diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2017-08-25 22:42:02 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-08-25 22:42:02 +0000 |
| commit | d64012dbd975e4d1a08e2cd554bfc80b3cb593ea (patch) | |
| tree | 121c3e876d9487cc144cb05bfaf5d980a48f7b61 /community | |
| parent | d4f8e1e2bb92522624f4e3b03cfa1c5032b4de3b (diff) | |
| download | aports-d64012dbd975e4d1a08e2cd554bfc80b3cb593ea.tar.bz2 aports-d64012dbd975e4d1a08e2cd554bfc80b3cb593ea.tar.xz | |
community/salt: security upgrade to 2017.7.1 (CVE-2017-12791)
fixes #7751
Diffstat (limited to 'community')
| -rw-r--r-- | community/salt/0001-alpine-support.patch | 641 | ||||
| -rw-r--r-- | community/salt/APKBUILD | 9 |
2 files changed, 4 insertions, 646 deletions
diff --git a/community/salt/0001-alpine-support.patch b/community/salt/0001-alpine-support.patch deleted file mode 100644 index c5f276c22c..0000000000 --- a/community/salt/0001-alpine-support.patch +++ /dev/null @@ -1,641 +0,0 @@ -Upstream code not released yet that will happen in next major version - Oxygen? ---- - -diff --git a/salt/modules/apk.py b/salt/modules/apk.py -new file mode 100644 -index 0000000..4c0efe0 ---- /dev/null -+++ b/salt/modules/apk.py -@@ -0,0 +1,619 @@ -+# -*- coding: utf-8 -*- -+''' -+Support for apk -+ -+.. important:: -+ If you feel that Salt should be using this module to manage packages on a -+ minion, and it is using a different module (or gives an error similar to -+ *'pkg.install' is not available*), see :ref:`here -+ <module-provider-override>`. -+ -+.. versionadded: Nitrogen -+ -+''' -+from __future__ import absolute_import -+ -+# Import python libs -+import copy -+import logging -+ -+# Import salt libs -+import salt.utils -+import salt.utils.itertools -+ -+from salt.exceptions import CommandExecutionError -+ -+log = logging.getLogger(__name__) -+ -+# Define the module's virtual name -+__virtualname__ = 'pkg' -+ -+ -+def __virtual__(): -+ ''' -+ Confirm this module is running on an Alpine Linux distribution -+ ''' -+ if __grains__.get('os_family', False) == 'Alpine': -+ return __virtualname__ -+ return (False, "Module apk only works on Alpine Linux based systems") -+ -+#def autoremove(list_only=False, purge=False): -+# return 'Not available' -+#def hold(name=None, pkgs=None, sources=None, **kwargs): # pylint: disable=W0613 -+# return 'Not available' -+#def unhold(name=None, pkgs=None, sources=None, **kwargs): # pylint: disable=W0613 -+# return 'Not available' -+#def upgrade_available(name): -+# return 'Not available' -+#def version_cmp(pkg1, pkg2, ignore_epoch=False): -+# return 'Not available' -+#def list_repos(): -+# return 'Not available' -+#def get_repo(repo, **kwargs): -+# return 'Not available' -+#def del_repo(repo, **kwargs): -+# return 'Not available' -+#def del_repo_key(name=None, **kwargs): -+# return 'Not available' -+#def mod_repo(repo, saltenv='base', **kwargs): -+# return 'Not available' -+#def expand_repo_def(**kwargs): -+# return 'Not available' -+#def get_selections(pattern=None, state=None): -+# return 'Not available' -+#def set_selections(path=None, selection=None, clear=False, saltenv='base'): -+# return 'Not available' -+#def info_installed(*names): -+# return 'Not available' -+ -+ -+def