Created attachment 166532 [details] patch https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html (Note: this release patches CVE-2016-1866)
Created attachment 166533 [details] QA
Thank you Christer! The CVE fix was already in 2015.8.4, but the regression introduced was pretty bad. We'll take this forward and MFH so we match upstream.
A commit references this bug: Author: junovitch Date: Fri Feb 5 20:47:02 UTC 2016 New revision: 408268 URL: https://svnweb.freebsd.org/changeset/ports/408268 Log: sysutils/py-salt: update 2015.8.4 -> 2015.8.5 Note that 2015.8.4 resolved CVE-2016-1866 but introduced a bug that broke a lot of Salt functionality. This update is functionally equivalent to the current patched 2015.8.4_1 port but brings us back in line with upstream. PR: 206906 Submitted by: Christer Edwards <christer.edwards@gmail.com> MFH: 2016Q1 Changes: head/sysutils/py-salt/Makefile head/sysutils/py-salt/distinfo head/sysutils/py-salt/files/patch-salt_state.py
A commit references this bug: Author: junovitch Date: Fri Feb 5 21:00:01 UTC 2016 New revision: 408269 URL: https://svnweb.freebsd.org/changeset/ports/408269 Log: MFH: r408268 sysutils/py-salt: update 2015.8.4 -> 2015.8.5 Note that 2015.8.4 resolved CVE-2016-1866 but introduced a bug that broke a lot of Salt functionality. This update is functionally equivalent to the current patched 2015.8.4_1 port but brings us back in line with upstream. PR: 206906 Submitted by: Christer Edwards <christer.edwards@gmail.com> Approved by: ports-secteam (feld) Changes: _U branches/2016Q1/ branches/2016Q1/sysutils/py-salt/Makefile branches/2016Q1/sysutils/py-salt/distinfo branches/2016Q1/sysutils/py-salt/files/patch-salt_state.py
Christer, thanks again! Committed and MFH'd!