mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-08-06 05:47:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

community/salt: security upgrade to 2017.7.1 (CVE-2017-12791)

Browse Source 
fixes #7751
This commit is contained in:
Natanael Copa 2017-08-25 22:42:02 +00:00
parent d4f8e1e2bb
commit d64012dbd9
2 changed files with 4 additions and 646 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

641
community/salt/0001-alpine-support.patch
View File

@ -1,641 +0,0 @@
Upstream code not released yet that will happen in next major version - Oxygen?
---
diff --git a/salt/modules/apk.py b/salt/modules/apk.py
new file mode 100644
index 0000000..4c0efe0
--- /dev/null
+++ b/salt/modules/apk.py
@@ -0,0 +1,619 @@
+# -*- coding: utf-8 -*-
+'''
+Support for apk
+
+.. important::
+ If you feel that Salt should be using this module to manage packages on a
+ minion, and it is using a different module (or gives an error similar to
+ *'pkg.install' is not available*), see :ref:`here
+ <module-provider-override>`.
+
+.. versionadded: Nitrogen
+
+'''
+from __future__ import absolute_import
+
+# Import python libs
+import copy
+import logging
+
+# Import salt libs
+import salt.utils
+import salt.utils.itertools
+
+from salt.exceptions import CommandExecutionError
+
+log = logging.getLogger(__name__)
+
+# Define the module's virtual name
+__virtualname__ = 'pkg'
+
+
+def __virtual__():
+ '''
+ Confirm this module is running on an Alpine Linux distribution
+ '''
+ if __grains__.get('os_family', False) == 'Alpine':
+ return __virtualname__
+ return (False, "Module apk only works on Alpine Linux based systems")
+
+#def autoremove(list_only=False, purge=False):
+# return 'Not available'
+#def hold(name=None, pkgs=None, sources=None, **kwargs): # pylint: disable=W0613
+# return 'Not available'
+#def unhold(name=None, pkgs=None, sources=None, **kwargs): # pylint: disable=W0613
+# return 'Not available'
+#def upgrade_available(name):
+# return 'Not available'
+#def version_cmp(pkg1, pkg2, ignore_epoch=False):
+# return 'Not available'
+#def list_repos():
+# return 'Not available'
+#def get_repo(repo, **kwargs):
+# return 'Not available'
+#def del_repo(repo, **kwargs):
+# return 'Not available'
+#def del_repo_key(name=None, **kwargs):
+# return 'Not available'
+#def mod_repo(repo, saltenv='base', **kwargs):
+# return 'Not available'
+#def expand_repo_def(**kwargs):
+# return 'Not available'
+#def get_selections(pattern=None, state=None):
+# return 'Not available'
+#def set_selections(path=None, selection=None, clear=False, saltenv='base'):
+# return 'Not available'
+#def info_installed(*names):
+# return 'Not available'
+
+
+def version(*names, **kwargs):
+ '''
+ Returns a string representing the package version or an empty string if not
+ installed. If more than one package name is specified, a dict of
+ name/version pairs is returned.
+
+ CLI Example:
+
+ .. code-block:: bash
+
+ salt '*' pkg.version <package name>
+ salt '*' pkg.version <package1> <package2> <package3> ...
+ '''
+ return __salt__['pkg_resource.version'](*names, **kwargs)
+
+
+def refresh_db():
+ '''
+ Updates the package list
+
+ - ``True``: Database updated successfully
+ - ``False``: Problem updating database
+
+ CLI Example:
+
+ .. code-block:: bash
+
+ salt '*' pkg.refresh_db
+ '''
+ ret = {}
+ cmd = ['apk', 'update']
+ call = __salt__['cmd.run_all'](cmd,
+ output_loglevel='trace',
+ python_shell=False)
+ if call['retcode'] == 0:
+ errors = []
+ ret = True
+ else:
+ errors = [call['stdout']]
+ ret = False
+
+ if errors:
+ raise CommandExecutionError(
+ 'Problem encountered installing package(s)',
+ info={'errors': errors, 'changes': ret}
+ )
+
+ return ret
+
+
+def list_pkgs(versions_as_list=False, **kwargs):
+ '''
+ List the packages currently installed in a dict::
+
+ {'<package_name>': '<version>'}
+
+ CLI Example:
+
+ .. code-block:: bash
+
+ salt '*' pkg.list_pkgs
+ salt '*' pkg.list_pkgs versions_as_list=True
+ '''
+ versions_as_list = salt.utils.is_true(versions_as_list)
+ # not yet implemented or not applicable
+ if any([salt.utils.is_true(kwargs.get(x))
+ for x in ('removed', 'purge_desired')]):
+ return {}
+
+ if 'pkg.list_pkgs' in __context__:
+ if versions_as_list:
+ return __context__['pkg.list_pkgs']
+ else:
+ ret = copy.deepcopy(__context__['pkg.list_pkgs'])
+ __salt__['pkg_resource.stringify'](ret)
+ return ret
+
+ cmd = ['apk', 'info', '-v']
+ ret = {}
+ out = __salt__['cmd.run'](cmd, output_loglevel='trace', python_shell=False)
+ for line in salt.utils.itertools.split(out, '\n'):
+ pkg_version = '-'.join(line.split('-')[-2:])
+ pkg_name = '-'.join(line.split('-')[:-2])
+ __salt__['pkg_resource.add_pkg'](ret, pkg_name, pkg_version)
+
+ __salt__['pkg_resource.sort_pkglist'](ret)
+ __context__['pkg.list_pkgs'] = copy.deepcopy(ret)
+ if not versions_as_list:
+ __salt__['pkg_resource.stringify'](ret)
+ return ret
+
+
+def latest_version(*names, **kwargs):
+ '''
+ Return the latest version of the named package available for upgrade or
+ installation. If more than one package name is specified, a dict of
+ name/version pairs is returned.