version(*names, **kwargs): -+ ''' -+ Returns a string representing the package version or an empty string if not -+ installed. If more than one package name is specified, a dict of -+ name/version pairs is returned. -+ -+ CLI Example: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.version <package name> -+ salt '*' pkg.version <package1> <package2> <package3> ... -+ ''' -+ return __salt__['pkg_resource.version'](*names, **kwargs) -+ -+ -+def refresh_db(): -+ ''' -+ Updates the package list -+ -+ - ``True``: Database updated successfully -+ - ``False``: Problem updating database -+ -+ CLI Example: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.refresh_db -+ ''' -+ ret = {} -+ cmd = ['apk', 'update'] -+ call = __salt__['cmd.run_all'](cmd, -+ output_loglevel='trace', -+ python_shell=False) -+ if call['retcode'] == 0: -+ errors = [] -+ ret = True -+ else: -+ errors = [call['stdout']] -+ ret = False -+ -+ if errors: -+ raise CommandExecutionError( -+ 'Problem encountered installing package(s)', -+ info={'errors': errors, 'changes': ret} -+ ) -+ -+ return ret -+ -+ -+def list_pkgs(versions_as_list=False, **kwargs): -+ ''' -+ List the packages currently installed in a dict:: -+ -+ {'<package_name>': '<version>'} -+ -+ CLI Example: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.list_pkgs -+ salt '*' pkg.list_pkgs versions_as_list=True -+ ''' -+ versions_as_list = salt.utils.is_true(versions_as_list) -+ # not yet implemented or not applicable -+ if any([salt.utils.is_true(kwargs.get(x)) -+ for x in ('removed', 'purge_desired')]): -+ return {} -+ -+ if 'pkg.list_pkgs' in __context__: -+ if versions_as_list: -+ return __context__['pkg.list_pkgs'] -+ else: -+ ret = copy.deepcopy(__context__['pkg.list_pkgs']) -+ __salt__['pkg_resource.stringify'](ret) -+ return ret -+ -+ cmd = ['apk', 'info', '-v'] -+ ret = {} -+ out = __salt__['cmd.run'](cmd, output_loglevel='trace', python_shell=False) -+ for line in salt.utils.itertools.split(out, '\n'): -+ pkg_version = '-'.join(line.split('-')[-2:]) -+ pkg_name = '-'.join(line.split('-')[:-2]) -+ __salt__['pkg_resource.add_pkg'](ret, pkg_name, pkg_version) -+ -+ __salt__['pkg_resource.sort_pkglist'](ret) -+ __context__['pkg.list_pkgs'] = copy.deepcopy(ret) -+ if not versions_as_list: -+ __salt__['pkg_resource.stringify'](ret) -+ return ret -+ -+ -+def latest_version(*names, **kwargs): -+ ''' -+ Return the latest version of the named package available for upgrade or -+ installation. If more than one package name is specified, a dict of -+ name/version pairs is returned. -+ -+ If the latest version of a given package is already installed, an empty -+ string will be returned for that package. -+ -+ CLI Example: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.latest_version <package name> -+ salt '*' pkg.latest_version <package name> -+ salt '*' pkg.latest_version <package1> <package2> <package3> ... -+ ''' -+ refresh = salt.utils.is_true(kwargs.pop('refresh', True)) -+ -+ if len(names) == 0: -+ return '' -+ -+ ret = {} -+ for name in names: -+ ret[name] = '' -+ pkgs = list_pkgs() -+ -+ # Refresh before looking for the latest version available -+ if refresh: -+ refresh_db() -+ -+ # Upgrade check -+ cmd = ['apk', 'upgrade', '-s'] -+ out = __salt__['cmd.run_stdout'](cmd, -+ output_loglevel='trace', -+ python_shell=False) -+ for line in salt.utils.itertools.split(out, '\n'): -+ try: -+ name = line.split(' ')[2] -+ _oldversion = line.split(' ')[3].strip('(') -+ newversion = line.split(' ')[5].strip(')') -+ if name in names: -+ ret[name] = newversion -+ except (ValueError, IndexError): -+ pass -+ -+ # If version is empty, package may not be installed -+ for pkg in ret: -+ if not ret[pkg]: -+ installed = pkgs.get(pkg) -+ cmd = ['apk', 'search', pkg] -+ out = __salt__['cmd.run_stdout'](cmd, -+ output_loglevel='trace', -+ python_shell=False) -+ for line in salt.utils.itertools.split(out, '\n'): -+ try: -+ pkg_version = '-'.join(line.split('-')[-2:]) -+ pkg_name = '-'.join(line.split('-')[:-2]) -+ if pkg == pkg_name: -+ if installed == pkg_version: -+ ret[pkg] = '' -+ else: -+ ret[pkg] = pkg_version -+ except ValueError: -+ pass -+ -+ # Return a string if only one package name passed -+ if len(names) == 1: -+ return ret[names[0]] -+ return ret -+ -+ -+# TODO: Support specific version installation -+def install(name=None, -+ refresh=False, -+ pkgs=None, -+ sources=None, -+ **kwargs): -+ ''' -+ Install the passed package, add refresh=True to update the apk database. -+ -+ name -+ The name of the package to be installed. Note that this parameter is -+ ignored if either "pkgs" or "sources" is passed. Additionally, please -+ note that this option can only be used to install packages from a -+ software repository. To install a package file manually, use the -+ "sources" option. -+ -+ CLI Example: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.install <package name> -+ -+ refresh -+ Whether or not to refresh the package database before installing. -+ -+ -+ Multiple Package Installation Options: -+ -+ pkgs -+ A list of packages to install from a software repository. Must be -+ passed as a python list. -+ -+ CLI Example: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.install pkgs='["foo", "bar"]' -+ -+ sources -+ A list of IPK packages to install. Must be passed as a list of dicts, -+ with the keys being package names, and the values being the source URI -+ or local path to the package. Dependencies are automatically resolved -+ and marked as auto-installed. -+ -+ CLI Example: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.install sources='[{"foo": "salt://foo.deb"},{"bar": "salt://bar.deb"}]' -+ -+ install_recommends -+ Whether to install the packages marked as recommended. Default is True. -+ -+ Returns a dict containing the new package names and versions:: -+ -+ {'<package>': {'old': '<old-version>', -+ 'new': '<new-version>'}} -+ ''' -+ refreshdb = salt.utils.is_true(refresh) -+ pkg_to_install = [] -+ -+ old = list_pkgs() -+ -+ if name and not (pkgs or sources): -+ if ',' in name: -+ pkg_to_install = name.split(',') -+ else: -+ pkg_to_install = [name] -+ -+ if pkgs: -+ # We don't support installing specific version for now -+ # so transform the dict in list ignoring version provided -+ pkgs = [ -+ p.keys()[0] for p in pkgs -+ if isinstance(p, dict) -+ ] -+ pkg_to_install.extend(pkgs) -+ -+ if not pkg_to_install: -+ return {} -+ -+ if refreshdb: -+ refresh_db() -+ -+ cmd = ['apk', 'add'] -+ -+ # Switch in