diff --git a/3002-set-distro-requirement-to-oldest-supported-vers.patch b/3002-set-distro-requirement-to-oldest-supported-vers.patch new file mode 100644 index 0000000..6177596 --- /dev/null +++ b/3002-set-distro-requirement-to-oldest-supported-vers.patch @@ -0,0 +1,48 @@ +From ffe924ef060a9b9540a4dcd117e045eaefa62513 Mon Sep 17 00:00:00 2001 +From: Alexander Graul +Date: Tue, 9 Mar 2021 13:46:03 +0100 +Subject: [PATCH] 3002: Set distro requirement to oldest supported + version (#327) + +In the released Salt packages, python3-distro is taken from the +officially repositories on supported operating systems. The oldest +supported python3-distro version is 1.0.1 in Ubuntu18.04 universe and +Debian 9. FreeBSD is an exception and requires 1.3.0. +The mismatch between the version specified in requirements/base.txt and +what is actually used by the released packages can be confusing. + +(cherry picked from commit 5c9c0ab9cdf2bf67bfdd259b53aa15297d1656ce) +(cherry picked from commit 0ff35358f79e9df8b06fb345fd79c1d22ed91179) + +Co-authored-by: Pedro Algarvio +--- + requirements/base.txt | 2 +- + requirements/static/pkg/freebsd.in | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/requirements/base.txt b/requirements/base.txt +index ffe4bc98f1..6af972bd1b 100644 +--- a/requirements/base.txt ++++ b/requirements/base.txt +@@ -3,7 +3,7 @@ msgpack>=0.5,!=0.5.5 + PyYAML + MarkupSafe + requests>=1.0.0 +-distro>=1.5 ++distro>=1.0.1 + # Requirements for Tornado 4.5.3 (vendored as salt.ext.tornado) + singledispatch==3.4.0.3; python_version < '3.4' + # Required by Tornado to handle threads stuff. +diff --git a/requirements/static/pkg/freebsd.in b/requirements/static/pkg/freebsd.in +index 879a378822..7cfa3dcce8 100644 +--- a/requirements/static/pkg/freebsd.in ++++ b/requirements/static/pkg/freebsd.in +@@ -8,3 +8,4 @@ python-dateutil>=2.8.0 + python-gnupg>=0.4.4 + setproctitle>=1.1.10 + timelib>=0.2.5 ++distro>=1.3.0 +-- +2.30.1 + + diff --git a/_lastrevision b/_lastrevision index b034e46..922d560 100644 --- a/_lastrevision +++ b/_lastrevision @@ -1 +1 @@ -20438f0fbeca551fd5a04babf1a686a5455c2ce3 \ No newline at end of file +68bd2c45e40cf64ac426a7e5833daa076ab10cfe \ No newline at end of file diff --git a/do-not-monkey-patch-yaml-bsc-1177474.patch b/do-not-monkey-patch-yaml-bsc-1177474.patch new file mode 100644 index 0000000..56ca8e6 --- /dev/null +++ b/do-not-monkey-patch-yaml-bsc-1177474.patch @@ -0,0 +1,153 @@ +From 8eaeb751d4077d6514577b53a9dbe23df231018e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?= + +Date: Mon, 8 Mar 2021 12:35:14 +0000 +Subject: [PATCH] Do not monkey patch yaml (bsc#1177474) + +Add changelog file + +Add suggestions by pre-commit + +Add unit test to check for monkey patching +--- + changelog/57995.fixed | 1 + + salt/utils/yamlloader.py | 28 ++++++++++------------------ + tests/unit/utils/test_yamlloader.py | 6 +++++- + 3 files changed, 16 insertions(+), 19 deletions(-) + create mode 100644 changelog/57995.fixed + +diff --git a/changelog/57995.fixed b/changelog/57995.fixed +new file mode 100644 +index 0000000000..78f2cd1fa4 +--- /dev/null ++++ b/changelog/57995.fixed +@@ -0,0 +1 @@ ++Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules +diff --git a/salt/utils/yamlloader.py b/salt/utils/yamlloader.py +index e9d80fc4ad..f98fdcb0e9 