+
+ If the latest version of a given package is already installed, an empty
+ string will be returned for that package.
+
+ CLI Example:
+
+ .. code-block:: bash
+
+ salt '*' pkg.latest_version <package name>
+ salt '*' pkg.latest_version <package name>
+ salt '*' pkg.latest_version <package1> <package2> <package3> ...
+ '''
+ refresh = salt.utils.is_true(kwargs.pop('refresh', True))
+
+ if len(names) == 0:
+ return ''
+
+ ret = {}
+ for name in names:
+ ret[name] = ''
+ pkgs = list_pkgs()
+
+ # Refresh before looking for the latest version available
+ if refresh:
+ refresh_db()
+
+ # Upgrade check
+ cmd = ['apk', 'upgrade', '-s']
+ out = __salt__['cmd.run_stdout'](cmd,
+ output_loglevel='trace',
+ python_shell=False)
+ for line in salt.utils.itertools.split(out, '\n'):
+ try:
+ name = line.split(' ')[2]
+ _oldversion = line.split(' ')[3].strip('(')
+ newversion = line.split(' ')[5].strip(')')
+ if name in names:
+ ret[name] = newversion
+ except (ValueError, IndexError):
+ pass
+
+ # If version is empty, package may not be installed
+ for pkg in ret:
+ if not ret[pkg]:
+ installed = pkgs.get(pkg)
+ cmd = ['apk', 'search', pkg]
+ out = __salt__['cmd.run_stdout'](cmd,
+ output_loglevel='trace',
+ python_shell=False)
+ for line in salt.utils.itertools.split(out, '\n'):
+ try:
+ pkg_version = '-'.join(line.split('-')[-2:])
+ pkg_name = '-'.join(line.split('-')[:-2])
+ if pkg == pkg_name:
+ if installed == pkg_version:
+ ret[pkg] = ''
+ else:
+ ret[pkg] = pkg_version
+ except ValueError:
+ pass
+
+ # Return a string if only one package name passed
+ if len(names) == 1:
+ return ret[names[0]]
+ return ret
+
+
+# TODO: Support specific version installation
+def install(name=None,
+ refresh=False,
+ pkgs=None,
+ sources=None,
+ **kwargs):
+ '''
+ Install the passed package, add refresh=True to update the apk database.
+
+ name
+ The name of the package to be installed. Note that this parameter is
+ ignored if either "pkgs" or "sources" is passed. Additionally, please
+ note that this option can only be used to install packages from a
+ software repository. To install a package file manually, use the
+ "sources" option.
+
+ CLI Example:
+
+ .. code-block:: bash
+
+ salt '*' pkg.install <package name>
+
+ refresh
+ Whether or not to refresh the package database before installing.
+
+
+ Multiple Package Installation Options:
+
+ pkgs
+ A list of packages to install from a software repository. Must be
+ passed as a python list.
+
+ CLI Example:
+
+ .. code-block:: bash
+
+ salt '*' pkg.install pkgs='["foo", "bar"]'
+
+ sources
+ A list of IPK packages to install. Must be passed as a list of dicts,
+ with the keys being package names, and the values being the source URI
+ or local path to the package. Dependencies are automatically resolved
+ and marked as auto-installed.