update mode if a package is already installed -+ for _pkg in pkg_to_install: -+ if old.get(_pkg): -+ cmd.append('-u') -+ break -+ -+ cmd.extend(pkg_to_install) -+ -+ out = __salt__['cmd.run_all']( -+ cmd, -+ output_loglevel='trace', -+ python_shell=False -+ ) -+ -+ if out['retcode'] != 0 and out['stderr']: -+ errors = [out['stderr']] -+ else: -+ errors = [] -+ -+ __context__.pop('pkg.list_pkgs', None) -+ new = list_pkgs() -+ ret = salt.utils.compare_dicts(old, new) -+ -+ if errors: -+ raise CommandExecutionError( -+ 'Problem encountered installing package(s)', -+ info={'errors': errors, 'changes': ret} -+ ) -+ -+ return ret -+ -+ -+def purge(name=None, pkgs=None, **kwargs): -+ ''' -+ Alias to remove -+ ''' -+ return remove(name=name, pkgs=pkgs, purge=True) -+ -+ -+def remove(name=None, pkgs=None, purge=False, **kwargs): # pylint: disable=unused-argument -+ ''' -+ Remove packages using ``apk del``. -+ -+ name -+ The name of the package to be deleted. -+ -+ -+ Multiple Package Options: -+ -+ pkgs -+ A list of packages to delete. Must be passed as a python list. The -+ ``name`` parameter will be ignored if this option is passed. -+ -+ Returns a dict containing the changes. -+ -+ CLI Example: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.remove <package name> -+ salt '*' pkg.remove <package1>,<package2>,<package3> -+ salt '*' pkg.remove pkgs='["foo", "bar"]' -+ ''' -+ old = list_pkgs() -+ pkg_to_remove = [] -+ -+ if name: -+ if ',' in name: -+ pkg_to_remove = name.split(',') -+ else: -+ pkg_to_remove = [name] -+ -+ if pkgs: -+ pkg_to_remove.extend(pkgs) -+ -+ if not pkg_to_remove: -+ return {} -+ -+ if purge: -+ cmd = ['apk', 'del', '--purge'] -+ else: -+ cmd = ['apk', 'del'] -+ -+ cmd.extend(pkg_to_remove) -+ -+ out = __salt__['cmd.run_all']( -+ cmd, -+ output_loglevel='trace', -+ python_shell=False -+ ) -+ if out['retcode'] != 0 and out['stderr']: -+ errors = [out['stderr']] -+ else: -+ errors = [] -+ -+ __context__.pop('pkg.list_pkgs', None) -+ new = list_pkgs() -+ ret = salt.utils.compare_dicts(old, new) -+ -+ if errors: -+ raise CommandExecutionError( -+ 'Problem encountered removing package(s)', -+ info={'errors': errors, 'changes': ret} -+ ) -+ -+ return ret -+ -+ -+def upgrade(name=None, pkgs=None, refresh=True): -+ ''' -+ Upgrades all packages via ``apk upgrade`` or a specific package if name or -+ pkgs is specified. Name is ignored if pkgs is specified -+ -+ Returns a dict containing the changes. -+ -+ {'<package>': {'old': '<old-version>', -+ 'new': '<new-version>'}} -+ -+ CLI Example: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.upgrade -+ ''' -+ ret = {'changes': {}, -+ 'result': True, -+ 'comment': '', -+ } -+ -+ if salt.utils.is_true(refresh): -+ refresh_db() -+ -+ old = list_pkgs() -+ -+ pkg_to_upgrade = [] -+ -+ if name and not pkgs: -+ if ',' in name: -+ pkg_to_upgrade = name.split(',') -+ else: -+ pkg_to_upgrade = [name] -+ -+ if pkgs: -+ pkg_to_upgrade.extend(pkgs) -+ -+ if pkg_to_upgrade: -+ cmd = ['apk', 'add', '-u'] -+ cmd.extend(pkg_to_upgrade) -+ else: -+ cmd = ['apk', 'upgrade'] -+ -+ call = __salt__['cmd.run_all'](cmd, -+ output_loglevel='trace', -+ python_shell=False, -+ redirect_stderr=True) -+ -+ if call['retcode'] != 0: -+ ret['result'] = False -+ if call['stdout']: -+ ret['comment'] = call['stdout'] -+ -+ __context__.pop('pkg.list_pkgs', None) -+ new = list_pkgs() -+ ret['changes'] = salt.utils.compare_dicts(old, new) -+ -+ return ret -+ -+ -+def list_upgrades(refresh=True): -+ ''' -+ List all available package upgrades. -+ -+ CLI Example: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.list_upgrades -+ ''' -+ ret = {} -+ if salt.utils.is_true(refresh): -+ refresh_db() -+ -+ cmd = ['apk', 'upgrade', '-s'] -+ call = __salt__['cmd.run_all'](cmd, -+ output_loglevel='trace', -+ python_shell=False) -+ -+ if call['retcode'] != 0: -+ comment = '' -+ if 'stderr' in call: -+ comment += call['stderr'] -+ if 'stdout' in call: -+ comment += call['stdout'] -+ raise CommandExecutionError( -+ '{0}'.format(comment) -+ ) -+ else: -+ out = call['stdout'] -+ -+ for line in out.splitlines(): -+ if 'Upgrading' in line: -+ name = line.split(' ')[2] -+ _oldversion = line.split(' ')[3].strip('(') -+ newversion = line.split(' ')[5].strip(')') -+ ret[name] = newversion -+ -+ return ret -+ -+ -+def file_list(*packages): -+ ''' -+ List the files that belong to a package. Not specifying any packages will -+ return a list of _every_ file on the system's package database (not -+ generally recommended). -+ -+ CLI Examples: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.file_list httpd -+ salt '*' pkg.file_list httpd postfix -+ salt '*' pkg.file_list -+ ''' -+ return file_dict(*packages) -+ -+ -+def file_dict(*packages): -+ ''' -+ List the files that belong to a package, grouped by package. Not -+ specifying any packages will return a list of _every_ file on the system's -+ package database (not generally recommended). -+ -+ CLI Examples: -+ -+ .. code-block:: bash -+ -+ salt '*' pkg.file_list httpd -+ salt '*' pkg.file_list httpd postfix -+ salt '*' pkg.file_list -+ ''' -+ errors = [] -+ ret = {} -+ cmd_files = ['apk', 'info', '-L'] -+ -+ if not packages: -+ return 'Package name should be provided' -+ -+ for package in packages: -+ files = [] -+ cmd = cmd_files[:] -+ cmd.append(package) -+ out = __salt__['cmd.run_all'](cmd, -+ output_loglevel='trace', -+ python_shell=False) -+ for line in out['stdout'].splitlines(): -+ if line.endswith('contains:'): -+ continue -+ else: -+ files.append(line) -+ if files: -+ ret[package] = files -+ -+ return {'errors': errors, 'packages': ret} -+ -+ -+def owner(*paths): -+ ''' -+ Return the name of the package that owns the file. Multiple file paths can -+ be passed. Like :mod:`pkg.version <salt.modules.apk.version`, if a single -+ path is passed, a string will be returned, and if multiple paths are passed, -+ a dictionary of file/package name pairs will be returned. -+ -+ If the file is not owned by a package, or is not present on the minion, -+ then an empty string will be returned for that path. -+ -+ CLI Example: -+ -+ salt '*' pkg.owns /usr/bin/apachectl -+ salt '*' pkg.owns /usr/bin/apachectl /usr/bin/basename -+ ''' -+ if not paths: -+ return 'You must provide a path' -+ -+ ret = {} -+ cmd_search = ['apk', 'info', '-W'] -+ for path in paths: -+ cmd = cmd_search[:] -+ cmd.append(path) -+ output = __salt__['cmd.run_stdout'](cmd, -+ output_loglevel='trace', -+ python_shell=False) -+ if output: -+ if 'ERROR:' in output: -+ ret[path] = 'Could not find owner package' -+ else: -+ ret[path] = output.split('by ')[1].strip() -+ else: -+ ret[path] = 'Error running {0}'.format(cmd) -+ -+ return ret -diff --git a/salt/modules/gentoo_service.py b/salt/modules/gentoo_service.py -index 6345ae3..32dfcde 100644 ---- a/salt/modules/gentoo_service.py -+++ b/salt/modules/gentoo_service.py -@@ -31,6 +31,8 @@ def __virtual__(): - ''' - if __grains__['os'] == 'Gentoo' and not salt.utils.systemd.booted(__context__): - return __virtualname__ -+ if __grains__['os'] == 'Alpine': -+ return __virtualname__ - return (False, 'The gentoo_service execution module cannot be loaded: ' - 'only available on Gentoo/Open-RC systems.') - diff --git a/community/salt/APKBUILD b/community/salt/APKBUILD index 5ac010e8d5..6f082d9195 100644 --- a/community/salt/APKBUILD +++ b/community/salt/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Olivier Mauras <olivier@mauras.ch> # Maintainer: Olivier Mauras <olivier@mauras.ch> pkgname=salt -pkgver=2016.11.6 +pkgver=2017.7.1 pkgrel=0 pkgdesc="A parallel remote execution system" url="https://github.com/saltstack/salt" @@ -22,7 +22,7 @@ source="$pkgname-$pkgver.tar.gz::https://codeload.github.com/saltstack/$pkgname/ salt-minion.initd salt-syndic.confd salt-syndic.initd - 0001-alpine-support.patch" + " builddir="$srcdir/$pkgname-$pkgver" build() { @@ -110,7 +110,7 @@ _conf_copy() { cp -r "$builddir"/conf/$type* "$subpkgdir"/etc/salt/ } -sha512sums="2322c08efc32bc1725a0c9b27ce6a2f63de89548716eac7a85d11837b3aae7aecf5888e65f3bd1a04c1b36025fdae63c8a40e40b3ca5c6da612653d941f4a8b9 salt-2016.11.6.tar.gz +sha512sums="f675b5d5f4afa79daf65686bfc6563743183913b0d4cc22ce5220636a4abd62cd3569b7f9e32035afc7132adaba7d9c211d1b03b39227b052c0080dce9d5a915 salt-2017.7.1.tar.gz 975ba2f5e681fbd62045da61cc3dc065b148683a07b5df7eca9f131e47314eb6bfa8660ca1c06a3bd93683c7097d0ff9f8e514273dd24d82fb2de6a255e6b275 salt-api.confd 435d399bfecf431d0c713031e2ae57ce25b5c6edc98b62f33bd7a4ff1c587e3cdeb988445ae0c3e9ffc1911555c3694654d98815f9562b8a14bf0688ec1ebea6 salt-api.initd cfbbeb8023a383e7c42d84e3346edfd068c9ec7650c4ddc3caa38534da325a67497e1f06ca02cc1f0941b7348a3af6d1dca7cd6f2bcb3612ca10e1ec98997e5a salt-master.confd @@ -118,5 +118,4 @@ cfbbeb8023a383e7c42d84e3346edfd068c9ec7650c4ddc3caa38534da325a67497e1f06ca02cc1f 0051e13351cef8db81dc075a194bb384723f07d5591b5b4d3f3adf4180afaf7beced470ab79ceca9d1ec0dae62dbd72084eb76af009fc78411a011050a94a2ed salt-minion.confd c6634a592c6f3e65dd2b704cb500486bf8004c5b287d4a4d42b09af36ef129c59d6a89f005af058cf7911e8587d927b3db931186569084f13ebaca56f6ef93a0 salt-minion.initd bafc6ea10cdafd0aef868feb35aecbe4ae6a7dff0ae42862bded85715ad763eb89e1ed27437866a7e5f2b9f7064e3c2a3fb59814487744ba4227238d95cf3818 salt-syndic.confd -d71133e834685304e0167554035ebbc861252f972bbe981cc71e45b70f15d94a28a02a369463c9a641372919689f96b62a0408b14f824ad986d536e52b1e5ec0 salt-syndic.initd -9af1b09d97d7eabae38b8313240b36e6e959c6dc8f24630f20f0788802740cad5bd6dc8960e0ae98f8b61bb732b4ee7e5a5a20d5f31a072f6323062fe97ddc2a 0001-alpine-support.patch" +d71133e834685304e0167554035ebbc861252f972bbe981cc71e45b70f15d94a28a02a369463c9a641372919689f96b62a0408b14f824ad986d536e52b1e5ec0 salt-syndic.initd" |