~alpine/aports

[alpine-aports] [PATCH v3.5] community/salt: security upgrade to 2016.11.2 - fixes #6803

Sergei Lukin <sergej.lukin@gmail.com>
Details
Message ID
<20170202141306.1590-1-sergej.lukin@gmail.com>
Sender timestamp
1486044786
DKIM signature
missing
Download raw message
7 years ago
Patch: +11 -4 
CVE-2017-5192: local_batch client external authentication not respected
CVE-2017-5200: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
---
Version 2016.11.2 is a bugfix release for 2016.11.0
https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html

 community/salt/APKBUILD | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/community/salt/APKBUILD b/community/salt/APKBUILD
index 45de2c194e..ac2a75a897 100644
--- a/community/salt/APKBUILD
+++ b/community/salt/APKBUILD
@@ -1,8 +1,9 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Contributor: Olivier Mauras <olivier@mauras.ch>
# Maintainer: Olivier Mauras <olivier@mauras.ch>
pkgname=salt
pkgver=2016.11.1
pkgver=2016.11.2
pkgrel=0
pkgdesc="A parallel remote execution system"
url="https://github.com/saltstack/salt"
@@ -23,6 +24,12 @@ source="$pkgname-$pkgver.tar.gz::https://codeload.github.com/saltstack/$pkgname/
	salt-syndic.confd
	salt-syndic.initd
	0001-alpine-support.patch"

# secfixes:
#   2016.11.2-r0:
#   - CVE-2017-5192
#   - CVE-2017-5200

builddir="$srcdir/$pkgname-$pkgver"

build() {
@@ -110,7 +117,7 @@ _conf_copy() {
	cp -r "$builddir"/conf/$type* "$subpkgdir"/etc/salt/
}

md5sums="6dc2898f0f30cfc7cd79d7ee33beecee  salt-2016.11.1.tar.gz
md5sums="3f65c02a71a37869b96632da5bf4bcca  salt-2016.11.2.tar.gz
322f17cc48aabdc8cbf5f0bccf3e2059  salt-api.confd
014e02c0aafafcd74179e32f5a3b55a8  salt-api.initd
7bb58f256213aaaa23d86d5127c9ffe3  salt-master.confd
@@ -120,7 +127,7 @@ c8326b9cff0df6065a1320eefea09b2c  salt-minion.initd
a24d13b018a35b31b34167bcaa749db5  salt-syndic.confd
dffce15d3a16a2dc40dd02d0c24fb4c6  salt-syndic.initd
7736c86a3f2bfadab8c70a8e9ca6a45f  0001-alpine-support.patch"
sha256sums="7f061ad760856afe3699bd8aafb75f1657581b898533482f3ce58d627c3eec57  salt-2016.11.1.tar.gz
sha256sums="f0f1d7ee094ac422a206b6099b84251c49643a2224631d3d532d313baad9ebbb  salt-2016.11.2.tar.gz
b25cfdb769305f2245b27f6753adee590bac10faeb8c43ba605dbf7e931fe258  salt-api.confd
f8918f2819b81e69af1b8564b90ec370942ed733aefd4b97e5d2446a892880eb  salt-api.initd
383475b21261ac22c5930e99060d53630dfb35aac67aa03a18ec738e0f4dff50  salt-master.confd
@@ -130,7 +137,7 @@ ae9236919c3fee3eef0ef8ad54334d6f833a51bbd4d42c40214614498acbe573  salt-minion.in
66a663c426e2fa157ea78f7f9b2f33f17b72dbc48e119f8dd2609aab8f8370e7  salt-syndic.confd
6a453f63e51f2cc1ecb024ee8e7fa1beab7fbcea010f3eb10ea23bdb2383e7f5  salt-syndic.initd
cd07c61dec347678049bd436d99b2278e8e5c5c0c71899c37533cbe05975b6cc  0001-alpine-support.patch"
sha512sums="d8eb7ca2494307e13230a80302066c939ea8c5649223437a559d2b5c407f6536ba72ca4331c01beb308b6043c4f64d63c0a51e22caa84281d904ea9354430bec  salt-2016.11.1.tar.gz
sha512sums="65f4abcdb29936e1e3750e26764696359559c799b5e4758df49e0b7f5ad40027829dd633c6622f0221ac5db7131300726e57b99c16ec8e53da3de51386eecf5e  salt-2016.11.2.tar.gz
975ba2f5e681fbd62045da61cc3dc065b148683a07b5df7eca9f131e47314eb6bfa8660ca1c06a3bd93683c7097d0ff9f8e514273dd24d82fb2de6a255e6b275  salt-api.confd
435d399bfecf431d0c713031e2ae57ce25b5c6edc98b62f33bd7a4ff1c587e3cdeb988445ae0c3e9ffc1911555c3694654d98815f9562b8a14bf0688ec1ebea6  salt-api.initd
cfbbeb8023a383e7c42d84e3346edfd068c9ec7650c4ddc3caa38534da325a67497e1f06ca02cc1f0941b7348a3af6d1dca7cd6f2bcb3612ca10e1ec98997e5a  salt-master.confd
-- 
2.11.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)