+
+ CLI Example:
+
+ .. code-block:: bash
+
+ salt '*' pkg.install sources='[{"foo": "salt://foo.deb"},{"bar": "salt://bar.deb"}]'
+
+ install_recommends
+ Whether to install the packages marked as recommended. Default is True.
+
+ Returns a dict containing the new package names and versions::
+
+ {'<package>': {'old': '<old-version>',
+ 'new': '<new-version>'}}
+ '''
+ refreshdb = salt.utils.is_true(refresh)
+ pkg_to_install = []
+
+ old = list_pkgs()
+
+ if name and not (pkgs or sources):
+ if ',' in name:
+ pkg_to_install = name.split(',')
+ else:
+ pkg_to_install = [name]
+
+ if pkgs:
+ # We don't support installing specific version for now
+ # so transform the dict in list ignoring version provided
+ pkgs = [
+ p.keys()[0] for p in pkgs
+ if isinstance(p, dict)
+ ]
+ pkg_to_install.extend(pkgs)
+
+ if not pkg_to_install:
+ return {}
+
+ if refreshdb:
+ refresh_db()
+
+ cmd = ['apk', 'add']
+
+ # Switch in update mode if a package is already installed
+ for _pkg in pkg_to_install:
+ if old.get(_pkg):
+ cmd.append('-u')
+ break
+
+ cmd.extend(pkg_to_install)
+
+ out = __salt__['cmd.run_all'](
+ cmd,
+ output_loglevel='trace',
+ python_shell=False
+ )
+
+ if out['retcode'] != 0 and out['stderr']:
+ errors = [out['stderr']]
+ else:
+ errors = []
+
+ __context__.pop('pkg.list_pkgs', None)
+ new = list_pkgs()
+ ret = salt.utils.compare_dicts(old, new)
+
+ if errors:
+ raise CommandExecutionError(
+ 'Problem encountered installing package(s)',
+ info={'errors': errors, 'changes': ret}
+ )
+
+ return ret
+
+
+def purge(name=None, pkgs=None, **kwargs):
+ '''
+ Alias to remove
+ '''
+ return remove(name=name, pkgs=pkgs, purge=True)
+
+
+def remove(name=None, pkgs=None, purge=False, **kwargs): # pylint: disable=unused-argument
+ '''
+ Remove packages using ``apk del``.
+
+ name
+ The name of the package to be deleted.
+
+
+ Multiple Package Options:
+
+ pkgs
+ A list of packages to delete. Must be passed as a python list. The
+ ``name`` parameter will be ignored if this option is passed.
+
+ Returns a dict containing the changes.
+
+ CLI Example:
+
+ .. code-block:: bash
+
+ salt '*' pkg.remove <package name>
+ salt '*' pkg.remove <package1>,<package2>,<package3>
+ salt '*' pkg.remove pkgs='["foo", "bar"]'
+ '''
+ old = list_pkgs()
+ pkg_to_remove = []
+
+ if name:
+ if ',' in name:
+ pkg_to_remove = name.split(',')
+ else:
+ pkg_to_remove = [name]
+
+ if pkgs:
+ pkg_to_remove.extend(pkgs)
+
+ if not pkg_to_remove:
+ return {}
+
+ if purge:
+ cmd = ['apk', 'del', '--purge']
+ else:
+ cmd = ['apk', 'del']
+
+ cmd.extend(pkg_to_remove)
+
+ out = __salt__['cmd.run_all'](
+ cmd,
+ output_loglevel='trace',
+ python_shell=False
+ )
+ if out['retcode'] != 0 and out['stderr']:
+ errors = [out['stderr']]
+ else:
+ errors = []
+
+ __context__.pop('pkg.list_pkgs', None)
+ new = list_pkgs()
+ ret = salt.utils.compare_dicts(old, new)
+
+ if errors:
+ raise CommandExecutionError(
+ 'Problem encountered removing package(s)',
+ info={'errors': errors, 'changes': ret}
+ )
+
+ return ret
+
+
+def upgrade(name=None, pkgs=None, refresh=True):
+ '''
+ Upgrades all packages via ``apk upgrade`` or a specific package if name or
+ pkgs is specified. Name is ignored if pkgs is specified
+
+ Returns a dict containing the changes.
