Salt 3006.3 release notes¶

Fix for assume role when used salt-cloud to create aws ec2. #52501

fixes aptpkg module by checking for blank comps. #58667

wheel.file_roots.find is now able to find files in subdirectories of the roots. #59800

pkg.latest no longer fails when multiple versions are reported to be installed (e.g. updating the kernel) #60931

Do not update the credentials dictionary in utils/aws.py while iterating over it, and use the correct delete functionality #61049

fixed runner not having a proper exit code when runner modules throw an exception. #61173

pip.list_all_versions now works with index_url and extra_index_url #61610

speed up file.recurse by using prefix with cp.list_master_dir and remove an un-needed loop. #61998

Preserve test=True condition while running sub states. #62590

Job returns are only sent to originating master #62834

Fixes an issue with failing subsequent state runs with the lgpo state module. The lgpo.get_polcy function now returns all boolean settings. #63296

Fix SELinux get policy with trailing whitespace #63336

Fixes an issue with boolean settings not being reported after being set. The lgpo.get_polcy function now returns all boolean settings. #63473

Ensure body is returned when salt.utils.http returns something other than 200 with tornado backend. #63557

Allow long running pillar and file client requests to finish using request_channel_timeout and request_channel_tries minion config. #63824

Fix state_queue type checking to allow int values #64122

Call global logger when catching pip.list exceptions in states.pip.installed Rename global logger log to logger inside pip_state #64169

Fixes permissions created by the Debian and RPM packages for the salt user.

The salt user created by the Debian and RPM packages to run the salt-master process, was previously given ownership of various directories in a way which compromised the benefits of running the salt-master process as a non-root user.

This fix sets the salt user to only have write access to those files and directories required for the salt-master process to run. #64193

Fix user.present state when groups is unset to ensure the groups are unchanged, as documented. #64211

Fixes issue with MasterMinion class loading configuration from `/etc/salt/minion.d/*.conf.

The MasterMinion class (used for running orchestraions on master and other functionality) was incorrectly loading configuration from /etc/salt/minion.d/*.conf, when it should only load configuration from /etc/salt/master and /etc/salt/master.d/*.conf. #64219

Fixed issue in mac_user.enable_auto_login that caused the user's keychain to be reset at each boot #64226

Fixed KeyError in logs when running a state that fails. #64231

Fixed x509_v2 create_private_key/create_crl unknown kwargs: __pub_fun... #64232

remove the hard coded python version in error. #64237

salt-pip now properly errors out when being called from a non onedir environment. #64249

Ensure we return an error when adding the key fails in the pkgrepo state for debian hosts. #64253

Fixed file client private attribute reference on SaltMakoTemplateLookup #64280

Fix pkgrepo.absent failures on apt-based systems when repo either a) contains a trailing slash, or b) there is an arch mismatch. #64286

Fix detection of Salt codename by "salt_version" execution module #64306

Ensure selinux values are handled lowercase #64318

Remove the clr.AddReference, it is causing an Illegal characters in path exception #64339

Update pkg.group_installed state to support repo options #64348

Fix salt user login shell path in Debian packages #64377

Allow for multiple user's keys presented when authenticating, for example: root, salt, etc. #64398

Fixed an issue with lgpo_reg where existing entries for the same key in Registry.pol were being overwritten in subsequent runs if the value name in the subesequent run was contained in the existing value name. For example, a key named SetUpdateNotificationLevel would be overwritten by a subsequent run attempting to set UpdateNotificationLevel #64401

Add search for %ProgramData%\Chocolatey\choco.exe to determine if Chocolatey is installed or not #64427

Fix regression for user.present on handling groups with dupe GIDs #64430

Fix inconsistent use of args in ssh_auth.managed #64442

Ensure we raise an error when the name argument is invalid in pkgrepo.managed state for systems using apt. #64451

Fix file.symlink will not replace/update existing symlink #64477

Fixed salt-ssh state.* commands returning retcode 0 when state/pillar rendering fails #64514

Fix pkg.install when using a port in the url. #64516

win_pkg Fixes an issue runing pkg.install with version=latest where the new installer would not be cached if there was already an installer present with the same name. #64519

Added a test:full label in the salt repository, which, when selected, will force a full test run. #64539

Syndic's async_req_channel uses the asynchornous version of request channel #64552

Ensure runners properly save information to job cache. #64570

Added salt.ufw to salt-master install on Debian and Ubuntu #64572

Added support for Chocolatey 2.0.0+ while maintaining support for older versions #64622

Updated semanage fcontext to use --modify if context already exists when adding context #64625

Preserve request client socket between requests. #64627

Show user friendly message when pillars timeout #64651

File client timeouts durring jobs show user friendly errors instead of tracbacks #64653

SaltClientError does not log a traceback on minions, we expect these to happen so a user friendly log is shown. #64729

Look in location salt is running from, this accounts for running from an unpacked onedir file that has not been installed. #64877

Preserve credentials on spawning platforms, minions no longer re-authenticate with every job when using multiprocessing=True. #64914

Fixed uninstaller to not remove the salt directory by default. This allows the extras-3.## folder to persist so salt-pip dependencies are not wiped out during an upgrade. #64957

fix msteams by adding the missing header that Microsoft is now enforcing. #64973

Fix env and improve cache cleaning see more info at pull #65017. #65002

Better error message on inconsistent decoded payload #65020

Handle permissions access error when calling lsb_release with the salt user #65024

Allow schedule state module to update schedule when the minion is offline. #65033

Fixed creation of wildcard DNS in SAN in x509_v2 #65072

The macOS installer no longer removes the extras directory #65073

Upgrade to cryptography==41.0.3(and therefor pyopenssl==23.2.0 due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)

This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre-existing wheels.

Also resolves the following cryptography advisories:

Due to:

• https://github.com/advisories/GHSA-5cpq-8wj7-hf2v

• https://github.com/advisories/GHSA-x4qr-2fvf-3mr5

• https://github.com/advisories/GHSA-w7pp-m8wf-vj6r #64595

Bump to aiohttp==3.8.5 due to https://github.com/advisories/GHSA-45c4-8wx5-qw6w #64687

Bump to certifi==2023.07.22 due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 #64718

Upgrade relenv to 0.13.2 and Python to 3.10.12

Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12 #64719

Update to gitpython>=3.1.32 due to https://github.com/advisories/GHSA-pr76-5cm5-w9cj #64988