-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2508
               Security update for SUSE Manager Client Tools
                               23 July 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           SUSE Manager Ubuntu 18.04-CLIENT-TOOLS
                   SUSE Manager Ubuntu 20.04-CLIENT-TOOLS
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Root Compromise                 -- Existing Account      
                   Modify Arbitrary Files          -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
                   Unauthorised Access             -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-11652 CVE-2020-11651 CVE-2019-18897
                   CVE-2019-17361 CVE-2018-15751 CVE-2018-15750
                   CVE-2017-14696 CVE-2017-14695 CVE-2017-12791
                   CVE-2016-9639 CVE-2016-1866 

Reference:         ESB-2020.1640
                   ESB-2020.1051
                   ESB-2020.0746
                   ESB-2018.3614
                   ESB-2018.3606
                   ESB-2017.2115.2

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-202014431-1
   https://www.suse.com/support/update/announcement/2020/suse-su-202014430-1

Comment: This bulletin contains two (2) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for SUSE Manager Client Tools

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:14430-1
Rating:            moderate
References:        #1153090 #1153277 #1154940 #1155372 #1157465 #1159284
                   #1162327 #1163871 #1165572 #1167437 #1168340 #1169604
                   #1169800 #1170104 #1170288 #1170595 #1171687 #1171906
                   #1172075 #1173072 #1174165
Cross-References:  CVE-2019-18897 CVE-2020-11651 CVE-2020-11652
Affected Products:
                   SUSE Manager Ubuntu 18.04-CLIENT-TOOLS
______________________________________________________________________________

An update that solves three vulnerabilities and has 18 fixes is now available.

Description:


This update fixes the following issues:
salt:

  o Require python3-distro only for TW (bsc#1173072)
  o Various virt backports from 3000.2
  o Avoid traceback on debug logging for swarm module (bsc#1172075)
  o Add publish_batch to ClearFuncs exposed methods
  o Update to salt version 3000 See release notes: https://docs.saltstack.com/
    en/latest/topics/releases/3000.html
  o Zypperpkg: filter patterns that start with dot (bsc#1171906)
  o Batch mode now also correctly provides return value (bsc#1168340)
  o Add docker.logout to docker execution module (bsc#1165572)
  o Testsuite fix
  o Add option to enable/disable force refresh for zypper
  o Python3.8 compatibility changes
  o Prevent sporious "salt-api" stuck processes when managing SSH minions
    because of logging deadlock (bsc#1159284)
  o Avoid segfault from "salt-api" under certain conditions of heavy load
    managing SSH minions (bsc#1169604)
  o Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341)
    (bsc#1170104)
  o Returns a the list of IPs filtered by the optional network list
  o Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)
  o Do not require vendored backports-abc (bsc#1170288)
  o Fix partition.mkpart to work without fstype (bsc#1169800)
  o Enable building and installation for Fedora
  o Disable python2 build on Tumbleweed We are removing the python2 interpreter
    from openSUSE (SLE16). As such disable salt building for python2 there.
  o More robust remote port detection
  o Sanitize grains loaded from roster_grains.json cache during "state.pkg"
  o Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437)
  o Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd)
    is provided by systemd, so this is de-facto no change. But inside the Open
    Build Service (OBS), the same symbol is also provided by systemd-mini,
    which exists to shorten build-chains by only enabling what other packages
    need to successfully build
  o Add new custom SUSE capability for saltutil state module
  o Fixes status attribute issue in aptpkg test
  o Make setup.py script not to require setuptools greater than 9.1
  o Loop: fix variable names for until_no_eval
  o Drop conflictive module.run state patch (bsc#1167437)
  o Update patches after rebase with upstream v3000 tag (bsc#1167437)
  o Fix some requirements issues depending on Python3 versions
  o Removes obsolete patch
  o Fix for low rpm_lowpkg unit test
  o Add python-singledispatch as dependency for python2-salt
  o Virt._get_domain: don't raise an exception if there is no VM
  o Fix for temp folder definition in loader unit test
  o Adds test for zypper abbreviation fix
  o Improved storage pool or network handling
  o Better import cache handline
  o Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2
  o Fix regression in service states with reload argument
  o Fix integration test failure for test_mod_del_repo_multiline_values
  o Fix for unless requisite when pip is not installed
  o Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation
  o Fix tornado imports and missing _utils after rebasing patches
  o Removes unresolved merge conflict in yumpkg module
  o Use full option name instead of undocumented abbreviation for zypper
  o Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2
    builds
  o Avoid possible user escalation upgrading salt-master (bsc#1157465)
    (CVE-2019-18897)
  o Fix unit tests failures in test_batch_async tests
  o Batch Async: Handle exceptions, properly unregister and close instances
    after running async batching to avoid CPU starvation of the MWorkers (bsc#
    1162327)
  o RHEL/CentOS 8 uses platform-python instead of python3
  o Loader: invalidate the import cachefor extra modules
  o Zypperpkg: filter patterns that start with dot (bsc#1171906)
  o Batch mode now also correctly provides return value (bsc#1168340)
  o Add docker.logout to docker execution module (bsc#1165572)
  o Improvements for chroot module
  o Add option to enable/disable force refresh for zypper
  o Prevent sporious "salt-api" stuck processes when managing SSH minions
    because of logging deadlock (bsc#1159284)
  o Avoid segfault from "salt-api" under certain conditions of heavy load
    managing SSH minions (bsc#1169604)
  o Fix for TypeError in Tornado importer (bsc#1174165)


spacecmd:

  o Only report real error, not result (bsc#1171687)
  o Use defined return values for spacecmd methods so scripts can check for
    failure (bsc#1171687)
  o Disable globbing for api subcommand to allow wildcards in filter settings
    (bsc#1163871)
  o Bugfix: attempt to purge SSM when it is empty (bsc#1155372)
  o Bump version to 4.1.0 (bsc#1154940)
  o Prevent error when piping stdout in Python 2 (bsc#1153090)
  o Java api expects content as encoded string instead of encoded bytes like
    before (bsc#1153277)
  o Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04
  o Add unit test for schedule, errata, user, utils, misc, configchannel and
    kickstart modules
  o Multiple minor bugfixes alongside the unit tests
  o Bugfix: referenced variable before assignment.
  o Add unit test for report, package, org, repo and group

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Manager Ubuntu 18.04-CLIENT-TOOLS:
    zypper in -t patch suse-ubu184ct-client-tools-202006-14430=1

Package List:

  o SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64):
       python3-systemd-234-2build2
       python3-tornado-4.5.3-1ubuntu0.1
       python3-zmq-16.0.2-2build2
  o SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all):
       salt-common-3000+ds-1+48.1
       salt-minion-3000+ds-1+48.1
       spacecmd-4.1.4-5.2