+
+ {'<package>': {'old': '<old-version>',
+ 'new': '<new-version>'}}
+
+ CLI Example:
+
+ .. code-block:: bash
+
+ salt '*' pkg.upgrade
+ '''
+ ret = {'changes': {},
+ 'result': True,
+ 'comment': '',
+ }
+
+ if salt.utils.is_true(refresh):
+ refresh_db()
+
+ old = list_pkgs()
+
+ pkg_to_upgrade = []
+
+ if name and not pkgs:
+ if ',' in name:
+ pkg_to_upgrade = name.split(',')
+ else:
+ pkg_to_upgrade = [name]
+
+ if pkgs:
+ pkg_to_upgrade.extend(pkgs)
+
+ if pkg_to_upgrade:
+ cmd = ['apk', 'add', '-u']
+ cmd.extend(pkg_to_upgrade)
+ else:
+ cmd = ['apk', 'upgrade']
+
+ call = __salt__['cmd.run_all'](cmd,
+ output_loglevel='trace',
+ python_shell=False,
+ redirect_stderr=True)
+
+ if call['retcode'] != 0:
+ ret['result'] = False
+ if call['stdout']:
+ ret['comment'] = call['stdout']
+
+ __context__.pop('pkg.list_pkgs', None)
+ new = list_pkgs()
+ ret['changes'] = salt.utils.compare_dicts(old, new)
+
+ return ret
+
+
+def list_upgrades(refresh=True):
+ '''
+ List all available package upgrades.
+
+ CLI Example:
+
+ .. code-block:: bash
+
+ salt '*' pkg.list_upgrades
+ '''
+ ret = {}
+ if salt.utils.is_true(refresh):
+ refresh_db()
+
+ cmd = ['apk', 'upgrade', '-s']
+ call = __salt__['cmd.run_all'](cmd,
+ output_loglevel='trace',
+ python_shell=False)
+
+ if call['retcode'] != 0:
+ comment = ''
+ if 'stderr' in call:
+ comment += call['stderr']
+ if 'stdout' in call:
+ comment += call['stdout']
+ raise CommandExecutionError(
+ '{0}'.format(comment)
+ )
+ else:
+ out = call['stdout']
+
+ for line in out.splitlines():
+ if 'Upgrading' in line:
+ name = line.split(' ')[2]
+ _oldversion = line.split(' ')[3].strip('(')
+ newversion = line.split(' ')[5].strip(')')
+ ret[name] = newversion
+
+ return ret
+
+
+def file_list(*packages):
+ '''
+ List the files that belong to a package. Not specifying any packages will
+ return a list of _every_ file on the system's package database (not
+ generally recommended).
+
+ CLI Examples:
+
+ .. code-block:: bash
+
+ salt '*' pkg.file_list httpd
+ salt '*' pkg.file_list httpd postfix
+ salt '*' pkg.file_list
+ '''
+ return file_dict(*packages)
+
+
+def file_dict(*packages):
+ '''
+ List the files that belong to a package, grouped by package. Not
+ specifying any packages will return a list of _every_ file on the system's
+ package database (not generally recommended).
+
+ CLI Examples:
+
+ .. code-block:: bash
+
+ salt '*' pkg.file_list httpd
+ salt '*' pkg.file_list httpd postfix
+ salt '*' pkg.file_list
+ '''
+ errors = []
+ ret = {}
+ cmd_files = ['apk', 'info', '-L']
+
+ if not packages:
+ return 'Package name should be provided'
+
+ for package in packages:
+ files = []
+ cmd = cmd_files[:]
+ cmd.append(package)
+ out = __salt__['cmd.run_all'](cmd,
+ output_loglevel='trace',
+ python_shell=False)
+ for line in out['stdout'].splitlines():
+ if line.endswith('contains:'):
+ continue
+ else:
+ files.append(line)
+ if files:
+ ret[package] = files
+
+ return {'errors': errors, 'packages': ret}
+
+
+def owner(*paths):
+ '''
+ Return the name of the package that owns the file. Multiple file paths can
+ be passed. Like :mod:`pkg.version <salt.modules.apk.version`, if a single
+ path is passed, a string will be returned, and if multiple paths are passed,
+ a dictionary of file/package name pairs will be returned.
+
+ If the file is not owned by a package, or is not present on the minion,
+ then an empty string will be returned for that path.