100644 +--- a/salt/utils/yamlloader.py ++++ b/salt/utils/yamlloader.py +@@ -1,10 +1,7 @@ +-# -*- coding: utf-8 -*- + """ + Custom YAML loading in Salt + """ + +-# Import python libs +-from __future__ import absolute_import, print_function, unicode_literals + + import warnings + +@@ -13,13 +10,8 @@ import yaml # pylint: disable=blacklisted-import + from yaml.constructor import ConstructorError + from yaml.nodes import MappingNode, SequenceNode + +-try: +- yaml.Loader = yaml.CLoader +- yaml.Dumper = yaml.CDumper +- yaml.SafeLoader = yaml.CSafeLoader +- yaml.SafeDumper = yaml.CSafeDumper +-except Exception: # pylint: disable=broad-except +- pass ++# prefer C bindings over python when available ++BaseLoader = getattr(yaml, "CSafeLoader", yaml.SafeLoader) + + + __all__ = ["SaltYamlSafeLoader", "load", "safe_load"] +@@ -35,7 +27,7 @@ warnings.simplefilter("always", category=DuplicateKeyWarning) + + + # with code integrated from https://gist.github.com/844388 +-class SaltYamlSafeLoader(yaml.SafeLoader): ++class SaltYamlSafeLoader(BaseLoader): + """ + Create a custom YAML loader that uses the custom constructor. This allows + for the YAML loading defaults to be manipulated based on needs within salt +@@ -43,7 +35,7 @@ class SaltYamlSafeLoader(yaml.SafeLoader): + """ + + def __init__(self, stream, dictclass=dict): +- super(SaltYamlSafeLoader, self).__init__(stream) ++ super().__init__(stream) + if dictclass is not dict: + # then assume ordered dict and use it for both !map and !omap + self.add_constructor("tag:yaml.org,2002:map", type(self).construct_yaml_map) +@@ -74,7 +66,7 @@ class SaltYamlSafeLoader(yaml.SafeLoader): + raise ConstructorError( + None, + None, +- "expected a mapping node, but found {0}".format(node.id), ++ "expected a mapping node, but found {}".format(node.id), + node.start_mark, + ) + +@@ -90,7 +82,7 @@ class SaltYamlSafeLoader(yaml.SafeLoader): + raise ConstructorError( + context, + node.start_mark, +- "found unacceptable key {0}".format(key_node.value), ++ "found unacceptable key {}".format(key_node.value), + key_node.start_mark, + ) + value = self.construct_object(value_node, deep=deep) +@@ -98,7 +90,7 @@ class SaltYamlSafeLoader(yaml.SafeLoader): + raise ConstructorError( + context, + node.start_mark, +- "found conflicting ID '{0}'".format(key), ++ "found conflicting ID '{}'".format(key), + key_node.start_mark, + ) + mapping[key] = value +@@ -118,7 +110,7 @@ class SaltYamlSafeLoader(yaml.SafeLoader): + # an empty string. Change it to '0'. + if node.value == "": + node.value = "0" +- return super(SaltYamlSafeLoader, self).construct_scalar(node) ++ return super().construct_scalar(node) + + def construct_yaml_str(self, node): + value = self.construct_scalar(node) +@@ -142,7 +134,7 @@ class SaltYamlSafeLoader(yaml.SafeLoader): + raise ConstructorError( + "while constructing a mapping", + node.start_mark, +- "expected a mapping for merging, but found {0}".format( ++ "expected a mapping for merging, but found {}".format( + subnode.id + ), + subnode.start_mark, +@@ -156,7 +148,7 @@ class SaltYamlSafeLoader(yaml.SafeLoader): + raise ConstructorError( + "while constructing a mapping", + node.start_mark, +- "expected a mapping or list of mappings for merging, but found {0}".format( ++ "expected a mapping or list of mappings for merging, but