References:

  o https://www.suse.com/security/cve/CVE-2019-18897.html
  o https://www.suse.com/security/cve/CVE-2020-11651.html
  o https://www.suse.com/security/cve/CVE-2020-11652.html
  o https://bugzilla.suse.com/1153090
  o https://bugzilla.suse.com/1153277
  o https://bugzilla.suse.com/1154940
  o https://bugzilla.suse.com/1155372
  o https://bugzilla.suse.com/1157465
  o https://bugzilla.suse.com/1159284
  o https://bugzilla.suse.com/1162327
  o https://bugzilla.suse.com/1163871
  o https://bugzilla.suse.com/1165572
  o https://bugzilla.suse.com/1167437
  o https://bugzilla.suse.com/1168340
  o https://bugzilla.suse.com/1169604
  o https://bugzilla.suse.com/1169800
  o https://bugzilla.suse.com/1170104
  o https://bugzilla.suse.com/1170288
  o https://bugzilla.suse.com/1170595
  o https://bugzilla.suse.com/1171687
  o https://bugzilla.suse.com/1171906
  o https://bugzilla.suse.com/1172075
  o https://bugzilla.suse.com/1173072
  o https://bugzilla.suse.com/1174165

- --------------------------------------------------------------------------------

SUSE Security Update: Security update for SUSE Manager Client Tools

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:14431-1
Rating:            moderate
References:        #1002529 #1003449 #1004047 #1004260 #1004723 #1008933
                   #1011304 #1011800 #1012398 #1012999 #1013876 #1013938
                   #1015882 #1017078 #1019386 #1020831 #1022562 #1022841
                   #1023535 #1024406 #1025896 #1027044 #1027240 #1027426
                   #1027722 #1030009 #1030073 #1032213 #1032452 #1032931
                   #1035914 #1036125 #1038855 #1039370 #1040886 #1041993
                   #1042749 #1043111 #1044719 #1050003 #1051948 #1052264
                   #1053376 #1053955 #1057635 #1059291 #1059758 #1060230
                   #1061407 #1062462 #1062464 #1063419 #1064520 #1065792
                   #1068446 #1068566 #1070372 #1071322 #1072599 #1075950
                   #1076578 #1079048 #1080290 #1081151 #1081592 #1083294
                   #1085667 #1087055 #1087278 #1087581 #1087891 #1088070
                   #1088888 #1089112 #1089362 #1089526 #1091371 #1092161
                   #1092373 #1094055 #1094190 #1095507 #1095651 #1095942
                   #1096514 #1097174 #1097413 #1098394 #1099323 #1099460
                   #1099887 #1099945 #1100142 #1100225 #1100697 #1101780
                   #1101812 #1101880 #1102013 #1102218 #1102265 #1102819
                   #1103090 #1103530 #1103696 #1104034 #1104154 #1104491
                   #1106164 #1107333 #1108557 #1108834 #1108969 #1108995
                   #1109023 #1109893 #1110938 #1111542 #1112874 #1113698
                   #1113699 #1113784 #1114029 #1114197 #1114474 #1114824
                   #1116343 #1116837 #1117995 #1121091 #1121439 #1122663
                   #1122680 #1123044 #1123512 #1123865 #1124277 #1125015
                   #1125610 #1125744 #1127389 #1128061 #1128554 #1129079
                   #1129243 #1130077 #1130588 #1130784 #1131114 #1132076
                   #1133523 #1133647 #1134860 #1135360 #1135507 #1135567
                   #1135656 #1135732 #1135881 #1137642 #1138454 #1138952
                   #1139761 #1140193 #1140912 #1143301 #1146192 #1146382
                   #1148311 #1148714 #1150447 #1151650 #1151947 #1152366
                   #1153090 #1153277 #1153611 #1154620 #1154940 #1155372
                   #1157465 #1157479 #1158441 #1158940 #1159118 #1159284
                   #1160931 #1162327 #1162504 #1163871 #1165425 #1165572
                   #1167437 #1167556 #1168340 #1169604 #1169800 #1170042
                   #1170104 #1170288 #1170595 #1171687 #1171906 #1172075
                   #1173072 #1174165 #769106 #769108 #776615 #849184 #849204
                   #849205 #879904 #887879 #889605 #892707 #902494 #908849
                   #926318 #932288 #945380 #948245 #955373 #958350 #959572
                   #963322 #965403 #967803 #969320 #970669 #971372 #972311
                   #972490 #975093 #975303 #975306 #975733 #975757 #976148
                   #977264 #978150 #978833 #979448 #979676 #980313 #983017
                   #983512 #985112 #985661 #986019 #987798 #988506 #989193
                   #989798 #990029 #990439 #990440 #991048 #993039 #993549
                   #996455 #999852
Cross-References:  CVE-2016-1866 CVE-2016-9639 CVE-2017-12791 CVE-2017-14695
                   CVE-2017-14696 CVE-2018-15750 CVE-2018-15751 CVE-2019-17361
                   CVE-2019-18897 CVE-2020-11651 CVE-2020-11652
Affected Products:
                   SUSE Manager Ubuntu 20.04-CLIENT-TOOLS
______________________________________________________________________________

An update that solves 11 vulnerabilities and has 251 fixes is now available.

Description:


This update fixes the following issues:
salt:

  o Require python3-distro only for TW (bsc#1173072)
  o Various virt backports from 3000.2
  o Avoid traceback on debug logging for swarm module (bsc#1172075)
  o Add publish_batch to ClearFuncs exposed methods
  o Fix for TypeError in Tornado importer (bsc#1174165)


