From acf30df65831b3b675532050be83c83e042b71ea Mon Sep 17 00:00:00 2001 From: Ben Woods Date: Tue, 22 Aug 2017 23:02:21 +0000 Subject: [PATCH] Update sysutils/py-salt to 2017.7.1 - Includes fix for security vulnerability CVE-2017-12791 - Include patch to fix bug in the freebsdservice module [1] - Add TCP transport option - Clarify the port options for transports only install the runtime dependencies - Add note to pkg-message explaining how to change to non-default transports - Change supported python releases to exclude 2.6 and allow python3 [2] - Only depend on py-enum34 if python version is < 3.4 (included in python >= 3.4) - Reorder Makefile to move OPTIONS after USES/USE/standard variables [3] - Ensure Makefile lists are sorted alphabetically [1] https://github.com/saltstack/salt/issues/36675#issuecomment-323586323 [2] https://docs.saltstack.com/en/latest/topics/releases/2017.7.0.html#python-3 [3] https://www.freebsd.org/doc/en/books/porters-handbook/porting-order.html Changes this release: https://docs.saltstack.com/en/latest/topics/releases/2017.7.0.html https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html PR: 220869 Reported by: Christer Edwards (maintainer) Approved by: Christer Edwards (maintainer) Security: CVE-2017-12791 Security: https://vuxml.freebsd.org/freebsd/3531141d-a708-477c-954a-2a0549e49ca9.html --- sysutils/py-salt/Makefile | 62 +++++++++++-------- sysutils/py-salt/distinfo | 6 +- .../patch-salt_modules_freebsdservice.py | 18 ++++++ sysutils/py-salt/files/pkg-message.in | 9 +++ 4 files changed, 65 insertions(+), 30 deletions(-) create mode 100644 sysutils/py-salt/files/patch-salt_modules_freebsdservice.py diff --git a/sysutils/py-salt/Makefile b/sysutils/py-salt/Makefile index e7aab640254e..d24421310531 100644 --- a/sysutils/py-salt/Makefile +++ b/sysutils/py-salt/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= salt -PORTVERSION= 2016.11.6 -PORTREVISION= 1 +PORTVERSION= 2017.7.1 CATEGORIES= sysutils python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -14,33 +13,18 @@ COMMENT= Distributed remote execution and configuration management system LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml \ - ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2 \ - ${PYTHON_PKGNAMEPREFIX}msgpack-python>=0.3:devel/py-msgpack-python \ - ${PYTHON_PKGNAMEPREFIX}libcloud>=0.14.0:net/py-libcloud \ - ${PYTHON_PKGNAMEPREFIX}botocore>0:devel/py-botocore \ +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2 \ ${PYTHON_PKGNAMEPREFIX}MarkupSafe>0:textproc/py-MarkupSafe \ - ${PYTHON_PKGNAMEPREFIX}requests>=1.0.0:www/py-requests \ - ${PYTHON_PKGNAMEPREFIX}enum34>0:devel/py-enum34 \ - ${PYTHON_PKGNAMEPREFIX}progressbar>0:misc/py-progressbar \ + ${PYTHON_PKGNAMEPREFIX}botocore>0:devel/py-botocore \ ${PYTHON_PKGNAMEPREFIX}futures>=2.0:devel/py-futures \ - ${PYTHON_PKGNAMEPREFIX}tornado>=4.2.1:www/py-tornado + ${PYTHON_PKGNAMEPREFIX}libcloud>=0.14.0:net/py-libcloud \ + ${PYTHON_PKGNAMEPREFIX}msgpack-python>=0.3:devel/py-msgpack-python \ + ${PYTHON_PKGNAMEPREFIX}progressbar>0:misc/py-progressbar \ + ${PYTHON_PKGNAMEPREFIX}requests>=1.0.0:www/py-requests \ + ${PYTHON_PKGNAMEPREFIX}tornado>=4.2.1:www/py-tornado \ + ${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml -OPTIONS_DEFINE= ZEROMQ RAET -OPTIONS_DEFAULT= ZEROMQ - -ZEROMQ_DESC= Enable ZeroMQ transport -RAET_DESC= Enable RAET transport - -ZEROMQ_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pyzmq>=2.2.0:net/py-pyzmq -ZEROMQ_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pyzmq>=2.2.0:net/py-pyzmq \ - ${PYTHON_PKGNAMEPREFIX}pycrypto>=2.6.1:security/py-pycrypto - -RAET_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}libnacl>=1.0.0:security/py-libnacl \ - ${PYTHON_PKGNAMEPREFIX}ioflo>=1.1.7:devel/py-ioflo \ - ${PYTHON_PKGNAMEPREFIX}raet>=0.6.0:net/py-raet - -USES= cpe python:2 +USES= cpe python:2.7+ CPE_VENDOR= saltstack CPE_PRODUCT= salt USE_PYTHON= autoplist distutils @@ -71,6 +55,30 @@ SUB_LIST+= PYTHON_CMD=${PYTHON_CMD} SUB_FILES= pkg-message +OPTIONS_DEFINE= RAET TCP ZEROMQ +OPTIONS_DEFAULT=ZEROMQ + +RAET_DESC= Install dependencies required for RAET transport +TCP_DESC= Install dependencies required for TCP transport +ZEROMQ_DESC= Install dependencies required for ZeroMQ transport + +RAET_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}libnacl>=1.0.0:security/py-libnacl \ + ${PYTHON_PKGNAMEPREFIX}ioflo>=1.1.7:devel/py-ioflo \ + ${PYTHON_PKGNAMEPREFIX}raet>=0.6.0:net/py-raet + +TCP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pycrypto>=2.6.1:security/py-pycrypto + +ZEROMQ_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pyzmq>=2.2.0:net/py-pyzmq +ZEROMQ_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pyzmq>=2.2.0:net/py-pyzmq \ + ${PYTHON_PKGNAMEPREFIX}pycrypto>=2.6.1:security/py-pycrypto + +.include + +# Python 2.7-3.3 require enum34, unnecessary for Python 3.4+ +.if ${PYTHON_REL} < 3400 +RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}enum34>0:devel/py-enum34 +.endif + post-patch: .for file in conf/minion conf/master doc/man/salt-key.1 \ doc/man/salt-cp.1 doc/man/salt-minion.1 doc/man/salt-syndic.1 \ @@ -89,4 +97,4 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/conf/master ${STAGEDIR}${ETCDIR}/master.sample ${INSTALL_DATA} ${WRKSRC}/conf/minion ${STAGEDIR}${ETCDIR}/minion.sample -.include +.include diff --git a/sysutils/py-salt/distinfo b/sysutils/py-salt/distinfo index 4563a1e2f09d..2344c6820b2c 100644 --- a/sysutils/py-salt/distinfo +++ b/sysutils/py-salt/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1499072109 -SHA256 (salt-2016.11.6.tar.gz) = 9031af68d31d0416fe3161526ef122a763afc6182bd63fe48b6c4d0a16a0703a -SIZE (salt-2016.11.6.tar.gz) = 9410028 +TIMESTAMP = 1503211965 +SHA256 (salt-2017.7.1.tar.gz) = fe868415d0e1162157186f4c5263e9af902b0571870ad2da210e7edf5ff5331d +SIZE (salt-2017.7.1.tar.gz) = 11408839 diff --git a/sysutils/py-salt/files/patch-salt_modules_freebsdservice.py b/sysutils/py-salt/files/patch-salt_modules_freebsdservice.py new file mode 100644 index 000000000000..d6a019a3c598 --- /dev/null +++ b/sysutils/py-salt/files/patch-salt_modules_freebsdservice.py @@ -0,0 +1,18 @@ +--- salt/modules/freebsdservice.py.orig 2017-08-15 15:26:36 UTC ++++ salt/modules/freebsdservice.py +@@ -16,7 +16,6 @@ import os + + # Import salt libs + import salt.utils +-import salt.utils.decorators as decorators + from salt.exceptions import CommandNotFoundError + + __func_alias__ = { +@@ -39,7 +38,6 @@ def __virtual__(): + return (False, 'The freebsdservice execution module cannot be loaded: only available on FreeBSD systems.') + + +-@decorators.memoize + def _cmd(jail=None): + ''' + Return full path to service command diff --git a/sysutils/py-salt/files/pkg-message.in b/sysutils/py-salt/files/pkg-message.in index c5cd25c792aa..4aedb8e3c137 100644 --- a/sysutils/py-salt/files/pkg-message.in +++ b/sysutils/py-salt/files/pkg-message.in @@ -23,5 +23,14 @@ To configure a Salt Proxy Minion, do the following: o sysrc salt_proxy_list="" o Update the salt_proxy_list with the proxy minion name(s) +--------------------------------------------------------------------------------------------------- + +To change the Transport method from the default option of Zeromq to either TCP or RAET: + + o Re-build the port with the desired options enabled to install the correct runtime dependencies + o Ensure the master and minions all have salt installed with these same options and dependencies + o Add the line 'transport: [tcp|raet]' to both the master and minion configuration files + o Restart salt on the master and minions + ===================================================================================================