Salt 2014.7.4 Release Notes

release

2015-03-30

Version 2014.7.4 is a bugfix release for 2014.7.0.

This is a security release. The security issues fixed have only been present since 2014.7.0, and only users of the two listed modules are vulnerable. The following CVEs have been resolved:

  • CVE-2015-1838 SaltStack: insecure /tmp file handling in salt/modules/serverdensity_device.py

  • CVE-2015-1839 SaltStack: insecure /tmp file handling in salt/modules/chef.py

Changes:

  • Multi-master minions mode no longer route fileclient operations asymetrically. This fixes the source of many multi-master bugs where the minion would become unrepsonsive from one or more masters.

  • Fix bug wherein network.iface could produce stack traces.

  • net.arp will no longer be made available unless arp is installed on the system.

  • Major performance improvements to Saltnado

  • Allow KVM module to operate under KVM itself or VMware Fusion

  • Various fixes to the Windows installation scripts

  • Fix issue where the syndic would not correctly propagate loads to the master job cache.

  • Improve error handling on invalid /etc/network/interfaces file in salt networking modules

  • Fix bug where a response status was not checked for in fileclient.get_url

  • Enable eauth when running salt in batch mode

  • Increase timeout in Boto Route53 module

  • Fix bugs with Salt's 'tar' module option parsing

  • Fix parsing of NTP servers on Windows

  • Fix issue with blockdev tuning not reporting changes correctly

  • Update to the latest Salt bootstrap script

  • Update Linode salt-cloud driver to use either linode-python or apache-libcloud

  • Fix for s3.query function to return correct headers

  • Fix for s3.head returning None for files that exist

  • Fix the disable function in win_service module so that the service is disabled correctly

  • Fix race condition between master and minion when making a directory when both daemons are on the same host

  • Fix an issue where file.recurse would fail at the root of an svn repo when the repo has a mountpoint

  • Fix an issue where file.recurse would fail at the root of an hgfs repo when the repo has a mountpoint

  • Fix an issue where file.recurse would fail at the root of an gitfs repo when the repo has a mountpoint

  • Add status.master capability for Windows.

  • Various fixes to ssh_known_hosts

  • Various fixes to states.network bonding for Debian

  • The debian_ip.get_interfaces module no longer removes nameservers.

  • Better integration between grains.virtual and systemd-detect-virt and virt-what

  • Fix traceback in sysctl.present state output

  • Fix for issue where mount.mounted would fail when superopts were not a part of mount.active (extended=True). Also mount.mounted various fixes for Solaris and FreeBSD.

  • Fix error where datetimes were not correctly safeguarded before being passed into msgpack.

  • Fix file.replace regressions. If the pattern is not found, and if dry run is False, and if backup is False, and if a pre-existing file exists with extension .bak, then that backup file will be overwritten. This backup behavior is a result of how fileinput works. Fixing it requires either passing through the file twice (the first time only to search for content and set a flag), or rewriting file.replace so it doesn't use fileinput

  • VCS filreserver fixes/optimizations

  • Catch fileserver configuration errors on master start

  • Raise errors on invalid gitfs configurations

  • set_locale when locale file does not exist (Redhat family)

  • Fix to correctly count active devices when created mdadm array with spares

  • Fix to correctly target minions in batch mode

  • Support ssh:// urls using the gitfs dulwhich backend

  • New fileserver runner

  • Fix various bugs with argument parsing to the publish module.

  • Fix disk.usage for Synology OS

  • Fix issue with tags occurring twice with docker.pulled

  • Fix incorrect key error in SMTP returner

  • Fix condition which would remount loopback filesystems on every state run

  • Remove requsites from listens after they are called in the state system

  • Make system implementation of service.running aware of legacy service calls

  • Fix issue where publish.publish would not handle duplicate responses gracefully.

  • Accept Kali Linux for aptpkg salt execution module

  • Fix bug where cmd.which could not handle a dirname as an argument

  • Fix issue in ps.pgrep where exceptions were thrown on Windows.

Known issues:

  • In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed at the same time that one or more masters are down. This can be worked around by setting 'auth_timeout' and 'auth_tries' down to shorter periods.

  • There are known issues with batch mode operating on the incorrect number of minions. This bug can be patched with the change in Pull Request #22464.

  • The fun, state, and unless keywords are missing from the state internals, which can cause problems running some states. This bug can be patched with the change in Pull Request #22365.