- a/requirements/static/ci/py3.10/docs.txt +++ b/requirements/static/ci/py3.10/docs.txt @@ -429,7 +429,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 4cbd3c8e568f..19f1ff38a06b 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -425,7 +425,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index 0f1259f7fae9..20317a6ff2f7 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -425,7 +425,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index c35ad1305c0e..fe495f44a6a1 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -439,7 +439,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 230731944033..19755d08874c 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.7/docs.txt b/requirements/static/ci/py3.7/docs.txt index 2b752fc5f401..b432d2f9bc4a 100644 --- a/requirements/static/ci/py3.7/docs.txt +++ b/requirements/static/ci/py3.7/docs.txt @@ -443,7 +443,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index 5d973d418373..9d62e3e5bcd8 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -437,7 +437,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index c32356af790b..b099c2678d01 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 65ff4877046c..cbb48ffc1147 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -451,7 +451,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index d39a2c370207..279b06c7d993 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -113,7 +113,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index ac77ecc13ff2..a768ba3001ce 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -437,7 +437,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.8/docs.txt b/requirements/static/ci/py3.8/docs.txt index a84e86f21569..be504e720ab7 100644 --- a/requirements/static/ci/py3.8/docs.txt +++ b/requirements/static/ci/py3.8/docs.txt @@ -441,7 +441,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 766805cf7ea5..7d0ed289f219 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -435,7 +435,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index df356e75c32e..1f0b59b70a1b 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -437,7 +437,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 274fde2325f2..397d99741982 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -449,7 +449,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index ed29068ec306..b2fd444ce5e3 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -111,7 +111,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 562928442d7b..383f8b436674 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -437,7 +437,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.1.0 # via kubernetes diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index afeec28a1d4d..8d5b8786e42e 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -438,7 +438,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via # -r requirements/darwin.txt # -r requirements/static/ci/common.in diff --git a/requirements/static/ci/py3.9/docs.txt b/requirements/static/ci/py3.9/docs.txt index 8d7fb6f43023..f45ae26401d2 100644 --- a/requirements/static/ci/py3.9/docs.txt +++ b/requirements/static/ci/py3.9/docs.txt @@ -439,7 +439,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index a09f0e7578c8..776dd68c96c9 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -435,7 +435,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index e69756544c11..64035f63a0ee 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -435,7 +435,7 @@ geomet==0.2.1.post1 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==2.0.1 # via kubernetes diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index 01ca0c0e9e6e..e8f73ceb5a48 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -451,7 +451,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/static/ci/common.in google-auth==1.6.3 # via kubernetes diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index edc7125397e8..b38ad09e31db 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -111,7 +111,7 @@ geomet==0.1.2 # via cassandra-driver gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via # -r requirements/static/ci/common.in # -r requirements/windows.txt diff --git a/requirements/static/pkg/py3.10/darwin.txt b/requirements/static/pkg/py3.10/darwin.txt