Attachment 249884 Details for Bug 278149 – patch to revert to 3006.07 + fix GH issue #66153

[patch] patch to revert to 3006.07 + fix GH issue #66153

salt.diff (text/plain), 4.98 KB, created by Nick Hilliard on 2024-04-10 21:11:19 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Nick Hilliard

Created: 2024-04-10 21:11:19 UTC

Size: 4.98 KB

patch

obsolete

>diff -bNur py-salt.orig/Makefile py-salt/Makefile
>--- py-salt.orig/Makefile	2024-04-10 21:59:12.004854000 +0100
>+++ py-salt/Makefile	2024-04-10 18:30:08.870569000 +0100
>@@ -1,5 +1,6 @@
> PORTNAME=	salt
>-PORTVERSION=	3007.0
>+PORTVERSION=	3006.7
>+PORTREVISION=	3
> CATEGORIES=	sysutils python
> MASTER_SITES=	PYPI
> PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
>diff -bNur py-salt.orig/distinfo py-salt/distinfo
>--- py-salt.orig/distinfo	2024-04-10 21:59:12.004930000 +0100
>+++ py-salt/distinfo	2024-04-10 18:29:57.768690000 +0100
>@@ -1,3 +1,3 @@
>-TIMESTAMP = 1711901921
>-SHA256 (salt-3007.0.tar.gz) = 41bf84e71fc655bf8a4b52eb440d0621ae961096a086d20e132e1512e2eddff8
>-SIZE (salt-3007.0.tar.gz) = 20304228
>+TIMESTAMP = 1708611593
>+SHA256 (salt-3006.7.tar.gz) = ed92d21b84eb9d479f93ba89468453408117e0dc1010614214999e8d0c210afd
>+SIZE (salt-3006.7.tar.gz) = 20562663
>diff -bNur py-salt.orig/files/patch-requirements_base.txt py-salt/files/patch-requirements_base.txt
>--- py-salt.orig/files/patch-requirements_base.txt	2024-04-10 21:59:12.005028000 +0100
>+++ py-salt/files/patch-requirements_base.txt	2024-04-10 18:29:57.769285000 +0100
>@@ -1,10 +1,8 @@
>---- requirements/base.txt.orig	2024-03-31 16:19:43 UTC
>+--- requirements/base.txt.orig	2023-11-26 11:34:24 UTC
> +++ requirements/base.txt
>-@@ -15,7 +15,6 @@ aiohttp>=3.9.0
>- 
>- # We need contextvars for salt-ssh.
>- # Even on python versions which ships with contextvars in the standard library!
>+@@ -8,5 +8,3 @@ looseversion
>+ psutil>=5.0.0
>+ packaging>=21.3
>+ looseversion
>+-# We need contextvars for salt-ssh
> -contextvars
>- 
>- setproctitle>=1.2.3
>- timelib>=0.2.5
>diff -bNur py-salt.orig/files/patch-salt_channel_server.py py-salt/files/patch-salt_channel_server.py
>--- py-salt.orig/files/patch-salt_channel_server.py	1970-01-01 01:00:00.000000000 +0100
>+++ py-salt/files/patch-salt_channel_server.py	2024-04-10 21:49:14.647017000 +0100
>@@ -0,0 +1,46 @@
>+--- salt/channel/server.py.orig
>++++ salt/channel/server.py
>+@@ -52,6 +52,16 @@ class ReqServerChannel:
>+         transport = salt.transport.request_server(opts, **kwargs)
>+         return cls(opts, transport)
>+ 
>++    @classmethod
>++    def compare_keys(cls, key1, key2):
>++        """
>++        Normalize and compare two keys
>++
>++        Returns:
>++            bool: ``True`` if the keys match, otherwise ``False``
>++        """
>++        return salt.crypt.clean_key(key1) == salt.crypt.clean_key(key2)
>++
>+     def __init__(self, opts, transport):
>+         self.opts = opts
>+         self.transport = transport
>+@@ -371,7 +381,7 @@ class ReqServerChannel:
>+         elif os.path.isfile(pubfn):
>+             # The key has been accepted, check it
>+             with salt.utils.files.fopen(pubfn, "r") as pubfn_handle:
>+-                if salt.crypt.clean_key(pubfn_handle.read()) != load["pub"]:
>++                if not self.compare_keys(pubfn_handle.read(), load["pub"]):
>+                     log.error(
>+                         "Authentication attempt from %s failed, the public "
>+                         "keys did not match. This may be an attempt to compromise "
>+@@ -480,7 +490,7 @@ class ReqServerChannel:
>+                 # case. Otherwise log the fact that the minion is still
>+                 # pending.
>+                 with salt.utils.files.fopen(pubfn_pend, "r") as pubfn_handle:
>+-                    if salt.crypt.clean_key(pubfn_handle.read()) != load["pub"]:
>++                    if not self.compare_keys(pubfn_handle.read(), load["pub"]):
>+                         log.error(
>+                             "Authentication attempt from %s failed, the public "
>+                             "key in pending did not match. This may be an "
>+@@ -536,7 +546,7 @@ class ReqServerChannel:
>+                 # so, pass on doing anything here, and let it get automatically
>+                 # accepted below.
>+                 with salt.utils.files.fopen(pubfn_pend, "r") as pubfn_handle:
>+-                    if salt.crypt.clean_key(pubfn_handle.read()) != load["pub"]:
>++                    if not self.compare_keys(pubfn_handle.read(), load["pub"]):
>+                         log.error(
>+                             "Authentication attempt from %s failed, the public "
>+                             "keys in pending did not match. This may be an "
>diff -bNur py-salt.orig/files/patch-salt_ext_tornado_iostream.py py-salt/files/patch-salt_ext_tornado_iostream.py
>--- py-salt.orig/files/patch-salt_ext_tornado_iostream.py	1970-01-01 01:00:00.000000000 +0100
>+++ py-salt/files/patch-salt_ext_tornado_iostream.py	2024-04-10 18:29:57.769947000 +0100
>@@ -0,0 +1,10 @@
>+--- salt/ext/tornado/iostream.py.orig	2023-05-16 11:50:28 UTC
>++++ salt/ext/tornado/iostream.py
>+@@ -1116,6 +1116,7 @@ class IOStream(BaseIOStream):
>+             future = self._connect_future = TracebackFuture()
>+         try:
>+             self.socket.connect(address)
>++            self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 524288)
>+         except socket.error as e:
>+             # In non-blocking mode we expect connect() to raise an
>+             # exception with EINPROGRESS or EWOULDBLOCK.

Actions: View | Diff

Attachments on bug 278149: 249884 | 250502