+
+ CLI Example:
+
+ salt '*' pkg.owns /usr/bin/apachectl
+ salt '*' pkg.owns /usr/bin/apachectl /usr/bin/basename
+ '''
+ if not paths:
+ return 'You must provide a path'
+
+ ret = {}
+ cmd_search = ['apk', 'info', '-W']
+ for path in paths:
+ cmd = cmd_search[:]
+ cmd.append(path)
+ output = __salt__['cmd.run_stdout'](cmd,
+ output_loglevel='trace',
+ python_shell=False)
+ if output:
+ if 'ERROR:' in output:
+ ret[path] = 'Could not find owner package'
+ else:
+ ret[path] = output.split('by ')[1].strip()
+ else:
+ ret[path] = 'Error running {0}'.format(cmd)
+
+ return ret
diff --git a/salt/modules/gentoo_service.py b/salt/modules/gentoo_service.py
index 6345ae3..32dfcde 100644
--- a/salt/modules/gentoo_service.py
+++ b/salt/modules/gentoo_service.py
@@ -31,6 +31,8 @@ def __virtual__():
'''
if __grains__['os'] == 'Gentoo' and not salt.utils.systemd.booted(__context__):
return __virtualname__
+ if __grains__['os'] == 'Alpine':
+ return __virtualname__
return (False, 'The gentoo_service execution module cannot be loaded: '
'only available on Gentoo/Open-RC systems.')

9
community/salt/APKBUILD
View File

@ -2,7 +2,7 @@
# Contributor: Olivier Mauras <olivier@mauras.ch>
# Maintainer: Olivier Mauras <olivier@mauras.ch>
pkgname=salt
pkgver=2016.11.6
pkgver=2017.7.1
pkgrel=0
pkgdesc="A parallel remote execution system"
url="https://github.com/saltstack/salt"
@ -22,7 +22,7 @@ source="$pkgname-$pkgver.tar.gz::https://codeload.github.com/saltstack/$pkgname/
salt-minion.initd
salt-syndic.confd
salt-syndic.initd
0001-alpine-support.patch"
"
builddir="$srcdir/$pkgname-$pkgver"
build() {
@ -110,7 +110,7 @@ _conf_copy() {
cp -r "$builddir"/conf/$type* "$subpkgdir"/etc/salt/
}
sha512sums="2322c08efc32bc1725a0c9b27ce6a2f63de89548716eac7a85d11837b3aae7aecf5888e65f3bd1a04c1b36025fdae63c8a40e40b3ca5c6da612653d941f4a8b9 salt-2016.11.6.tar.gz
sha512sums="f675b5d5f4afa79daf65686bfc6563743183913b0d4cc22ce5220636a4abd62cd3569b7f9e32035afc7132adaba7d9c211d1b03b39227b052c0080dce9d5a915 salt-2017.7.1.tar.gz
975ba2f5e681fbd62045da61cc3dc065b148683a07b5df7eca9f131e47314eb6bfa8660ca1c06a3bd93683c7097d0ff9f8e514273dd24d82fb2de6a255e6b275 salt-api.confd
435d399bfecf431d0c713031e2ae57ce25b5c6edc98b62f33bd7a4ff1c587e3cdeb988445ae0c3e9ffc1911555c3694654d98815f9562b8a14bf0688ec1ebea6 salt-api.initd
cfbbeb8023a383e7c42d84e3346edfd068c9ec7650c4ddc3caa38534da325a67497e1f06ca02cc1f0941b7348a3af6d1dca7cd6f2bcb3612ca10e1ec98997e5a salt-master.confd
@ -118,5 +118,4 @@ cfbbeb8023a383e7c42d84e3346edfd068c9ec7650c4ddc3caa38534da325a67497e1f06ca02cc1f
0051e13351cef8db81dc075a194bb384723f07d5591b5b4d3f3adf4180afaf7beced470ab79ceca9d1ec0dae62dbd72084eb76af009fc78411a011050a94a2ed salt-minion.confd
c6634a592c6f3e65dd2b704cb500486bf8004c5b287d4a4d42b09af36ef129c59d6a89f005af058cf7911e8587d927b3db931186569084f13ebaca56f6ef93a0 salt-minion.initd
bafc6ea10cdafd0aef868feb35aecbe4ae6a7dff0ae42862bded85715ad763eb89e1ed27437866a7e5f2b9f7064e3c2a3fb59814487744ba4227238d95cf3818 salt-syndic.confd
d71133e834685304e0167554035ebbc861252f972bbe981cc71e45b70f15d94a28a02a369463c9a641372919689f96b62a0408b14f824ad986d536e52b1e5ec0 salt-syndic.initd
9af1b09d97d7eabae38b8313240b36e6e959c6dc8f24630f20f0788802740cad5bd6dc8960e0ae98f8b61bb732b4ee7e5a5a20d5f31a072f6323062fe97ddc2a 0001-alpine-support.patch"
d71133e834685304e0167554035ebbc861252f972bbe981cc71e45b70f15d94a28a02a369463c9a641372919689f96b62a0408b14f824ad986d536e52b1e5ec0 salt-syndic.initd"