index 9a684e23867e..fe43b275dfd0 100644 --- a/requirements/static/pkg/py3.10/darwin.txt +++ b/requirements/static/pkg/py3.10/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/darwin.txt idna==2.8 # via diff --git a/requirements/static/pkg/py3.7/windows.txt b/requirements/static/pkg/py3.7/windows.txt index 60d844351eed..fc4ea5e330b7 100644 --- a/requirements/static/pkg/py3.7/windows.txt +++ b/requirements/static/pkg/py3.7/windows.txt @@ -28,7 +28,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.8/windows.txt b/requirements/static/pkg/py3.8/windows.txt index 9b2261039a0f..8cd71504140c 100644 --- a/requirements/static/pkg/py3.8/windows.txt +++ b/requirements/static/pkg/py3.8/windows.txt @@ -28,7 +28,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/static/pkg/py3.9/darwin.txt b/requirements/static/pkg/py3.9/darwin.txt index f96e4ed8b116..9614f7709032 100644 --- a/requirements/static/pkg/py3.9/darwin.txt +++ b/requirements/static/pkg/py3.9/darwin.txt @@ -26,7 +26,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.5 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/darwin.txt idna==2.8 # via diff --git a/requirements/static/pkg/py3.9/windows.txt b/requirements/static/pkg/py3.9/windows.txt index 2500bf4d1e39..1ed6dfa76b66 100644 --- a/requirements/static/pkg/py3.9/windows.txt +++ b/requirements/static/pkg/py3.9/windows.txt @@ -28,7 +28,7 @@ distro==1.5.0 # via -r requirements/base.txt gitdb==4.0.7 # via gitpython -gitpython==3.1.35 ; python_version >= "3.7" +gitpython==3.1.37 ; python_version >= "3.7" # via -r requirements/windows.txt idna==2.8 # via requests diff --git a/requirements/windows.txt b/requirements/windows.txt index 9784054f9215..aaa93f5e238c 100644 --- a/requirements/windows.txt +++ b/requirements/windows.txt @@ -15,7 +15,7 @@ cryptography>=41.0.3 ; python_version >= "3.7" cryptography<=40.0.2 ; python_version == "3.6" cryptography<=3.2.1 ; python_version <= "3.5" gitpython>=2.1.15 ; python_version <= "3.6" -gitpython>=3.1.35 ; python_version >= "3.7" +gitpython>=3.1.37 ; python_version >= "3.7" ioloop>=0.1a0 libnacl>=1.8.0 lxml>=4.6.3 From 1d983e40188ed2cc577c7d4de1e193d9abe8fa5c Mon Sep 17 00:00:00 2001 From: Megan Wilhite Date: Mon, 16 Oct 2023 13:43:24 -0600 Subject: [PATCH 52/54] Prepare release notes, changelog, and man pages for 3005.4 --- CHANGELOG.md | 13 +++++++++++ changelog/65267.security | 1 - changelog/65334.security | 1 - changelog/65383.security | 1 - changelog/cve-2023-34049.security | 2 -- doc/man/salt-api.1 | 2 +- doc/man/salt-call.1 | 2 +- doc/man/salt-cloud.1 | 2 +- doc/man/salt-cp.1 | 2 +- doc/man/salt-key.1 | 2 +- doc/man/salt-master.1 | 2 +- doc/man/salt-minion.1 | 2 +- doc/man/salt-proxy.1 | 2 +- doc/man/salt-run.1 | 2 +- doc/man/salt-ssh.1 | 2 +- doc/man/salt-syndic.1 | 2 +- doc/man/salt.1 | 2 +- doc/man/salt.7 | 39 ++++++++++++++++++++----------- doc/man/spm.1 | 2 +- doc/topics/releases/3005.4.rst | 17 ++++++++++++++ 20 files changed, 69 insertions(+), 31 deletions(-) delete mode 100644 changelog/65267.security delete mode 100644 changelog/65334.security delete mode 100644 changelog/65383.security delete mode 100644 changelog/cve-2023-34049.security create mode 100644 doc/topics/releases/3005.4.rst diff --git a/CHANGELOG.md b/CHANGELOG.md index f9fca0d973f3..221549c4168f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,19 @@ Versions are `MAJOR.PATCH`. # Changelog +Salt v3005.4 (2023-10-16) +========================= + +Security +-------- + +- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt-ssh users using the pre-flight option. (cve-2023-34049) +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 (#65267) +- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f (#65334) +- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c (#65383) + + ## Salt v3005.3 (2023-09-14) ### Fixed diff --git a/changelog/65267.security b/changelog/65267.security deleted file mode 100644 index 15588570ad69..000000000000 --- a/changelog/65267.security +++ /dev/null @@ -1 +0,0 @@ -Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 diff --git a/changelog/65334.security b/changelog/65334.security deleted file mode 100644 index 9f1e2ecb0a81..000000000000 --- a/changelog/65334.security +++ /dev/null @@ -1 +0,0 @@ -Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f diff --git a/changelog/65383.security b/changelog/65383.security deleted file mode 100644 index d7a4d86f94d6..000000000000 --- a/changelog/65383.security +++ /dev/null @@ -1 +0,0 @@ -Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c diff --git a/changelog/cve-2023-34049.security b/changelog/cve-2023-34049.security deleted file mode 100644 index 6b0ca190a277..000000000000 --- a/changelog/cve-2023-34049.security +++ /dev/null @@ -1,2 +0,0 @@ -Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. -This only impacts salt-ssh users using the pre-flight option. diff --git a/doc/man/salt-api.1 b/doc/man/salt-api.1 index c42435a5ec1d..f93a48080316 100644 --- a/doc/man/salt-api.1 +++ b/doc/man/salt-api.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-API" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-API" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-api \- salt-api Command . diff --git a/doc/man/salt-call.1 b/doc/man/salt-call.1 index d6778f60f25e..2a1ec1051c53 100644 --- a/doc/man/salt-call.1 +++ b/doc/man/salt-call.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-CALL" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-CALL" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-call \- salt-call Documentation . diff --git a/doc/man/salt-cloud.1 b/doc/man/salt-cloud.1 index 54690b7655c9..d2906e9ad330 100644 --- a/doc/man/salt-cloud.1 +++ b/doc/man/salt-cloud.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-CLOUD" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-CLOUD" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-cloud \- Salt Cloud Command . diff --git a/doc/man/salt-cp.1 b/doc/man/salt-cp.1 index 1f03be91abee..1c342aa60c00 100644 --- a/doc/man/salt-cp.1 +++ b/doc/man/salt-cp.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-CP" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-CP" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-cp \- salt-cp Documentation . diff --git a/doc/man/salt-key.1 b/doc/man/salt-key.1 index 568a2fd63969..978fa8f106a9 100644 --- a/doc/man/salt-key.1 +++ b/doc/man/salt-key.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-KEY" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-KEY" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-key \- salt-key Documentation . diff --git a/doc/man/salt-master.1 b/doc/man/salt-master.1 index 86731be26854..e22e558d2ef5 100644 --- a/doc/man/salt-master.1 +++ b/doc/man/salt-master.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-MASTER" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-MASTER" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-master \- salt-master Documentation . diff --git a/doc/man/salt-minion.1 b/doc/man/salt-minion.1 index b53b93500d0e..8cccf72a0770 100644 --- a/doc/man/salt-minion.1 +++ b/doc/man/salt-minion.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-MINION" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-MINION" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-minion \- salt-minion Documentation . diff --git a/doc/man/salt-proxy.1 b/doc/man/salt-proxy.1 index b8e82cad1c05..cefa21525407 100644 --- a/doc/man/salt-proxy.1 +++ b/doc/man/salt-proxy.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-PROXY" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-PROXY" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-proxy \- salt-proxy Documentation . diff --git a/doc/man/salt-run.1 b/doc/man/salt-run.1 index 02b286b287ea..f710a86474df 100644 --- a/doc/man/salt-run.1 +++ b/doc/man/salt-run.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-RUN" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-RUN" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-run \- salt-run Documentation . diff --git a/doc/man/salt-ssh.1 b/doc/man/salt-ssh.1 index 98a488f2b08a..f4c26cb5d553 100644 --- a/doc/man/salt-ssh.1 +++ b/doc/man/salt-ssh.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-SSH" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-SSH" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-ssh \- salt-ssh Documentation . diff --git a/doc/man/salt-syndic.1 b/doc/man/salt-syndic.1 index 19ee53945180..7c981e737a9e 100644 --- a/doc/man/salt-syndic.1 +++ b/doc/man/salt-syndic.