Mail archive
alpine-aports

[alpine-aports] [PATCH v3.5] community/salt: security upgrade to 2016.11.2 - fixes #6803

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Thu, 2 Feb 2017 14:13:06 +0000

CVE-2017-5192: local_batch client external authentication not respected
CVE-2017-5200: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client
---
Version 2016.11.2 is a bugfix release for 2016.11.0
https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html
 community/salt/APKBUILD | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/community/salt/APKBUILD b/community/salt/APKBUILD
index 45de2c194e..ac2a75a897 100644
--- a/community/salt/APKBUILD
+++ b/community/salt/APKBUILD
_at_@ -1,8 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Contributor: Francesco Colista <fcolista_at_alpinelinux.org>
 # Contributor: Olivier Mauras <olivier_at_mauras.ch>
 # Maintainer: Olivier Mauras <olivier_at_mauras.ch>
 pkgname=salt
-pkgver=2016.11.1
+pkgver=2016.11.2
 pkgrel=0
 pkgdesc="A parallel remote execution system"
 url="https://github.com/saltstack/salt"
_at_@ -23,6 +24,12 @@ source="$pkgname-$pkgver.tar.gz::https://codeload.github.com/saltstack/$pkgname/
 	salt-syndic.confd
 	salt-syndic.initd
 	0001-alpine-support.patch"
+
+# secfixes:
+#   2016.11.2-r0:
+#   - CVE-2017-5192
+#   - CVE-2017-5200
+
 builddir="$srcdir/$pkgname-$pkgver"
 
 build() {
_at_@ -110,7 +117,7 @@ _conf_copy() {
 	cp -r "$builddir"/conf/$type* "$subpkgdir"/etc/salt/
 }
 
-md5sums="6dc2898f0f30cfc7cd79d7ee33beecee  salt-2016.11.1.tar.gz
+md5sums="3f65c02a71a37869b96632da5bf4bcca  salt-2016.11.2.tar.gz
 322f17cc48aabdc8cbf5f0bccf3e2059  salt-api.confd
 014e02c0aafafcd74179e32f5a3b55a8  salt-api.initd
 7bb58f256213aaaa23d86d5127c9ffe3  salt-master.confd
_at_@ -120,7 +127,7 @@ c8326b9cff0df6065a1320eefea09b2c  salt-minion.initd
 a24d13b018a35b31b34167bcaa749db5  salt-syndic.confd
 dffce15d3a16a2dc40dd02d0c24fb4c6  salt-syndic.initd
 7736c86a3f2bfadab8c70a8e9ca6a45f  0001-alpine-support.patch"
-sha256sums="7f061ad760856afe3699bd8aafb75f1657581b898533482f3ce58d627c3eec57  salt-2016.11.1.tar.gz
+sha256sums="f0f1d7ee094ac422a206b6099b84251c49643a2224631d3d532d313baad9ebbb  salt-2016.11.2.tar.gz
 b25cfdb769305f2245b27f6753adee590bac10faeb8c43ba605dbf7e931fe258  salt-api.confd
 f8918f2819b81e69af1b8564b90ec370942ed733aefd4b97e5d2446a892880eb  salt-api.initd
 383475b21261ac22c5930e99060d53630dfb35aac67aa03a18ec738e0f4dff50  salt-master.confd
_at_@ -130,7 +137,7 @@ ae9236919c3fee3eef0ef8ad54334d6f833a51bbd4d42c40214614498acbe573  salt-minion.in
 66a663c426e2fa157ea78f7f9b2f33f17b72dbc48e119f8dd2609aab8f8370e7  salt-syndic.confd
 6a453f63e51f2cc1ecb024ee8e7fa1beab7fbcea010f3eb10ea23bdb2383e7f5  salt-syndic.initd
 cd07c61dec347678049bd436d99b2278e8e5c5c0c71899c37533cbe05975b6cc  0001-alpine-support.patch"
-sha512sums="d8eb7ca2494307e13230a80302066c939ea8c5649223437a559d2b5c407f6536ba72ca4331c01beb308b6043c4f64d63c0a51e22caa84281d904ea9354430bec  salt-2016.11.1.tar.gz
+sha512sums="65f4abcdb29936e1e3750e26764696359559c799b5e4758df49e0b7f5ad40027829dd633c6622f0221ac5db7131300726e57b99c16ec8e53da3de51386eecf5e  salt-2016.11.2.tar.gz
 975ba2f5e681fbd62045da61cc3dc065b148683a07b5df7eca9f131e47314eb6bfa8660ca1c06a3bd93683c7097d0ff9f8e514273dd24d82fb2de6a255e6b275  salt-api.confd
 435d399bfecf431d0c713031e2ae57ce25b5c6edc98b62f33bd7a4ff1c587e3cdeb988445ae0c3e9ffc1911555c3694654d98815f9562b8a14bf0688ec1ebea6  salt-api.initd
 cfbbeb8023a383e7c42d84e3346edfd068c9ec7650c4ddc3caa38534da325a67497e1f06ca02cc1f0941b7348a3af6d1dca7cd6f2bcb3612ca10e1ec98997e5a  salt-master.confd
-- 
2.11.0
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Thu Feb 02 2017 - 14:13:06 GMT