  o Update to salt version 3000 See release notes: https://docs.saltstack.com/
    en/latest/topics/releases/3000.html
  o zypperpkg: filter patterns that start with dot (bsc#1171906)
  o Batch mode now also correctly provides return value (bsc#1168340)
  o Add docker.logout to docker execution module (bsc#1165572)
  o Testsuite fix
  o Add option to enable/disable force refresh for zypper
  o Python3.8 compatibility changes
  o Prevent sporious "salt-api" stuck processes when managing SSH minions
    because of logging deadlock (bsc#1159284)
  o Avoid segfault from "salt-api" under certain conditions of heavy load
    managing SSH minions (bsc#1169604)
  o Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341)
    (bsc#1170104)
  o Returns a the list of IPs filtered by the optional network list
  o Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)
  o Do not require vendored backports-abc (bsc#1170288)
  o Fix partition.mkpart to work without fstype (bsc#1169800)
  o Enable building and installation for Fedora
  o Disable python2 build on Tumbleweed We are removing the python2 interpreter
    from openSUSE (SLE16). As such disable salt building for python2 there.
  o More robust remote port detection
  o Sanitize grains loaded from roster_grains.json cache during "state.pkg"
  o Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437)
  o Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd)
    is provided by systemd, so this is de-facto no change. But inside the Open
    Build Service (OBS), the same symbol is also provided by systemd-mini,
    which exists to shorten build-chains by only enabling what other packages
    need to successfully build
  o Add new custom SUSE capability for saltutil state module
  o Fixes status attribute issue in aptpkg test
  o Make setup.py script not to require setuptools greater than 9.1
  o loop: fix variable names for until_no_eval
  o Drop conflictive module.run state patch (bsc#1167437)
  o Update patches after rebase with upstream v3000 tag (bsc#1167437)
  o Fix some requirements issues depending on Python3 versions
  o Removes obsolete patch
  o Fix for low rpm_lowpkg unit test
  o Add python-singledispatch as dependency for python2-salt
  o virt._get_domain: don't raise an exception if there is no VM
  o Fix for temp folder definition in loader unit test
  o Adds test for zypper abbreviation fix
  o Improved storage pool or network handling
  o Better import cache handline
  o Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2
  o Fix regression in service states with reload argument
  o Fix integration test failure for test_mod_del_repo_multiline_values
  o Fix for unless requisite when pip is not installed
  o Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation
  o Fix tornado imports and missing _utils after rebasing patches
  o Removes unresolved merge conflict in yumpkg module
  o Use full option name instead of undocumented abbreviation for zypper
  o Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2
    builds
  o Avoid possible user escalation upgrading salt-master (bsc#1157465)
    (CVE-2019-18897)
  o Fix unit tests failures in test_batch_async tests
  o Batch Async: Handle exceptions, properly unregister and close instances
    after running async batching to avoid CPU starvation of the MWorkers (bsc#
    1162327)
  o RHEL/CentOS 8 uses platform-python instead of python3
  o loader: invalidate the import cachefor extra modules
  o zypperpkg: filter patterns that start with dot (bsc#1171906)
  o Batch mode now also correctly provides return value (bsc#1168340)
  o Add docker.logout to docker execution module (bsc#1165572)
  o Improvements for chroot module
  o Add option to enable/disable force refresh for zypper
  o Prevent sporious "salt-api" stuck processes when managing SSH minions
    because of logging deadlock (bsc#1159284)
  o Avoid segfault from "salt-api" under certain conditions of heavy load
    managing SSH minions (bsc#1169604)
  o Fix partition.mkpart to work without fstype (bsc#1169800)
  o Fix typo in 'minion_runner' for AESFuncs exposed methods.
  o Avoid "NameError: name '__salt_system_encoding__' is not defined" (bsc#
    1138952)
  o Fix load cached grain "osrelease_info" to prevent exceptions on
    "pkg.info_installed" on Debian and Ubuntu minion (bsc#1170042)
  o Build: Buildequire pkgconfig(systemd) instead of systemd
  o Add new custom SUSE capability for saltutil state module
  o Backport saltutil state module to 2019.2 codebase (bsc#1167556)
  o virt._get_domain: don't raise an exception if there is no VM
  o Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)
  o Avoid possible user escalation upgrading salt-master (bsc#1157465)
    (CVE-2019-18897)
  o Fix unit tests failures in test_batch_async tests
  o Batch Async: Handle exceptions, properly unregister and close instances
    after running async batching to avoid CPU starvation of the MWorkers (bsc#
    1162327)
  o RHEL/CentOS 8 uses platform-python instead of python3
  o New configuration option for selection of grains in the minion start event.
  o Fix 'os_family' grain for Astra Linux Common Edition
  o Fix for salt-api NET API where unauthenticated attacker could run arbitrary
    code (CVE-2019-17361) (bsc#1162504)
  o Adds disabled parameter to mod_repo in aptpkg module
  o Move token with atomic operation
  o Bad API token files get deleted (bsc#1160931)
  o Support for Btrfs and XFS in parted and mkfs added
  o Adds list_downloaded for apt Module to enable pre-downloading support
  o Adds virt.(pool|network)_get_xml functions
  o Add virt.pool_capabilities function
  o virt.pool_running improvements
  o Add virt.pool_deleted state
  o virt.network_define allow adding IP configuration
  o virt: adding kernel boot parameters to libvirt xml
  o Fix to scheduler when data['run'] does not exist (bsc#1159118)
  o Fix virt states to not fail on VMs already stopped
  o Fix applying of attributes for returner rawfile_json (bsc#1158940)
  o xfs: do not fail if type is not present (bsc#1153611)
  o Don't use __python indirection macros on spec file %__python is no longer
    defined in RPM 4.15 (python2 is going EOL in Jan 2020); additionally,
    python/python3 are just binaries in the path.
  o Fix errors when running virt.get_hypervisor function
  o Align virt.full_info fixes with upstream Salt
  o Fix for log checking in x509 test
  o Prevent test_mod_del_repo_multiline_values to fail
  o Read repo info without using interpolation (bsc#1135656)
  o Replacing pycrypto with M2Crypto as dependency for >= SLE15 (bsc#1165425)
  o Let salt-ssh use platform-python on RHEL8 (bsc#1158441)
  o Fix StreamClosedError issue (bsc#1157479)
  o Remove virt.pool_delete fast parameter (U#54474)
  o Remove unnecessary yield causing BadYieldError (bsc#1154620)
  o Prevent 'Already reading' continuous exception message (bsc#1137642)
  o Fix for aptpkg test with older mock modules
  o Remove wrong tests for core grain and improve debug logging
  o Use rich RPM deps to get a compatible version of tornado into the
    buildroot.
  o core.py: ignore wrong product_name files
  o zypperpkg: understand product type
  o Enable usage of downloadonly parameter for apt module
  o Add missing 'fun' on events coming from salt-ssh wfunc executions (bsc#
    1151947)
  o Fix failing unit tests for batch async
  o Fix memory consumption problem on BatchAsync (bsc#1137642)
  o Fix dependencies for RHEL 8
  o Prevent systemd-run description issue when running aptpkg (bsc#1152366)
  o Take checksums arg into account for postgres.datadir_init (bsc#1151650)
  o Improve batch_async to release consumed memory (bsc#1140912)
  o Require shadow instead of old pwdutils (bsc#1130588)
  o Conflict with tornado >= 5; for now we can only cope with Tornado 4.x (bsc#
    1101780).
  o Fix virt.full_info (bsc#1146382)
  o virt.volume_infos: silence libvirt error message
  o virt.volume_infos needs to ignore inactive pools
  o Fix for various bugs in virt network and pool states
  o Implement network.fqdns module function (bsc#1134860)
  o Strip trailing "/" from repo.uri when comparing repos in apktpkg.mod_repo
    (bsc#1146192)
  o Make python3 default for RHEL8
  o Use python3 to build package Salt for RHEL8
  o Fix aptpkg systemd call (bsc#1143301)
  o Move server_id deprecation warning to reduce log spamming (bsc#1135567)
    (bsc#1135732)
  o Fix memory leak produced by batch async find_jobs mechanism (bsc#1140912)
  o Files in salt-formulas folder can now be read and excuted by others (bsc#
    1150447)
  o Restore default behaviour of pkg list return (bsc#1148714)
  o Multiple fixes on cmdmod, chroot, freezer and zypperpkg needed for Yomi
    cmdmod: fix runas and group in run_chroot chroot: add missing sys directory
    chroot: change variable name to root chroot: fix bug in safe_kwargs
    iteration freezer: do not fail in cache dir is present freezer: clean
    freeze YAML profile on restore zypperpkg: fix pkg.list_pkgs cache
  o Avoid traceback on http.query when there are errors with the requested URL
    (bsc#1128554)
  o Salt python client get_full_returns seems return data from incorrect jid
    (bsc#1131114)
  o virt.volume_infos: don't raise an error if there is no VM
  o Prevent ansiblegate unit tests to fail on Ubuntu
  o Allow passing kwargs to pkg.list_downloaded for Zypper (bsc#1140193)
  o Do not make "ansiblegate" module to crash on Python3 minions (bsc#1139761)
  o Provide the missing features required for Yomi (Yet one more installer)
  o Fix zypper pkg.list_pkgs test expectation and dpkg mocking
  o Set 'salt' group for files and directories created by
    salt-standalone-formulas-configuration package
  o Fix virt.volume_infos raising an exception when there is only virtual
    machine on the minion.
  o Fix virt.purge() on all non-KVM hypervisors. For instance on Xen,
    virt.purge would simply throw an exception about unsupported flag
  o Building a libvirt pool starts it. When defining a new pool, we need to let
    build start it or we will get libvirt errors.
  o Fix handling of Virtual Machines with white space in their name.
  o avoid batch.py exception when minion does not respond (bsc#1135507)
  o Preserve already defined DESTRUCTIVE_TESTS and EXPENSIVE_TESTS env
    variables
  o Do not break repo files with multiple line values on yumpkg (bsc#1135360)
  o Fix return status when installing or updating RPM packages with "ppc64le"
    arch (bsc#1133647)
  o Add new "salt-standalone-formulas-configuration" package (fate#327791)
  o Switch firewalld state to use change_interface (bsc#1132076)
  o Fix async-batch to fire a single done event
  o Do not make Salt CLI to crash when there are IPv6 established connections
    (bsc#1130784)
  o Include aliases in FQDNS grain (bsc#1121439)
  o Fix issue preventing syndic to start
  o Update to 2019.2.0 release (FATE#327138, bsc#1133523) See https://
    docs.saltstack.com/en/latest/topics/releases/2019.2.0.html
  o Update year on spec copyright notice
  o Use ThreadPool from multiprocessing.pool to avoid leakings when calculating
    FQDNs
  o Do not report patches as installed on RHEL systems when not all the related
    packages are installed (bsc#1128061)
  o Incorporate virt.volume_info fixes (PR#131)
  o Fix for -t parameter in mount module
  o No longer limiting Python3 version to <3.7
  o Add virt.volume_infos and virt.volume_delete functions
  o Bugfix: properly refresh pillars (bsc#1125015)
  o Removes version from python3 requirement completely
  o Adds missing version update to %setup
  o Add virt.all_capabilities to return all host and domain capabilities at
    once
  o Switch to better correct version nomenclature Background: The special
    character tilde (~) will be available for use in version representing a
    negative version token.
  o Fix setup to use the right version tag
  o Add "id_" and "force" to the whitelist of API check
  o Add metadata to accepted keyword arguments (bsc#1122680)
  o Add salt-support script to package
  o Early feature: Salt support-config (salt-support)
  o More fixes on the spec file
  o Fix spaces and indentation
  o Use Adler32 algorithm to compute string checksums (bsc#1102819)
  o Update spec file patch ordering after MSI patch removal
  o Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#
    1129079)
  o Fix batch/batch-async related issues
  o Fixes typo in depedency: e2fsprogs
  o Adds missing dependencies to salt-common: python-concurrent.futures
  o Fix regression in dynamic pillarenv (bsc#1124277)
  o add parallel support for orchestrations (bsc#1116343)
  o Implement asynchronous batching
  o Let dpkg.info expose package status
  o Make aptpkg.info return only installed packages
  o Strip trailing / from repo URI when comparing repos in apktpkg.mod_repo
  o Include aliases in FQDNS grain
  o Prevents error when there is no job entry in filesystem cache due to race
    condition in minion onboarding (bsc#1122663)
  o Don't call zypper with more than one --no-refresh parameter (bsc#1123865)
  o Remove zypper-add-root-configuration-parameter patch (bsc#1123512)
  o Remove MSI Azure cloud module authentication patch (bsc#1123044)
  o Don't encode response string from role API
  o Add root parameter to Zypper module
  o Fix integration tests in state compiler (U#2068)
  o Fix "pkg.list_pkgs" output when using "attr" to take the arch into account
    (bsc#1114029)
  o Fix powerpc null server_id_arch (bsc#1117995)
  o Fix module 'azure.storage' has no attribute '__version__' (bsc#1121091)
  o Add supportconfig module and states for minions and SaltSSH
  o Fix FIPS enabled RES clients (bsc#1099887)
  o Add hold/unhold functions. Fix Debian repo "signed-by".
  o Strip architecture from debian package names
  o Fix latin1 encoding problems on file module (bsc#1116837)
  o Don't error on retcode 0 in libcrypto.OPENSSL_init_crypto
  o Handle anycast IPv6 addresses on network.routes (bsc#1114474)
  o Debian info_installed compatibility (U#50453)
  o Add compatibility with other package modules for "list_repos" function
  o Crontab module fix: file attributes option missing (bsc#1114824)
  o Fix git_pillar merging across multiple __env__ repositories (bsc#1112874)
  o Bugfix: unable to detect os arch when RPM is not installed (bsc#1114197)
  o Fix LDAP authentication issue when a valid token is generated by the
    salt-api even when invalid user credentials are passed. (U#48901)
  o Improved handling of LDAP group id. gid is no longer treated as a string,
    which could have lead to faulty group creations. (bsc#1113784)
  o Fix remote command execution and incorrect access control when using
    salt-api. (bsc#1113699) (CVE-2018-15751)
  o Fix Directory traversal vulnerability when using salt-api. Allows an
    attacker to determine what files exist on a server when querying /run or /
    events. (bsc#1113698) (CVE-2018-15750)
  o Add multi-file support and globbing to the filetree (U#50018)
  o Bugfix: supportconfig non-root permission issues (U#50095)
  o Open profiles permissions to everyone for read-only
  o Preserving signature in "module.run" state (U#50049)
  o Install default salt-support profiles
  o Remove unit test, came from a wrong branch. Fix merging failure.
  o Add CPE_NAME for osversion* grain parsing
  o Get os_family for RPM distros from the RPM macros
  o Install support profiles
  o Fix async call to process manager (bsc#1110938)
  o Salt-based supportconfig implementation (technology preview)
  o Bugfix: any unicode string of length 16 will raise TypeError
  o Fix IPv6 scope (bsc#1108557)
  o Handle zypper ZYPPER_EXIT_NO_REPOS exit code (bsc#1108834, bsc#1109893)
  o Bugfix for pkg_resources crash (bsc#1104491)
  o Fix loosen azure sdk dependencies in azurearm cloud driver (bsc#1107333)
  o Fix broken "resolve_capabilities" on Python 3 (bsc#1108995)
  o Allow empty service_account_private_key in GCE driver (bsc#1108969)
  o Properly handle colons in inline dicts with yamlloader (bsc#1095651)
  o Fix wrong recurse behavior on for linux_acl.present (bsc#1106164)
  o Add additional x509 fixes
  o Fix for StringIO import in Python2
  o Integration of MSI authentication for azurearm
  o Fix for Compound list targeting with "not"
  o Fixes 509x remote signing
  o Adds fix for SUSE Expanded Support os grain detection
  o Prepend current directory when path is just filename (bsc#1095942)
  o Only do reverse DNS lookup on IPs for salt-ssh (bsc#1104154)
  o Add support for Python 3.7 and Tornado 5.0
  o Fix license macro to build on SLE12SP2
  o Decode file contents for python2 (bsc#1102013, bsc#1103530)
  o Fix mine.get not returning data - workaround for #48020 (bsc#1100142)
  o Check dmidecoder executable on each "smbios" call to avoid race condition
    (bsc#1101880)
  o Add API log rotation on SUSE package (bsc#1102218)
  o Add missing dateutils import (bsc#1099945)
  o Backport the new libvirt_events engine from upstream
  o Fix file.blockreplace to avoid throwing IndexError (bsc#1101812)
  o Fix pkg.upgrade reports when dealing with multiversion packages (bsc#
    1102265)
  o Fix UnicodeDecodeError using is_binary check (bsc#1100225)
  o Fix corrupt public key with m2crypto python3 (bsc#1099323)
  o Prevent payload crash on decoding binary data (bsc#1100697)
  o Accounting for when files in an archive contain non-ascii characters (bsc#
    1099460)
  o Handle packages with multiple version properly with zypper (bsc#1096514)
  o Fix file.get_diff regression on 2018.3 (bsc#1098394)
  o Provide python version mismatch solutions (bsc#1072599)
  o Add custom SUSE capabilities as Grains (bsc#1089526)
  o Fix file.managed binary file utf8 error (bsc#1098394)
  o Multiversion patch plus upstream fix and patch reordering
  o Add environment variable to know if yum is invoked from Salt (bsc#1057635)
  o Prevent deprecation warning with salt-ssh (bsc#1095507)
  o Fix for sorting of multi-version packages (bsc#1097174 and bsc#1097413)
  o Align SUSE salt-master.service 'LimitNOFILES' limit with upstream Salt
  o Add 'other' attribute to GECOS fields to avoid inconsistencies with chfn
  o Prevent zypper from parsing repo configuration from not .repo files (bsc#
    1094055)
  o Collect all versions of installed packages on SUSE and RHEL systems (bsc#
    1089526)
  o Documentation refresh to 2018.3.0
  o No more AWS EC2 rate limitations in salt-cloud (bsc#1088888)
  o MySQL returner now also allows to use Unix sockets (bsc#1091371)
  o Do not override jid on returners, only sending back to master (bsc#1092373)
  o Fixes for salt-ssh: - Option --extra-filerefs doesn't add all files to the
    state archive - Pillar completely overwritten (not merged) when doing
    module.run + state.apply with pillar in kwargs
  o remove minion/thin/version if exists to force thin regeneration (bsc#
    1092161)
  o Fixed Python 3 issue with CIDR addresses.
  o Fix minion scheduler to return a 'retcode' attribute (bsc#1089112)
  o Fix for logging during network interface querying (bsc#1087581)
  o Fix rhel packages requires both net-tools and iproute (bsc#1087055)
  o Fix patchinstall on yum module. Bad comparison (bsc#1087278)
  o Strip trailing commas on Linux user's GECOS fields (bsc#1089362)
  o Fallback to PyMySQL (bsc#1087891)
  o Improved test for fqdns
  o Update SaltSSH patch (use code checksum instead version on thin update)
  o Fix for [Errno 0] Resolver Error 0 (no error) (bsc#1087581)