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-SYNDIC" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT-SYNDIC" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt-syndic \- salt-syndic Documentation . diff --git a/doc/man/salt.1 b/doc/man/salt.1 index 2302acd46540..5ee91d6afc90 100644 --- a/doc/man/salt.1 +++ b/doc/man/salt.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SALT" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME salt \- salt . diff --git a/doc/man/salt.7 b/doc/man/salt.7 index 295694bb9771..2718ffd2bfd7 100644 --- a/doc/man/salt.7 +++ b/doc/man/salt.7 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT" "7" "Sep 14, 2023" "3005" "Salt" +.TH "SALT" "7" "Oct 16, 2023" "3005" "Salt" .SH NAME salt \- Salt Documentation . @@ -151127,7 +151127,7 @@ salt \(aq*\(aq cmd.powershell_all "dir mydirectory" force_list=True .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.retcode(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/fish\(aq, python_shell=None, env=None, clean_env=False, template=None, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, password=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) +.B salt.modules.cmdmod.retcode(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, password=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) Execute a shell command and return the command\(aqs return code. .INDENT 7.0 .TP @@ -151386,7 +151386,7 @@ salt \(aq*\(aq cmd.retcode "grep f" stdin=\(aqone\entwo\enthree\enfour\enfive\en .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/fish\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, bg=False, password=None, encoded_cmd=False, raise_err=False, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) +.B salt.modules.cmdmod.run(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, bg=False, password=None, encoded_cmd=False, raise_err=False, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) Execute the passed command and return the output as a string .INDENT 7.0 .TP @@ -151767,7 +151767,7 @@ salt \(aq*\(aq cmd.run cmd=\(aqsed \-e s/=/:/g\(aq .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run_all(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/fish\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, redirect_stderr=False, password=None, encoded_cmd=False, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) +.B salt.modules.cmdmod.run_all(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, redirect_stderr=False, password=None, encoded_cmd=False, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) Execute the passed command and return a dict of return data .INDENT 7.0 .TP @@ -152110,7 +152110,7 @@ salt \(aq*\(aq cmd.run_all "grep f" stdin=\(aqone\entwo\enthree\enfour\enfive\en .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run_bg(cmd, cwd=None, runas=None, group=None, shell=\(aq/usr/bin/fish\(aq, python_shell=None, env=None, clean_env=False, template=None, umask=None, timeout=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, password=None, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) +.B salt.modules.cmdmod.run_bg(cmd, cwd=None, runas=None, group=None, shell=\(aq/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, umask=None, timeout=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, password=None, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) New in version 2016.3.0. .sp @@ -152411,7 +152411,7 @@ salt \(aq*\(aq cmd.run_bg cmd=\(aqls \-lR / | sed \-e s/=/:/g > /tmp/dontwait\(a .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run_chroot(root, cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/fish\(aq, python_shell=True, binds=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqquiet\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, bg=False, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) +.B salt.modules.cmdmod.run_chroot(root, cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/zsh\(aq, python_shell=True, binds=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqquiet\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, bg=False, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) New in version 2014.7.0. .sp @@ -152632,7 +152632,7 @@ salt \(aq*\(aq cmd.run_chroot /var/lib/lxc/container_name/rootfs \(aqsh /tmp/boo .