From 24e47d966b26631fa9e84ed39fad83d496c6952be8b7b25fff6834a50557e738 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?= Date: Fri, 6 Nov 2020 10:10:40 +0000 Subject: [PATCH] osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:365 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=177 --- _lastrevision | 2 +- salt.changes | 8 +++++ salt.spec | 3 ++ ...or-salt-ssh-keys-to-empty-string-293.patch | 31 +++++++++++++++++++ 4 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch diff --git a/_lastrevision b/_lastrevision index 1f57267..1f5953f 100644 --- a/_lastrevision +++ b/_lastrevision @@ -1 +1 @@ -620b5f043062d74c4955be7609dc855696c0ca05 \ No newline at end of file +24bd64b440c2c3f0f154a1b7f7216de20dc07df8 \ No newline at end of file diff --git a/salt.changes b/salt.changes index 961bf41..1d28930 100644 --- a/salt.changes +++ b/salt.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Nov 6 09:19:22 UTC 2020 - Pablo Suárez Hernández + +- Set passphrase for salt-ssh keys to empty string (bsc#1178485) + +- Added: + * set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch + ------------------------------------------------------------------- Wed Nov 4 10:54:32 UTC 2020 - Pablo Suárez Hernández diff --git a/salt.spec b/salt.spec index c426c77..8a28880 100644 --- a/salt.spec +++ b/salt.spec @@ -369,6 +369,8 @@ Patch141: path-replace-functools.wraps-with-six.wraps-bsc-1177.patch Patch142: fix-novendorchange-option-284.patch # PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/58871 Patch143: fix-cve-2020-25592-and-add-tests-bsc-1178319.patch +# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/293 +Patch144: set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: logrotate @@ -1019,6 +1021,7 @@ cp %{S:5} ./.travis.yml %patch141 -p1 %patch142 -p1 %patch143 -p1 +%patch144 -p1 %build # Putting /usr/bin at the front of $PATH is needed for RHEL/RES 7. Without this diff --git a/set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch b/set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch new file mode 100644 index 0000000..884eb1a --- /dev/null +++ b/set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch @@ -0,0 +1,31 @@ +From 677b7a8881a2e9ebab58cead29b1a6d83850c888 Mon Sep 17 00:00:00 2001 +From: Alexander Graul +Date: Thu, 5 Nov 2020 16:54:44 +0100 +Subject: [PATCH] Set passphrase for salt-ssh keys to empty string + (#293) + +Since the cmd is not passed to a shell anymore, the "" are taken +literally and not as an empty string. + +Bugzilla report: https://bugzilla.suse.com/show_bug.cgi?id=1178485 +--- + salt/client/ssh/shell.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/salt/client/ssh/shell.py b/salt/client/ssh/shell.py +index 27aba7b382..27ab9f4f1b 100644 +--- a/salt/client/ssh/shell.py ++++ b/salt/client/ssh/shell.py +@@ -44,7 +44,7 @@ def gen_key(path): + ''' + Generate a key for use with salt-ssh + ''' +- cmd = ["ssh-keygen", "-P", '""', "-f", path, "-t", "rsa", "-q"] ++ cmd = ["ssh-keygen", "-P", "", "-f", path, "-t", "rsa", "-q"] + if not os.path.isdir(os.path.dirname(path)): + os.makedirs(os.path.dirname(path)) + subprocess.call(cmd) +-- +2.28.0 + +