  o Update to 2018.3.0
  o Add python-2.6 support to salt-ssh
  o Add iprout/net-tools dependency
  o salt-ssh: require same major version while minor is allowed to be
  o Add SaltSSH multi-version support across Python interpeters.
  o Fix zypper.info_installed 'ascii' issue
  o Update openscap push patch to include the test fixes
  o Explore 'module.run' state module output in depth to catch "result"
    properly
  o make it possible to use docker login, pull and push from module.run and
    detect errors
  o Fix logging with FQDNs
  o Update cp.push patch
  o force re-generate a new thin.tgz when an update gets installed
  o fix salt-ssh with a different patch
  o Fix unicode decode error with salt-ssh
  o Fix cp.push empty file (bsc#1075950)
  o salt-ssh - move log_file option to changeable defaults
  o Fix grains containing trailing "\n"
  o Remove salt-minion python2 requirement when python3 is default (bsc#
    1081592)
  o Remove-obsolete-unicode-handling-in-pkg.info_installed
  o Update to salt-2018.1.99
  o Fix-epoch-handling-for-Rhel-6-and-7
  o Restoring-installation-of-packages-for-Rhel-6-7
  o Prevent queryformat pattern from expanding (bsc#1079048)
  o Fix epoch handling for Rhel 6 and 7 (bsc#1068566)
  o Reverting to current API for split_input
  o Fix for wrong version processing during yum pkg install (bsc#1068566)
  o Feat: add grain for all FQDNs (bsc#1063419)
  o Fix the usage of custom macros on the spec file.
  o Fix RES7: different dependency names for python-PyYAML and
    python-MarkupSafe
  o Build both python2 and python3 binaries together.
  o Bugfix: errors in external pillar causes crash instead of report of them
    (bsc#1068446)
  o Fix 'user.present' when 'gid_from_name' is set but group does not exist.
  o Fix "No service execution module loaded" issue (bsc#1065792)
  o Set SHELL environment variable
  o Removed unnecessary logging on shutdown (bsc#1050003)
  o Add fqdns to grains (bsc#1063419)
  o Fixing cherrypy websocket with python3
  o Various-bug-fixes
  o Python3 bugfix for cherrypy read()
  o Fix for logging on salt-master exit in rare cases (pid-file removal)
  o Fix salt-master for old psutil version
  o Put back accidentally removed patches
  o Fix for delete_deployment in Kubernetes module (bsc#1059291)
  o Older logrotate need su directive (bsc#1071322)
  o Fix bsc#1041993 already included in 2017.7.2
  o Fixed beacons failure when pillar-based suppressing config-based. (bsc#
    1060230)
  o Escape the usage of %{VERSION} when calling out to rpm. RPM 4.14 has %
    {VERSION} defined as 'the main packages version'.
  o Fix wrong version reported by Salt (bsc#1061407)
  o Fix CVE-2017-14696 (bsc#1062464) already included in 2017.7.2
  o Run salt master as dedicated salt user
  o Run salt-api as user salt (bsc#1064520)