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run_stderr(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/fish\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, password=None, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) +.B salt.modules.cmdmod.run_stderr(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, password=None, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) Execute a command and only return the standard error .INDENT 7.0 .TP @@ -152909,7 +152909,7 @@ salt \(aq*\(aq cmd.run_stderr "grep f" stdin=\(aqone\entwo\enthree\enfour\enfive .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run_stdout(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/fish\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, password=None, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) +.B salt.modules.cmdmod.run_stdout(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, password=None, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) Execute a command, and only return the standard out .INDENT 7.0 .TP @@ -153186,7 +153186,7 @@ salt \(aq*\(aq cmd.run_stdout "grep f" stdin=\(aqone\entwo\enthree\enfour\enfive .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.script(source, args=None, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/fish\(aq, python_shell=None, env=None, template=None, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, saltenv=None, use_vt=False, bg=False, password=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) +.B salt.modules.cmdmod.script(source, args=None, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/zsh\(aq, python_shell=None, env=None, template=None, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, saltenv=None, use_vt=False, bg=False, password=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) Download a script from a remote location and execute the script locally. The script can be located on the salt master file server or on an HTTP/FTP server. @@ -153462,7 +153462,7 @@ salt \(aq*\(aq cmd.script salt://scripts/runme.sh stdin=\(aqone\entwo\enthree\en .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.script_retcode(source, args=None, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/fish\(aq, python_shell=None, env=None, template=\(aqjinja\(aq, umask=None, timeout=None, reset_system_locale=True, saltenv=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, use_vt=False, password=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) +.B salt.modules.cmdmod.script_retcode(source, args=None, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/zsh\(aq, python_shell=None, env=None, template=\(aqjinja\(aq, umask=None, timeout=None, reset_system_locale=True, saltenv=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, use_vt=False, password=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) Download a script from a remote location and execute the script locally. The script can be located on the salt master file server or on an HTTP/FTP server. @@ -153687,7 +153687,7 @@ salt \(aq*\(aq cmd.script_retcode salt://scripts/runme.sh stdin=\(aqone\entwo\en .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.shell(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/fish\(aq, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, bg=False, password=None, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) +.B salt.modules.cmdmod.shell(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/zsh\(aq, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=None, use_vt=False, bg=False, password=None, prepend_path=None, success_retcodes=None, success_stdout=None, success_stderr=None, **kwargs) Execute the passed command and return the output as a string. .sp New in version 2015.5.0. @@ -192875,7 +192875,7 @@ Passes through all the parameters described in the \fI\%utils.http.query function\fP: .INDENT 7.0 .TP -.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3005.2+47.gf78d44cb11\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) +.