found {}".format( + value_node.id + ), + value_node.start_mark, +diff --git a/tests/unit/utils/test_yamlloader.py b/tests/unit/utils/test_yamlloader.py +index a1e17af760..3f2e4403ba 100644 +--- a/tests/unit/utils/test_yamlloader.py ++++ b/tests/unit/utils/test_yamlloader.py +@@ -13,7 +13,7 @@ import salt.utils.files + + # Import 3rd-party libs + from salt.ext import six +-from salt.utils.yamlloader import SaltYamlSafeLoader ++from salt.utils.yamlloader import SaltYamlSafeLoader, yaml + from tests.support.mock import mock_open, patch + + # Import Salt Testing Libs +@@ -177,3 +177,7 @@ class YamlLoaderTestCase(TestCase): + ), + {"foo": {"b": {"foo": "bar", "one": 1, "list": [1, "two", 3]}}}, + ) ++ ++ def test_not_yaml_monkey_patching(self): ++ if hasattr(yaml, "CSafeLoader"): ++ assert yaml.SafeLoader != yaml.CSafeLoader +-- +2.30.1 + + diff --git a/prevent-race-condition-on-sigterm-for-the-minion-bsc.patch b/prevent-race-condition-on-sigterm-for-the-minion-bsc.patch new file mode 100644 index 0000000..08551f6 --- /dev/null +++ b/prevent-race-condition-on-sigterm-for-the-minion-bsc.patch @@ -0,0 +1,99 @@ +From 30fa660f0f6a9a3e5709e4fd0773e43248018726 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?= + +Date: Tue, 19 Jan 2021 09:23:44 +0000 +Subject: [PATCH] Prevent race condition on SIGTERM for the minion + (bsc#1172110) + +Prevent race condition when handling signals by CLI clients + +Add test case to cover destroy race condition for minion module_refresh +--- + salt/loader.py | 17 +++++++++++------ + salt/minion.py | 2 ++ + tests/unit/test_minion.py | 27 +++++++++++++++++++++++++++ + 3 files changed, 40 insertions(+), 6 deletions(-) + +diff --git a/salt/loader.py b/salt/loader.py +index 7b42b6b0d6..02446b5ee1 100644 +--- a/salt/loader.py ++++ b/salt/loader.py +@@ -1737,12 +1737,17 @@ class LazyLoader(salt.utils.lazy.LazyDict): + except Exception: # pylint: disable=broad-except + pass + else: +- tgt_fn = os.path.join("salt", "utils", "process.py") +- if fn_.endswith(tgt_fn) and "_handle_signals" in caller: +- # Race conditon, SIGTERM or SIGINT received while loader +- # was in process of loading a module. Call sys.exit to +- # ensure that the process is killed. +- sys.exit(salt.defaults.exitcodes.EX_OK) ++ tgt_fns = [ ++ os.path.join("salt", "utils", "process.py"), ++ os.path.join("salt", "cli", "daemons.py"), ++ os.path.join("salt", "cli", "api.py"), ++ ] ++ for tgt_fn in tgt_fns: ++ if fn_.endswith(tgt_fn) and "_handle_signals" in caller: ++ # Race conditon, SIGTERM or SIGINT received while loader ++ # was in process of loading a module. Call sys.exit to ++ # ensure that the process is killed. ++ sys.exit(salt.defaults.exitcodes.EX_OK) + log.error( + "Failed to import %s %s as the module called exit()\n", + self.tag, +diff --git a/salt/minion.py b/salt/minion.py +index dacff1e0a9..6bfac076eb 100644 +--- a/salt/minion.py ++++ b/salt/minion.py +@@ -2385,6 +2385,8 @@ class Minion(MinionBase): + """ + Refresh the functions and returners. + """ ++ if not hasattr(self, "schedule"): ++ return + log.debug("Refreshing modules. Notify=%s", notify) + self.functions, self.returners, _, self.executors = self._load_modules( + force_refresh, notify=notify +diff --git a/tests/unit/test_minion.py b/tests/unit/test_minion.py +index 36c88819f4..9b31d011ec 