X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com [209.85.215.68]) by lists.alpinelinux.org (Postfix) with ESMTP id 64A225C3FB5 for ; Thu, 2 Feb 2017 14:13:14 +0000 (GMT) Received: by mail-lf0-f68.google.com with SMTP id h65so1519522lfi.3 for ; Thu, 02 Feb 2017 06:13:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=8uYV6bRjT2aAFAKr0w/VhGNtWZ26CmkEZZeUql/2uw0=; b=DFYifJDUfI+Z4IKGnEeySi8XXOgVGmdKZ+8hInfza7HyT17VILNs7EYl5FtcX0faLW C8dd8qFVYqmEjSg+IejpdU284r6OrrlC3n/FVryB0KrOtMBxD4B8srxYUmfaH+OMAWjd ofnPzQ7mnzu2Jc/BxztKFKGiOBvQ4LfsppZnWaoQtF7Cs046/++tMGM5EiqYayGVfkET 2PPVCrgpwQx8cw4ZQzfQB/CVtOmKziCu2xM0Dd708468y5oV7tU+bQUek3cPkW+vowYS G+RTfLPOjqmu4xU3DEZ+boHo4av4PhjKi2uKcpu+IDpSbdeX41WsW57AwFCphJ7aQmbi t5QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=8uYV6bRjT2aAFAKr0w/VhGNtWZ26CmkEZZeUql/2uw0=; b=jlosxXgg6dknoJAuLPFILBCTa1nugAnaron981RZTbTPq1mO7Kdpx55e6XcK3xvuY+ UjGU5UWtO3ZFZhQVhLfUeXQURwjhi5Pkz5pdEDFR9ziBnvTkjIbnQPPFvQskEDggTJ/n ws6a0/3UP4U8CIOvjFYxI1HEfv05DgfQGIv2AE+dbax96CSwgc0CIY48nujsO13jJc6s VCEmPQzYjN+TqYPeZTrDsS8Ae33wkqgTHZPUR87g0oPIKaS2nzT+6ofKDYyvSRCXIY17 l1HQRdci8IdanLCMF/qyScEpNC6CJDE196rmloX8vKJ/UpCOwxtMwQsnHyB1+CZEDU4L bHAA== X-Gm-Message-State: AIkVDXIwZzT7IaWwQ8dN6z6daetb93ag0hiFtBK/XA8tkF0JYKRIBc7xUxy4Cnt2M5UesA== X-Received: by 10.46.75.1 with SMTP id y1mr3660506lja.65.1486044793603; Thu, 02 Feb 2017 06:13:13 -0800 (PST) Received: from v3-5.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id a138sm6578462lfb.2.2017.02.02.06.13.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Feb 2017 06:13:12 -0800 (PST) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH v3.5] community/salt: security upgrade to 2016.11.2 - fixes #6803 Date: Thu, 2 Feb 2017 14:13:06 +0000 Message-Id: <20170202141306.1590-1-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.11.0 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2017-5192: local_batch client external authentication not respected CVE-2017-5200: Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client --- Version 2016.11.2 is a bugfix release for 2016.11.0 https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html community/salt/APKBUILD | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/community/salt/APKBUILD b/community/salt/APKBUILD index 45de2c194e..ac2a75a897 100644 --- a/community/salt/APKBUILD +++ b/community/salt/APKBUILD @@ -1,8 +1,9 @@ +# Contributor: Sergei Lukin # Contributor: Francesco Colista # Contributor: Olivier Mauras # Maintainer: Olivier Mauras pkgname=salt -pkgver=2016.11.1 +pkgver=2016.11.2 pkgrel=0 pkgdesc="A parallel remote execution system" url="https://github.com/saltstack/salt" @@ -23,6 +24,12 @@ source="$pkgname-$pkgver.tar.gz::https://codeload.github.com/saltstack/$pkgname/ salt-syndic.confd salt-syndic.initd 0001-alpine-support.patch" + +# secfixes: +# 2016.11.2-r0: +# - CVE-2017-5192 +# - CVE-2017-5200 + builddir="$srcdir/$pkgname-$pkgver" build() { @@ -110,7 +117,7 @@ _conf_copy() { cp -r "$builddir"/conf/$type* "$subpkgdir"/etc/salt/ } -md5sums="6dc2898f0f30cfc7cd79d7ee33beecee salt-2016.11.1.tar.gz +md5sums="3f65c02a71a37869b96632da5bf4bcca salt-2016.11.2.tar.gz 322f17cc48aabdc8cbf5f0bccf3e2059 salt-api.confd 014e02c0aafafcd74179e32f5a3b55a8 salt-api.initd 7bb58f256213aaaa23d86d5127c9ffe3 salt-master.confd @@ -120,7 +127,7 @@ c8326b9cff0df6065a1320eefea09b2c salt-minion.initd a24d13b018a35b31b34167bcaa749db5 salt-syndic.confd dffce15d3a16a2dc40dd02d0c24fb4c6 salt-syndic.initd 7736c86a3f2bfadab8c70a8e9ca6a45f 0001-alpine-support.patch" -sha256sums="7f061ad760856afe3699bd8aafb75f1657581b898533482f3ce58d627c3eec57 salt-2016.11.1.tar.gz +sha256sums="f0f1d7ee094ac422a206b6099b84251c49643a2224631d3d532d313baad9ebbb salt-2016.11.2.tar.gz b25cfdb769305f2245b27f6753adee590bac10faeb8c43ba605dbf7e931fe258 salt-api.confd f8918f2819b81e69af1b8564b90ec370942ed733aefd4b97e5d2446a892880eb salt-api.initd 383475b21261ac22c5930e99060d53630dfb35aac67aa03a18ec738e0f4dff50 salt-master.confd @@ -130,7 +137,7 @@ ae9236919c3fee3eef0ef8ad54334d6f833a51bbd4d42c40214614498acbe573 salt-minion.in 66a663c426e2fa157ea78f7f9b2f33f17b72dbc48e119f8dd2609aab8f8370e7 salt-syndic.confd 6a453f63e51f2cc1ecb024ee8e7fa1beab7fbcea010f3eb10ea23bdb2383e7f5 salt-syndic.initd cd07c61dec347678049bd436d99b2278e8e5c5c0c71899c37533cbe05975b6cc 0001-alpine-support.patch" -sha512sums="d8eb7ca2494307e13230a80302066c939ea8c5649223437a559d2b5c407f6536ba72ca4331c01beb308b6043c4f64d63c0a51e22caa84281d904ea9354430bec salt-2016.11.1.tar.gz +sha512sums="65f4abcdb29936e1e3750e26764696359559c799b5e4758df49e0b7f5ad40027829dd633c6622f0221ac5db7131300726e57b99c16ec8e53da3de51386eecf5e salt-2016.11.2.tar.gz 975ba2f5e681fbd62045da61cc3dc065b148683a07b5df7eca9f131e47314eb6bfa8660ca1c06a3bd93683c7097d0ff9f8e514273dd24d82fb2de6a255e6b275 salt-api.confd 435d399bfecf431d0c713031e2ae57ce25b5c6edc98b62f33bd7a4ff1c587e3cdeb988445ae0c3e9ffc1911555c3694654d98815f9562b8a14bf0688ec1ebea6 salt-api.initd cfbbeb8023a383e7c42d84e3346edfd068c9ec7650c4ddc3caa38534da325a67497e1f06ca02cc1f0941b7348a3af6d1dca7cd6f2bcb3612ca10e1ec98997e5a salt-master.confd -- 2.11.0 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---