  o Update to 2017.7.2 See https://docs.saltstack.com/en/latest/topics/releases
    /2017.7.2.html
  o Re-added previously removed unit-test for bsc#1050003
  o Fixes for CVE-2017-14695 and CVE-2017-14696 (bsc#1062462)
  o Add missing follow-up for CVE-2017-12791 (bsc#1053955)
  o Fixed salt target-type field returns "String" for existing jids but an
    empty "Array" for non existing jids. (issue#1711)
  o Fixed minion resource exhaustion when many functions are being executed in
    parallel (bsc#1059758)
  o Remove 'TasksTask' attribute from salt-master.service in older versions of
    systemd (bsc#985112)
  o Fix for delete_deployment in Kubernetes module (bsc#1059291)
  o Catching error when PIDfile cannot be deleted (bsc#1050003)
  o Use $HOME to get the user home directory instead using '~' char (bsc#
    1042749)
  o Fixed patches for Kubernetes and YUM modules
  o Add patches to salt to support SUSE Manager scalability features (bsc#
    1052264)
  o Introducing the kubernetes module (bsc#1051948)
  o Revert "We don't have python-systemd, so notify can't work"
  o Notify systemd synchronously via NOTIFY_SOCKET (bsc#1053376)
  o Add clean_id function to salt.utils.verify.py (CVE-2017-12791, bsc#1053955)
  o Added bugfix when jobs scheduled to run at a future time stay pending for
    Salt minions (bsc#1036125)
  o Adding procps as dependency. This provides "ps" and "pgrep" utils which are
    called from different Salt modules and also from new salt-minion watchdog.
  o Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to
    restart salt-minion in case of crashes during upgrade.
  o fix format error (bsc#1043111)
  o fix ownership for whole master cache directory (bsc#1035914)
  o Bugfix: clean up `change` attribute from interface dict (upstream) Issue:
    https://github.com/saltstack/salt/issues/41461 PR: 1. https://github.com/
    saltstack/salt/pull/41487 2. https://github.com/saltstack/salt/pull/41533
  o Disable 3rd party runtime packages to be explicitly recommended. (bsc#
    1040886)
  o Bugfix: orchestrate and batches returns false failed information https://
    github.com/saltstack/salt/issues/40635
  o speed-up cherrypy by removing sleep call
  o wrong os_family grains on SUSE - fix unittests (bsc#1038855)
  o fix setting the language on SUSE systems (bsc#1038855)
  o Documentation refresh to 2016.11.4