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3005.3+25.g1184c5ebfa\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) Query a resource, and decode the return data .UNINDENT .INDENT 7.0 @@ -448748,7 +448748,7 @@ installed2 .UNINDENT .INDENT 0.0 .TP -.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/home/vampas/projects/SaltStack/salt/branches/freeze/.nox/docs\-man\-compress\-true\-update\-true\-clean\-true/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs) +.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/home/ch3ll/git/salt/.nox/docs\-man\-compress\-false\-update\-true\-clean\-true/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs) Install buildout in a specific directory .sp It is a thin wrapper to modules.buildout.buildout @@ -468143,6 +468143,19 @@ Bump to \fIcertifi==2023.07.22\fP due to \fI\%https://github.com/advisories/GHSA .sp Python 3.5 cannot get the updated requirements since certifi no longer supports this python version (#64720) .UNINDENT +.SS Salt 3005.3 Release Notes +.sp +Version 3005.3 is a Bug fix release for 3005\&. +.SS Changed +.INDENT 0.0 +.IP \(bu 2 +Fix __env__ and improve cache cleaning see more info at pull #65017. (#65002) +.UNINDENT +.SS Security +.INDENT 0.0 +.IP \(bu 2 +Update to \fIgitpython>=3.1.35\fP due to \fI\%https://github.com/advisories/GHSA\-wfm5\-v35h\-vwf4\fP and \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP (#65167) +.UNINDENT .SS Salt 3004 Release Notes \- Codename Silicon .SS New Features .SS Transactional System Support (MicroOS) diff --git a/doc/man/spm.1 b/doc/man/spm.1 index a5d2a65458ce..a5be93e66a2d 100644 --- a/doc/man/spm.1 +++ b/doc/man/spm.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SPM" "1" "Sep 14, 2023" "3005" "Salt" +.TH "SPM" "1" "Oct 16, 2023" "3005" "Salt" .SH NAME spm \- Salt Package Manager Command . diff --git a/doc/topics/releases/3005.4.rst b/doc/topics/releases/3005.4.rst new file mode 100644 index 000000000000..18f904e74a26 --- /dev/null +++ b/doc/topics/releases/3005.4.rst @@ -0,0 +1,17 @@ +.. _release-3005-4: + +========================= +Salt 3005.4 Release Notes +========================= + +Version 3005.4 is a CVE security fix release for :ref:`3005 `. + + +Security +-------- + +- Fix CVE-2023-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. + This only impacts salt-ssh users using the pre-flight option. (cve-2023-34049) +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 (#65267) +- Bump to `urllib3==1.26.17` or `urllib3==2.0.6` due to https://github.com/advisories/GHSA-v845-jxx5-vc9f (#65334) +- Bump to `gitpython==3.1.37` due to https://github.com/advisories/GHSA-cwvm-v4w8-q58c (#65383) From be3d892fc94e04fabbd4ffd4618346f3cfdbb795 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Sun, 29 Oct 2023 11:00:57 +0000 Subject: [PATCH 53/54] Remove `docker` from `requirements/static/ci/common.in` It was wrongly added whew resolving conflicts while merging forward Signed-off-by: Pedro Algarvio --- requirements/static/ci/common.in | 1 - requirements/static/ci/py3.10/cloud.txt | 1 - requirements/static/ci/py3.10/darwin.txt | 4 +--- requirements/static/ci/py3.10/freebsd.txt | 4 +--- requirements/static/ci/py3.10/lint.txt | 1 - requirements/static/ci/py3.10/linux.txt | 4 +--- requirements/static/ci/py3.10/windows.txt | 4 +--- requirements/static/ci/py3.7/cloud.txt | 1 - requirements/static/ci/py3.7/freebsd.txt | 4 +--- requirements/static/ci/py3.7/lint.txt | 1 - requirements/static/ci/py3.7/linux.txt | 4 +--- requirements/static/ci/py3.7/windows.txt | 4 +--- requirements/static/ci/py3.8/cloud.txt | 1 - requirements/static/ci/py3.8/freebsd.txt | 4 +--- requirements/static/ci/py3.8/lint.txt | 1 - requirements/static/ci/py3.8/linux.txt | 4 +--- requirements/static/ci/py3.8/windows.txt | 4 +--- requirements/static/ci/py3.9/cloud.txt | 1 - requirements/static/ci/py3.9/darwin.txt | 4 +--- requirements/static/ci/py3.9/freebsd.txt | 4 +--- requirements/static/ci/py3.9/lint.txt | 1 - requirements/static/ci/py3.9/linux.txt | 4 +--- requirements/static/ci/py3.9/windows.txt | 4 +--- 23 files changed, 14 insertions(+), 51 deletions(-) diff --git a/requirements/static/ci/common.in b/requirements/static/ci/common.in index c79319c9c9de..baaa7fc0da6d 100644 --- a/requirements/static/ci/common.in +++ b/requirements/static/ci/common.in @@ -14,7 +14,6 @@ cherrypy>=17.4.1 clustershell croniter>=0.3.0,!