100644 +--- a/tests/unit/test_minion.py ++++ b/tests/unit/test_minion.py +@@ -392,6 +392,33 @@ class MinionTestCase(TestCase, AdaptedConfigurationTestCaseMixin): + finally: + minion.destroy() + ++ def test_minion_module_refresh(self): ++ """ ++ Tests that the 'module_refresh' just return in case there is no 'schedule' ++ because destroy method was already called. ++ """ ++ with patch("salt.minion.Minion.ctx", MagicMock(return_value={})), patch( ++ "salt.utils.process.SignalHandlingProcess.start", ++ MagicMock(return_value=True), ++ ), patch( ++ "salt.utils.process.SignalHandlingProcess.join", ++ MagicMock(return_value=True), ++ ): ++ try: ++ mock_opts = salt.config.DEFAULT_MINION_OPTS.copy() ++ minion = salt.minion.Minion( ++ mock_opts, io_loop=salt.ext.tornado.ioloop.IOLoop(), ++ ) ++ minion.schedule = salt.utils.schedule.Schedule( ++ mock_opts, {}, returners={} ++ ) ++ self.assertTrue(hasattr(minion, "schedule")) ++ minion.destroy() ++ self.assertTrue(not hasattr(minion, "schedule")) ++ self.assertTrue(not minion.module_refresh()) ++ finally: ++ minion.destroy() ++ + @slowTest + def test_when_ping_interval_is_set_the_callback_should_be_added_to_periodic_callbacks( + self, +-- +2.30.1 + + diff --git a/salt.changes b/salt.changes index 7c77be2..e146fbd 100644 --- a/salt.changes +++ b/salt.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Wed Mar 10 08:42:54 UTC 2021 - Pablo Suárez Hernández + +- virt.network_update: handle missing ipv4 netmask attribute + +- Added: + * virt.network_update-handle-missing-ipv4-netmask-attr.patch + +------------------------------------------------------------------- +Tue Mar 9 14:34:29 UTC 2021 - Alexander Graul + +- Set distro requirement to oldest supported version in requirements/base.txt + +- Added: + * 3002-set-distro-requirement-to-oldest-supported-vers.patch + +------------------------------------------------------------------- +Tue Mar 9 09:00:08 UTC 2021 - Pablo Suárez Hernández + +- Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) +- Don't require python3-certifi + +- Added: + * do-not-monkey-patch-yaml-bsc-1177474.patch + +------------------------------------------------------------------- +Wed Mar 3 09:32:53 UTC 2021 - Pablo Suárez Hernández + +- Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) + +- Added: + * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch + ------------------------------------------------------------------- Mon Mar 1 11:21:01 UTC 2021 - Alexander Graul @@ -345,7 +378,7 @@ Tue Nov 10 15:43:09 UTC 2020 - Jochen Breuer ------------------------------------------------------------------- Tue Nov 10 15:09:16 UTC 2020 - Jochen Breuer -- Master can read grains +- Master can read grains (bsc#1179696) - Added: * grains-master-can-read-grains.patch diff --git a/salt.spec b/salt.spec index a805ac5..60d08cc 100644 --- a/salt.spec +++ b/salt.spec @@ -373,6 +373,14 @@ Patch155: fix-for-some-cves-bsc1181550.patch Patch156: allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch # PATCH-FIX_UPSTREAM: no PR to link to yet Patch157: fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch +# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/59524 +Patch158: prevent-race-condition-on-sigterm-for-the-minion-bsc.patch +# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/59746 +Patch159: do-not-monkey-patch-yaml-bsc-1177474.patch +# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/59536 +Patch160: 3002-set-distro-requirement-to-oldest-supported-vers.patch +# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/59693 +Patch161: virt.network_update-handle-missing-ipv4-netmask-attr.