  o Update to 2016.11.4 See https://docs.saltstack.com/en/develop/topics/
    releases/2016.11.4.html See https://docs.saltstack.com/en/develop/topics/
    releases/2016.11.3.html See https://docs.saltstack.com/en/develop/topics/
    releases/2016.11.2.html See https://docs.saltstack.com/en/develop/topics/
    releases/2016.11.1.html for full changelog
  o Use SUSE specific salt-api.service (bsc#1039370)
  o Bugfix: wrong os_family grains on SUSE (bsc#1038855)
  o Bugfix: unable to use hostname for minion ID as '127' (upstream)
  o Fix core grains constants for timezone (bsc#1032931)
  o Add unit test for a skip false values from preferred IPs upstream patch
  o Adding "yum-plugin-security" as required for RHEL 6
  o Minor fixes on new pkg.list_downloaded
  o Listing all type of advisory patches for Yum module
  o Prevents zero length error on Python 2.6
  o Fixes zypper test error after backporting
  o raet protocol is no longer supported (bsc#1020831)
  o Fix: move SSH data to the new home (bsc#1027722)
  o Fix: /var/log/salt/minion fails logrotate (bsc#1030009)
  o Fix: Result of master_tops extension is mutually overwritten (bsc#1030073)
  o Allows to set 'timeout' and 'gather_job_timeout' via kwargs
  o Allows to set custom timeouts for 'manage.up' and 'manage.status'
  o Use salt's ordereddict for comparison (fixes failing tests)
  o add special salt-minion.service file for RES7
  o fix scripts for salt-proxy
  o define with systemd for fedora and rhel >= 7 (bsc#1027240)
  o add openscap module
  o file.get_managed regression fix (upstream issues #39762)
  o fix translate variable arguments if they contain hidden keywords (bsc#
    1025896)
  o fix service handling for openSUSE
  o added unit test for dockerng.sls_build dryrun
  o added dryrun to dockerng.sls_build
  o update dockerng minimal version requirements
  o fix format error in error parsing
  o keep fix for migrating salt home directory (bsc#1022562)
  o Fix salt pkg.latest raises exception if package is not available (bsc#
    1012999)
  o Fix timezone: should be always in UTC (bsc#1017078)
  o Fix timezone handling for rpm installtime (bsc#1017078)
  o Increasing timeouts for running integrations tests
  o Add buildargs option to dockerng.build module
  o Disable custom rosters for Salt SSH via Salt API (bsc#1011800) More: https:
    //github.com/saltstack/salt/pull/38596
  o Fix error when missing ssh-option parameter
  o readd yum notify plugin
  o all kwargs to dockerng.create to provide all features to sls_build as well
  o Bugfix: datetime should be returned always in UTC
  o Bugfix: scheduled state may cause crash while deserialising data on
    infinite recursion. (bsc#1036125)
  o Enable yum to handle errata on RHEL 6: require yum-plugin-security
  o Minor fixes on new pkg.list_downloaded
  o Listing all type of advisory patches for Yum module
  o Prevents zero length error on Python 2.6
  o Fixes zypper test error after backporting
  o Refactoring on Zypper and Yum execution and state modules to allow
    installation of patches/errata.
  o Fix log rotation permission issue (bsc#1030009)
  o Use pkg/suse/salt-api.service by this package
  o Patch to set SHELL env variable for the salt-api.service. Needed for
    salt-ssh ProxyCommand to work properly.
  o Fixes 'timeout' and 'gather_job_timeout' kwargs parameters for
    'local_batch' client
  o Add missing bootstrap script for Salt Cloud (bsc#1032452)
  o Fix: add missing /var/cache/salt/cloud directory (bsc#1032213)
  o Added test case for race conditions on cache directory creation
  o Adding "pkg.install downloadonly=True" support to yum/dnf execution module
  o Makes sure "gather_job_timeout" is an Integer
  o Adding "pkg.downloaded" state and support for installing patches/erratas
  o Fix: merge master_tops output
  o Fix: race condition on cache directory creation
  o Cleanup salt user environment preparation (bsc#1027722)
  o Don't send passwords after shim delimiter is found (bsc#1019386)
  o Allows to set 'timeout' and 'gather_job_timeout' via kwargs
  o Allows to set custom timeouts for 'manage.up' and 'manage.status'
  o Update systemd module unit tests (Update patch 0050)
  o define with system for fedora and rhel 7 (bsc#1027240)
  o Fix service state returning stacktrace (bsc#1027044)
  o OpenSCAP Module
  o Prevents 'OSError' exception in case certain job cache path doesn't exist
    (bsc#1023535)
  o Backport: Fix issue with cp.push (#36136)
  o Fix salt-minion update on RHEL (bsc#1022841)
  o Adding new functions to Snapper execution module.
  o Fix invalid chars allowed for data IDs (bsc#1011304) Fix timezone: should
    be always in UTC (bsc#1017078)
  o Fixes wrong "enabled" opts for yumnotify plugin
  o ssh-option parameter for salt-ssh command.
  o minion should pre-require salt
  o do not restart salt-minion in the salt package
  o add try-restart to sys-v init scripts
  o Adding "Restart=on-failure" for salt-minion systemd service
  o Re-introducing "KillMode=process" for salt-minion systemd service
  o Successfully exit of salt-api child processes when SIGTERM is received