=0.3.22"; sys_platform != 'win32' dnspython -docker etcd3-py==0.1.6 gitpython>=3.1.37 jmespath diff --git a/requirements/static/ci/py3.10/cloud.txt b/requirements/static/ci/py3.10/cloud.txt index a265fd28680b..bff0998ec0d6 100644 --- a/requirements/static/ci/py3.10/cloud.txt +++ b/requirements/static/ci/py3.10/cloud.txt @@ -630,7 +630,6 @@ docker==6.1.3 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/pytest.txt - # -r requirements/static/ci/common.in etcd3-py==0.1.6 # via # -c requirements/static/ci/py3.10/linux.txt diff --git a/requirements/static/ci/py3.10/darwin.txt b/requirements/static/ci/py3.10/darwin.txt index 3327dc775cd8..ab71f7987bf5 100644 --- a/requirements/static/ci/py3.10/darwin.txt +++ b/requirements/static/ci/py3.10/darwin.txt @@ -420,9 +420,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.10/freebsd.txt b/requirements/static/ci/py3.10/freebsd.txt index 1656ffb29760..ab3910913c49 100644 --- a/requirements/static/ci/py3.10/freebsd.txt +++ b/requirements/static/ci/py3.10/freebsd.txt @@ -418,9 +418,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.10/lint.txt b/requirements/static/ci/py3.10/lint.txt index 911b90f64e64..a0eb57db6631 100644 --- a/requirements/static/ci/py3.10/lint.txt +++ b/requirements/static/ci/py3.10/lint.txt @@ -637,7 +637,6 @@ dnspython==1.16.0 docker==6.1.3 # via # -c requirements/static/ci/py3.10/linux.txt - # -r requirements/static/ci/common.in # -r requirements/static/ci/lint.in etcd3-py==0.1.6 # via diff --git a/requirements/static/ci/py3.10/linux.txt b/requirements/static/ci/py3.10/linux.txt index 4259b04c100c..2a267e08d2f0 100644 --- a/requirements/static/ci/py3.10/linux.txt +++ b/requirements/static/ci/py3.10/linux.txt @@ -432,9 +432,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.10/windows.txt b/requirements/static/ci/py3.10/windows.txt index dfb0a2453359..aa68c6708563 100644 --- a/requirements/static/ci/py3.10/windows.txt +++ b/requirements/static/ci/py3.10/windows.txt @@ -104,9 +104,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.7/cloud.txt b/requirements/static/ci/py3.7/cloud.txt index 885a65f3de2e..482fe4a01796 100644 --- a/requirements/static/ci/py3.7/cloud.txt +++ b/requirements/static/ci/py3.7/cloud.txt @@ -644,7 +644,6 @@ docker==6.1.3 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/pytest.txt - # -r requirements/static/ci/common.in etcd3-py==0.1.6 # via # -c requirements/static/ci/py3.7/linux.txt diff --git a/requirements/static/ci/py3.7/freebsd.txt b/requirements/static/ci/py3.7/freebsd.txt index bda1f9b87d2c..281969ebf98b 100644 --- a/requirements/static/ci/py3.7/freebsd.txt +++ b/requirements/static/ci/py3.7/freebsd.txt @@ -426,9 +426,7 @@ dnspython==1.16.0 # ciscoconfparse # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.7/lint.txt b/requirements/static/ci/py3.7/lint.txt index f360be3e4ee1..2e9f5f55d0ba 100644 --- a/requirements/static/ci/py3.7/lint.txt +++ b/requirements/static/ci/py3.7/lint.txt @@ -655,7 +655,6 @@ dnspython==1.16.0 docker==6.1.3 # via # -c requirements/static/ci/py3.7/linux.txt - # -r requirements/static/ci/common.in # -r requirements/static/ci/lint.in etcd3-py==0.1.6 # via diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index f2c689845a22..c66aae87b32c 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -442,9 +442,7 @@ dnspython==1.16.0 # ciscoconfparse # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.7/windows.txt b/requirements/static/ci/py3.7/windows.txt index 3b4170cf3799..358a269c22d7 100644 --- a/requirements/static/ci/py3.7/windows.txt +++ b/requirements/static/ci/py3.7/windows.txt @@ -110,9 +110,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.8/cloud.txt b/requirements/static/ci/py3.8/cloud.txt index c975392c71d5..f509db707253 100644 --- a/requirements/static/ci/py3.8/cloud.txt +++ b/requirements/static/ci/py3.8/cloud.txt @@ -640,7 +640,6 @@ docker==6.1.3 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/pytest.txt - # -r requirements/static/ci/common.in etcd3-py==0.1.6 # via # -c requirements/static/ci/py3.8/linux.txt diff --git a/requirements/static/ci/py3.8/freebsd.txt