Bug 206906 - sysutils/py-salt: Update to 2015.8.5 (Fixes CVE-2016-1866)
Summary: sysutils/py-salt: Update to 2015.8.5 (Fixes CVE-2016-1866)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Jason Unovitch
URL: https://docs.saltstack.com/en/latest/...
Keywords: easy, patch, patch-ready, security
Depends on:
Blocks:
 
Reported: 2016-02-04 04:01 UTC by Christer Edwards
Modified: 2016-02-05 21:01 UTC (History)
3 users (show)

See Also:
junovitch: merge-quarterly+


Attachments
patch (1.54 KB, text/plain)
2016-02-04 04:01 UTC, Christer Edwards
koobs: maintainer-approval+
Details
QA (406.13 KB, text/plain)
2016-02-04 04:02 UTC, Christer Edwards
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christer Edwards 2016-02-04 04:01:54 UTC
Created attachment 166532 [details]
patch

https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html

(Note: this release patches CVE-2016-1866)
Comment 1 Christer Edwards 2016-02-04 04:02:27 UTC
Created attachment 166533 [details]
QA
Comment 2 Mark Felder freebsd_committer 2016-02-05 20:27:48 UTC
Thank you Christer!

The CVE fix was already in 2015.8.4, but the regression introduced was pretty bad.

We'll take this forward and MFH so we match upstream.
Comment 3 commit-hook freebsd_committer 2016-02-05 20:47:25 UTC
A commit references this bug:

Author: junovitch
Date: Fri Feb  5 20:47:02 UTC 2016
New revision: 408268
URL: https://svnweb.freebsd.org/changeset/ports/408268

Log:
  sysutils/py-salt: update 2015.8.4 -> 2015.8.5

  Note that 2015.8.4 resolved CVE-2016-1866 but introduced a bug that broke a
  lot of Salt functionality. This update is functionally equivalent to the
  current patched 2015.8.4_1 port but brings us back in line with upstream.

  PR:		206906
  Submitted by:	Christer Edwards <christer.edwards@gmail.com>
  MFH:		2016Q1

Changes:
  head/sysutils/py-salt/Makefile
  head/sysutils/py-salt/distinfo
  head/sysutils/py-salt/files/patch-salt_state.py
Comment 4 commit-hook freebsd_committer 2016-02-05 21:00:27 UTC
A commit references this bug:

Author: junovitch
Date: Fri Feb  5 21:00:01 UTC 2016
New revision: 408269
URL: https://svnweb.freebsd.org/changeset/ports/408269

Log:
  MFH: r408268

  sysutils/py-salt: update 2015.8.4 -> 2015.8.5

  Note that 2015.8.4 resolved CVE-2016-1866 but introduced a bug that broke a
  lot of Salt functionality. This update is functionally equivalent to the
  current patched 2015.8.4_1 port but brings us back in line with upstream.

  PR:		206906
  Submitted by:	Christer Edwards <christer.edwards@gmail.com>
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/sysutils/py-salt/Makefile
  branches/2016Q1/sysutils/py-salt/distinfo
  branches/2016Q1/sysutils/py-salt/files/patch-salt_state.py
Comment 5 Jason Unovitch freebsd_committer 2016-02-05 21:01:35 UTC
Christer, thanks again!

Committed and MFH'd!