  o Update to 2015.8.12
  o Fix possible information leak due to revoked keys still being used. (bsc#
    1012398, CVE-2016-9639)
  o Splitted non-Linux and other external platform modules to 'salt-other'
    sub-package.
  o Switch package group from System/Monitoring to System/Management
  o fix exist codes of sysv init script (bsc#999852)
  o Including resolution parameters in the Zypper debug-solver call during a
    dry-run dist-upgrade.
  o Fix Salt API crash via salt-ssh on empty roster (bsc#1004723)
  o Adding 'dist-upgrade' support to zypper module (FATE#320559)
  o Copy .travis.yml from git commit ea63e793567ba777e47dc766a4f88edfb037a02f
  o Change travis configuration file to use salt-toaster
  o acl.delfacl: fix position of -X option to setfacl (bsc#1004260)
  o fix generated shebang in scripts on SLES-ES 7 (bsc#1004047)
  o add update-documentation.sh to specfile
  o Setting up OS grains for SLES-ES (SLES Expanded Support platform)
  o Move salt home directory to /var/lib/salt (bsc#1002529)
  o Adjust permissions on home directory
  o Adjust pre-install script to correctly move existing salt users' home
    directory salt user cannot write in his own home directory (/srv/salt)
    because it is owned by user `root`. This prevents salt from correctly save
    ssh known hosts in ~/.ssh/ and breaks salt-ssh bootstrapping.
  o Updated html.tar.bz2 documentation tarball.
  o Generate Salt Thin with configured extra modules (bsc#990439)
  o Unit and integration tests fixes for 2015.8.7
  o Prevent pkg.install failure for expired keys (bsc#996455)
  o Required D-Bus and generating machine ID
  o add a macro to check if the docs should be build or the static tarball
    should be used
  o Fix a couple of failing unittests
  o Helper script for updating documentation tarball.
  o Fix python-jinja2 requirements in rhel
  o Fix pkg.installed refresh repo failure (bsc#993549)
  o Fix salt.states.pkgrepo.management no change failure (bsc#990440)
  o Prevent snapper module crash on load if no DBus is available in the system
    (bsc#993039)
  o Prevent continuous restart, if a dependency wasn't installed (bsc#991048)
  o Fix beacon list to include all beacons being process
  o Run salt-api as user salt like the master (bsc#990029)
  o Revert patch Minion ID generation (bsc#967803)
  o Fix broken inspector due to accidentally missed commit (bsc#989798)
  o Set always build salt-doc package.
  o Bugfix: lvm.vg_present does not recognize PV with certain LVM filter
    settings (bsc#988506)
  o Backport: Snapper module for Salt.
  o Bugfix: pkg.list_products on "registerrelease" and "productline" returns
    boolean.False if empty (bsc#989193, bsc#986019)
  o Rewrite Minion ID generation (bsc#967803)
  o Bugfix: Fixed behavior for SUSE OS grains (bsc#970669)
  o Bugfix: Salt os_family does not detect SLES for SAP (bsc#983017)
  o Move log message from INFO to DEBUG (bsc#985661)
  o fix salt --summary to count not responding minions correctly (bsc#972311)
  o Fix memory leak on custom execution module sheduled jobs (bsc#983512)
  o fix groupadd module for sles11 systems (bsc#978150)
  o Fix pkgrepo.managed gpgkey argument doesn't work (bsc#979448)
  o Package checksum validation for zypper pkg.download
  o Check if a job has executed and returned successfully
  o Remove option -f from startproc (bsc#975733)
  o Changed Zypper's plugin. Added Unit test and related to that data (bsc#
    980313).
  o Zypper plugin: alter the generated event name on package set change.
  o Fix file ownership on master keys and cache directories during upgrade
    (handles upgrading from salt 2014, where the daemon ran as root, to 2015
    where it runs as the salt user, bsc#979676).
  o salt-proxy .service file created (bsc#975306)
  o Prevent salt-proxy test.ping crash (bsc#975303)
  o Fix shared directories ownership issues.
  o Add Zypper plugin to generate an event, once Zypper is used outside the
    Salt infrastructure demand (bsc#971372).
  o Restore boolean values from the repo configuration Fix priority attribute
    (bsc#978833)
  o Unblock-Zypper. (bsc#976148) Modify-environment. (bsc#971372)
  o Prevent crash if pygit2 package is requesting re-compilation.
  o align OS grains from older SLES with current one (bsc#975757)
  o Bugfix: salt-key crashes if tries to generate keys to the directory w/o
    write access (bsc#969320)
  o Check if EOL is available in a particular product (bsc#975093)
  o fix building with docs on SLE11
  o Prevent metadata download when getting installed products
  o Add statically built docs.
  o fix sorting by latest package
  o ensure pkg.info_installed report latest package version (bsc#972490)
  o Use SHA256 by default in master, minion and proxy (bsc#955373)
  o Fix state structure compilation
  o Fix git_pillar race condition
  o fix detection of base products in SLE11
  o fix rpm info for SLE11
  o fix init system detection for SLE11
  o Make checksum configurable (upstream still wants md5, we suggest sha256).
    bsc#955373
  o Fix the service state / module on SLE11.
  o Prevent rebuilds in OBS by not generating a date as a comment in a source
    file
  o Add better checking for zypper exit codes and simplify evaluation of the
    zypper error messages.
  o Adapt unit tests
  o Add initial pack of Zypper's Unit tests. Use XML output in list_upgrades.
    Bugfix: upgrade_available crashes when only one package specified Purge is
    not using "-u" anymore
  o fix argument handling of pkg.download
  o unify behavior of zypper refresh in salt
  o Fix crash with scheduler and runners
  o Call zypper always with --non-interactive
  o require rpm-python on SUSE for zypper support
  o fix state return code
  o add handling of OEM products to pkg.list_products
  o improve doc for list_pkgs
  o implement pkg.version_cmp in zypper.py


  o Update to 2015.8.7 this is a small update to fix some regressions see
    https://docs.saltstack.com/en/latest/topics/releases/2015.8.7.html
  o Booleans should not be strings from XML, add Unix ticks time and format
    result in a list of maps.
  o Stop salt-api daemon faster (bsc#963322)
  o Do not crash on salt-key reject/delete consecutive calls.


  o Update to 2015.8.5 Security fixes: * CVE-2016-1866: Improper handling of
    clear messages on the minion remote code execution (bsc#965403) See https:/
    /docs.saltstack.com/en/latest/topics/releases/2015.8.5.html


  o Update to 2015.8.4 See https://docs.saltstack.com/en/latest/topics/releases
    /2015.8.4.html
  o Fix latest version available comparison and implement epoch support in
    Zypper module.
  o Fix dependencies to Salt subpackages requiring release along the version.
  o Fix pkg.latest crash.
  o Fix pkg.latest SLS ID bug, when pkgs empty list is passed, but SLS ID still
    treated as a package name.
  o Fix zypper module info_available on SLE-11 * https://github.com/saltstack/
    salt/pull/30384
  o zypper/pkg: add package attributes filtering * https://github.com/saltstack
    /salt/pull/30267
  o Remove obsoleted patches and fixes: * Remove require on glibc-locale (bsc#
    959572)
  o Add missing return data to scheduled jobs * https://github.com/saltstack/
    salt/pull/30246
  o Update zypper-utf-8 patch for Python 2.6
  o require glibc-locale (bsc#959572)
  o Report epoch and architecture of installed packages
  o pkg.info_installed exceeds the maximum event size, reduce the information
    to what's actually needed
  o Filter out bad UTF-8 strings in package data (bsc#958350)


  o Updated to salt 2015.8.3 bugfix release more details at: https://
    docs.saltstack.com/en/latest/topics/releases/2015.8.3.html


  o reimplements pkg.list_products that potentially may be broken in a future
    releases of SLES.
  o fixe a regression introduced in 2015.8.2, which was actually holding back
    the release. Downgrade is not an option as we need the leap fixes.
  o it shouldnt be >= 1110 but just > 1110
  o require pmtools on sle11 to get dmidecode
  o First step to make the syndic also run as salt user.