b/requirements/static/ci/py3.8/freebsd.txt index 4c9a48d36f15..ed7fe4bf658f 100644 --- a/requirements/static/ci/py3.8/freebsd.txt +++ b/requirements/static/ci/py3.8/freebsd.txt @@ -424,9 +424,7 @@ dnspython==1.16.0 # ciscoconfparse # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.8/lint.txt b/requirements/static/ci/py3.8/lint.txt index f2a0155f83b6..3ff68e1d3a66 100644 --- a/requirements/static/ci/py3.8/lint.txt +++ b/requirements/static/ci/py3.8/lint.txt @@ -651,7 +651,6 @@ dnspython==1.16.0 docker==6.1.3 # via # -c requirements/static/ci/py3.8/linux.txt - # -r requirements/static/ci/common.in # -r requirements/static/ci/lint.in etcd3-py==0.1.6 # via diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 881d9de7870e..5269b54d76fa 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -440,9 +440,7 @@ dnspython==1.16.0 # ciscoconfparse # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.8/windows.txt b/requirements/static/ci/py3.8/windows.txt index 4931960ab958..12557cc1db22 100644 --- a/requirements/static/ci/py3.8/windows.txt +++ b/requirements/static/ci/py3.8/windows.txt @@ -106,9 +106,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.9/cloud.txt b/requirements/static/ci/py3.9/cloud.txt index 20c458858887..27ff498e6971 100644 --- a/requirements/static/ci/py3.9/cloud.txt +++ b/requirements/static/ci/py3.9/cloud.txt @@ -640,7 +640,6 @@ docker==6.1.3 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/pytest.txt - # -r requirements/static/ci/common.in etcd3-py==0.1.6 # via # -c requirements/static/ci/py3.9/linux.txt diff --git a/requirements/static/ci/py3.9/darwin.txt b/requirements/static/ci/py3.9/darwin.txt index 8c71bb47fcbc..4d427fc1921c 100644 --- a/requirements/static/ci/py3.9/darwin.txt +++ b/requirements/static/ci/py3.9/darwin.txt @@ -426,9 +426,7 @@ dnspython==1.16.0 # ciscoconfparse # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.9/freebsd.txt b/requirements/static/ci/py3.9/freebsd.txt index 86e0cc67ce6e..1986be0a083d 100644 --- a/requirements/static/ci/py3.9/freebsd.txt +++ b/requirements/static/ci/py3.9/freebsd.txt @@ -424,9 +424,7 @@ dnspython==1.16.0 # ciscoconfparse # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.9/lint.txt b/requirements/static/ci/py3.9/lint.txt index 10b50ac28601..8f065ba5811a 100644 --- a/requirements/static/ci/py3.9/lint.txt +++ b/requirements/static/ci/py3.9/lint.txt @@ -651,7 +651,6 @@ dnspython==1.16.0 docker==6.1.3 # via # -c requirements/static/ci/py3.9/linux.txt - # -r requirements/static/ci/common.in # -r requirements/static/ci/lint.in etcd3-py==0.1.6 # via diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index d76be45ad3d4..0c5f49494bf3 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -440,9 +440,7 @@ dnspython==1.16.0 # ciscoconfparse # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 diff --git a/requirements/static/ci/py3.9/windows.txt b/requirements/static/ci/py3.9/windows.txt index ba3ae172329c..fbac0ca855dd 100644 --- a/requirements/static/ci/py3.9/windows.txt +++ b/requirements/static/ci/py3.9/windows.txt @@ -106,9 +106,7 @@ dnspython==1.16.0 # -r requirements/static/ci/common.in # python-etcd docker==6.1.3 - # via - # -r requirements/pytest.txt - # -r requirements/static/ci/common.in + # via -r requirements/pytest.txt etcd3-py==0.1.6 # via -r requirements/static/ci/common.in exceptiongroup==1.0.4 From e46e33ab9d0e8c9d3d64629d13bf9e94ef4484cb Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Sun, 29 Oct 2023 11:03:09 +0000 Subject: [PATCH 54/54] Remove unused variable Added while resolving conflicts from merge forward Signed-off-by: Pedro Algarvio --- tests/pytests/unit/fileclient/test_fileclient.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/pytests/unit/fileclient/test_fileclient.py b/tests/pytests/unit/fileclient/test_fileclient.py index 3dfc0ed0cbfb..0e072e5c36f4 100644 --- a/tests/pytests/unit/fileclient/test_fileclient.py +++ b/tests/pytests/unit/fileclient/test_fileclient.py @@ -116,9 +116,6 @@ def test_fileclient_timeout(minion_opts, master_opts): "request_channel_tries": 1, } ) - master_uri = "tcp://{master_ip}:{master_port}".format( - master_ip="localhost", master_port=minion_opts["master_port"] - ) def mock_dumps(*args): return b"meh"