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: logrotate @@ -500,7 +508,6 @@ Requires: platform-python %else Requires: python3 %endif -Requires: python3-certifi # requirements/base.txt %if 0%{?rhel} || 0%{?fedora} Requires: python3-jinja2 @@ -926,6 +933,10 @@ cp %{S:5} ./.travis.yml %patch155 -p1 %patch156 -p1 %patch157 -p1 +%patch158 -p1 +%patch159 -p1 +%patch160 -p1 +%patch161 -p1 %build # Putting /usr/bin at the front of $PATH is needed for RHEL/RES 7. Without this diff --git a/virt.network_update-handle-missing-ipv4-netmask-attr.patch b/virt.network_update-handle-missing-ipv4-netmask-attr.patch new file mode 100644 index 0000000..0fbd767 --- /dev/null +++ b/virt.network_update-handle-missing-ipv4-netmask-attr.patch @@ -0,0 +1,76 @@ +From c0a9915e44d4b1cbc09b5d52e7ed41ec7c29abcf Mon Sep 17 00:00:00 2001 +From: Cedric Bosdonnat +Date: Wed, 10 Mar 2021 09:29:12 +0100 +Subject: [PATCH] virt.network_update: handle missing ipv4 netmask + attribute (#328) + +In the libvirt definition, the IPv4 netmask XML attribute may be +replaced by the prefix one. Handle this situation gracefully rather than +miserably failing. +--- + changelog/59692.fixed | 1 + + salt/modules/virt.py | 2 +- + tests/pytests/unit/modules/virt/test_network.py | 13 +++++++++---- + 3 files changed, 11 insertions(+), 5 deletions(-) + create mode 100644 changelog/59692.fixed + +diff --git a/changelog/59692.fixed b/changelog/59692.fixed +new file mode 100644 +index 0000000000..b4f4533ccc +--- /dev/null ++++ b/changelog/59692.fixed +@@ -0,0 +1 @@ ++Don't fail updating network without netmask ip attribute +diff --git a/salt/modules/virt.py b/salt/modules/virt.py +index 35711fcef4..6409089109 100644 +--- a/salt/modules/virt.py ++++ b/salt/modules/virt.py +@@ -7415,7 +7415,7 @@ def network_update( + if node.get("family", "ipv4") == "ipv4" + ] + for ip_node in ipv4_nodes: +- netmask = ip_node.attrib.pop("netmask") ++ netmask = ip_node.attrib.pop("netmask", None) + if netmask: + address = ipaddress.ip_network( + "{}/{}".format(ip_node.get("address"), netmask), strict=False +diff --git a/tests/pytests/unit/modules/virt/test_network.py b/tests/pytests/unit/modules/virt/test_network.py +index 52aadc9519..0def5e5c32 100644 +--- a/tests/pytests/unit/modules/virt/test_network.py ++++ b/tests/pytests/unit/modules/virt/test_network.py +@@ -365,8 +365,11 @@ def test_update_nat_nochange(make_mock_network): + define_mock.assert_not_called() + + +-@pytest.mark.parametrize("test", [True, False]) +-def test_update_nat_change(make_mock_network, test): ++@pytest.mark.parametrize( ++ "test, netmask", ++ [(True, "netmask='255.255.255.0'"), (True, "prefix='24'"), (False, "prefix='24'")], ++) ++def test_update_nat_change(make_mock_network, test, netmask): + """ + Test updating a NAT network with changes + """ +@@ -379,13 +382,15 @@ def test_update_nat_change(make_mock_network, test): + + + +- ++ + + + + + +- """ ++ """.format( ++ netmask ++ ) + ) + assert virt.network_update( + "default", +-- +2.30.1 + +