  o Updated to bugfix release 2015.8.2
  o fix the "os" grain on SLES11SP4
  o fix the priority and humanname pkgrepo args for the zypper backend for more
    details:
    https://docs.saltstack.com/en/2015.8/topics/releases/2015.8.2.html


  o update to 2015.8.1 - Add support for ``spm.d/*.conf`` configuration of SPM
    (:issue:`27010`) - Fix ``proxy`` grains breakage for non-proxy minions
    (:issue:`27039`) - Fix global key management for git state - Fix passing
    http auth to ``util.http`` from ``state.file`` (:issue:`21917`) - Fix
    ``multiprocessing: True`` in windows (on by default`) - Add ``pkg.info`` to
    pkg modules - Fix name of ``serial`` grain (this was accidentally renamed
    in 2015.8.0`) - Merge config values from ``master.d``/``minion.d`` conf
    files (rather than flat update`) - Clean grains cache on grains sync
    (:issue:`19853`) - Remove streamed response for fileclient to avoid HTTP
    redirection problems (:issue:`27093`) - Fixed incorrect warning about
    ``osrelease`` grain (:issue:`27065`) - Fix authentication via Salt-API with
    tokens (:issue:`27270`) - Fix winrepo downloads from https locations
    (:issue:`27081`) - Fix potential error with salt-call as non-root user
    (:issue:`26889`) - Fix global minion provider overrides (:issue:`27209`) -
    Fix backward compatibility issues for pecl modules - Fix Windows
    uninstaller to only remove ``./bin``, ``salt*``, ``nssm.exe``, ``uninst.exe
    `` (:issue:`27383`) - Fix misc issues with mongo returner. - Add sudo
    option to cloud config files (:issue:`27398`) - Fix regression in
    RunnerClient argument handling (:issue:`25107`) - Fix ``dockerng.running``
    replacing creation hostconfig with runtime hostconfig (:issue:`27265`) -
    Fix dockerng.running replacing creation hostconfig with runtime hostconfig
    (:issue:`27265`) - Increased performance on boto asg/elb states due to
    ``__states__`` integration - Windows minion no longer requires powershell
    to restart (:issue:`26629`) - Fix x509 module to support recent versions of
    OpenSSL (:issue:`27326`) - Some issues with proxy minions were corrected.
  o guard raet buildrequires with bcond_with raet and comment out the
    recommends for salt-raet.
  o remove pygit2 global recommends, it is only needed in the master
  o remove git-core, pygit2 should pull it as a dependency
  o add a (currently disabled) %check Returns detailed information about a
    package
  o ifdef Recommends to build on RHEL based distros
  o use _initddir instead of _sysconfdir/init.d as it works on both platforms.
  o allow to disable docs in preparation for building on other platforms
    without all dependencies.
  o python-libnacl, python-ioflo are _not_ required to build the package. They
    are anyways requires of python-raet, which is also not required to build
    the package.


  o merge (build)requires/recommends with requirements/*txt and setup.py
  o add raet subpackage which will pull all requires for it and provides config
    snippets to enable it for the minion and master.
  o add tmpfiles.d file
  o Remove requires on python-ioflo and python-libnacl they will be pulled by
    python-raet, which is optional.
  o python-raet is optional, so make it a Recommends


  o update backports patch from 2015.8 branch
  o update use-forking-daemon patch: the original intention was to get rid of
    the python systemd dependency. for this we do not have daemonize the whole
    process. just switching to simple mode is enough.
  o drop fdupes: 1. it broke python byte code handling 2. the only part of the
    package which would really benefit from it would be the doc package. but
    given we only install the files via %doc, we can not use it for that
    either.
  o reenable completions on distros newer than sle11
  o do not use _datarootdir, use _datadir instead.
  o package all directories in /var/cache/salt and /etc/salt and have
    permissions set for non root salt master
  o update use-salt-user-for-master patch: - also patch the logrotate file to
    include the su option
  o remove duplicated recommends
  o never require pygit2 and git. the master can run fine without. always use
    recommends
  o cleanup dependencies: - remove a lot of unneeded buildrequires - fdupes not
    present on SLE10 - python-certifi needed on SLE11 - python-zypp not needed
    any more - python-pygit2 is not a global requirement - convert
    python-pysqlite to recommends as it is not available on python <=2.7
  o sles_version -> suse_version
  o %exclude the cloud/deploy/*.sh scripts to fix build issue on SLE11
  o Remove python-PyYAML from the dependencies list, as python-yaml is the same
  o Build the -completion subpackages in SLE11 as well
  o Add salt-proxy (by dmacvicar@suse.de)
  o Create salt user/group only in the -master subpkg
  o Fix typo in use-forking-daemon patch, that prevented daemon loading
  o Fix typo in Requires
  o Cleanup requirements


  o New Major release 2015.8.0 for more details: http://docs.saltstack.com/en/
    latest/topics/releases/2015.8.0.html
  o Cleaned the spec file with spec-cleaner
  o Added the use-salt-user-for-master patch see README.SUSE
  o Updated the files ownership with salt user
  o removed m2crypto depency
  o Removed fish dependency for fish completions.
  o Added fish completions.
  o Support SLE11SP{3,4}, where the M2Crypto package is named python-m2crypto


  o Updated to Bugfix release 2015.5 for more details:

https://github.com/saltstack/salt/blob/develop/doc/topics/releases/2015.5.5
.rst

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXxjgGuNLKJtyKPYoAQhPCA/9Gbkwzb+LqRUqBwh4TqQxeSuhvHmkNstu
zNh1SuWNqWcAx1l8V/LlWCMlAO1W+qhC0TIqcw0pCqX7RgUJPfrA0zdRPUxSOkp4
qWC5rcJPEuzXCIzEeCwgUXhoDPKu2U9KxK2frU0DKVYpRJem8izwz69D6/29+qQc
xxVmUCTVTLrJDtdICetzrFv0L+91SrIQ3ouWnuMgldAOwtBRsfA2pcesMN49dAGC
c7vAZooLrTYbU9ZDgsh5PjZvUZn19dPyo0s/QK8iLakqwqoH3gDxVl5TuHQOdpoO
xHY5STycvP5SN4eLm47gTjwAebB2cTom/Wo/HcvrX3WwN5NtEfmDvgTeQFSSW97l
S5piHzFsm6fXzFdMHPf5j9pm7o7qHvUcdnG0hB0APrsYMDX6zNzcg7Syix8x8FEP
5xRJ7+3l/TxzlQuvl9GY5yd2JTe9O+2koT8Tns3Yt0s0fsmsb7LksNqLvfDAanmk
OGBX6051WVkgpDqpvB+UlpiaXj2Mfbw2wMGoc4Y+YGq8iS/egGnTMvWgCtSnLz4c
o/yIOf7AG3knraUx4eNQX9xw+ABfGaUCYf+Ma9n5vLalRd129LgaUmSnWSwWWb/H
mKJqgAJ8JE8eNtz0UXn0TTX9JVj0Dr0bjzkQ6d+XC8TYP1mgi9BYb46v/xeIvYC7
ekYi6mkt/QQ=
=lP3X
-----END PGP SIGNATURE-----