Salt 2014.7.4 Release NotesΒΆ

release:2015-03-30

Version 2014.7.4 is a bugfix release for 2014.7.0.

This is a security release. The security issues fixed have only been present since 2014.7.0, and only users of the two listed modules are vulnerable. The following CVEs have been resolved:

  • CVE-2015-1838 SaltStack: insecure /tmp file handling in salt/modules/serverdensity_device.py
  • CVE-2015-1839 SaltStack: insecure /tmp file handling in salt/modules/chef.py

Changes:

  • Multi-master minions mode no longer route fileclient operations asymetrically. This fixes the source of many multi-master bugs where the minion would become unrepsonsive from one or more masters.
  • Fix bug wherein network.iface could produce stack traces.
  • net.arp will no longer be made available unless arp is installed on the system.
  • Major performance improvements to Saltnado
  • Allow KVM module to operate under KVM itself or VMWare Fusion
  • Various fixes to the Windows installation scripts
  • Fix issue where the syndic would not correctly propagate loads to the master job cache.
  • Improve error handling on invalid /etc/network/interfaces file in salt networking modules
  • Fix bug where a response status was not checked for in fileclient.get_url
  • Enable eauth when running salt in batch mode
  • Increase timeout in Boto Route53 module
  • Fix bugs with Salt's 'tar' module option parsing
  • Fix parsing of NTP servers on Windows
  • Fix issue with blockdev tuning not reporting changes correctly
  • Update to the latest Salt bootstrap script
  • Update Linode salt-cloud driver to use either linode-python or apache-libcloud
  • Fix for s3.query function to return correct headers
  • Fix for s3.head returning None for files that exist
  • Fix the disable function in win_service module so that the service is disabled correctly
  • Fix race condition between master and minion when making a directory when both daemons are on the same host
  • Fix an issue where file.recurse would fail at the root of an svn repo when the repo has a mountpoint
  • Fix an issue where file.recurse would fail at the root of an hgfs repo when the repo has a mountpoint
  • Fix an issue where file.recurse would fail at the root of an gitfs repo when the repo has a mountpoint
  • Add status.master capability for Windows.
  • Various fixes to ssh_known_hosts
  • Various fixes to states.network bonding for Debian
  • The debian_ip.get_interfaces module no longer removes nameservers.
  • Better integration between grains.virtual and systemd-detect-virt and virt-what
  • Fix traceback in sysctl.present state output
  • Fix for issue where mount.mounted would fail when superopts were not a part of mount.active (extended=True). Also mount.mounted various fixes for Solaris and FreeBSD.
  • Fix error where datetimes were not correctly safeguarded before being passed into msgpack.
  • Fix file.replace regressions. If the pattern is not found, and if dry run is False, and if backup is False, and if a pre-existing file exists with extension .bak, then that backup file will be overwritten. This backup behavior is a result of how fileinput works. Fixing it requires either passing through the file twice (the first time only to search for content and set a flag), or rewriting file.replace so it doesn't use fileinput
  • VCS filreserver fixes/optimizations
  • Catch fileserver configuration errors on master start
  • Raise errors on invalid gitfs configurations
  • set_locale when locale file does not exist (Redhat family)
  • Fix to correctly count active devices when created mdadm array with spares
  • Fix to correctly target minions in batch mode
  • Support ssh:// urls using the gitfs dulwhich backend
  • New fileserver runner
  • Fix various bugs with argument parsing to the publish module.
  • Fix disk.usage for Synology OS
  • Fix issue with tags occurring twice with docker.pulled
  • Fix incorrect key error in SMTP returner
  • Fix condition which would remount loopback filesystems on every state run
  • Remove requsites from listens after they are called in the state system
  • Make system implementation of service.running aware of legacy service calls
  • Fix issue where publish.publish would not handle duplicate responses gracefully.
  • Accept Kali Linux for aptpkg salt execution module
  • Fix bug where cmd.which could not handle a dirname as an argument
  • Fix issue in ps.pgrep where exceptions were thrown on Windows.

Known issues:

  • In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed at the same time that one or more masters are down. This can be worked around by setting 'auth_timeout' and 'auth_tries' down to shorter periods.
  • There are known issues with batch mode operating on the incorrect number of minions. This bug can be patched with the change in Pull Request #22464.
  • The fun, state, and unless keywords are missing from the state internals, which can cause problems running some states. This bug can be patched with the change in Pull Request #22365.