Merge branch '2017.7' into 2017.7_add_requisites_to_stateconf

2024-11-08 01:18:58 +00:00 · 2017-10-09 17:15:25 -06:00 · 2017-10-09 17:15:25 -06:00 · 9994c64670
commit 9994c64670
parent 89200ff28e a4358dfa36
5 changed files with 23 additions and 11 deletions
--- a/doc/conf.py
+++ b/doc/conf.py
@ -245,8 +245,8 @@ on_saltstack = 'SALT_ON_SALTSTACK' in os.environ
 project = 'Salt'

 version = salt.version.__version__
-latest_release = '2017.7.1'  # latest release
-previous_release = '2016.11.7'  # latest release from previous branch
+latest_release = '2017.7.2'  # latest release
+previous_release = '2016.11.8'  # latest release from previous branch
 previous_release_dir = '2016.11'  # path on web server for previous branch
 next_release = ''  # next release
 next_release_dir = ''  # path on web server for next release branch
--- a/doc/topics/releases/2017.7.2.rst
+++ b/doc/topics/releases/2017.7.2.rst
@ -7,6 +7,13 @@ Version 2017.7.2 is a bugfix release for :ref:`2017.7.0 <release-2017-7-0>`.
 Changes for v2017.7.1..v2017.7.2
 --------------------------------

+Security Fix
+============
+
+CVE-2017-14695 Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)
+
+CVE-2017-14696 Remote Denial of Service with a specially crafted authentication request. Credit for discovering the security flaw goes to: Julian Brost (julian@0x4a42.net)
+
 Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):

 *Generated at: 2017-09-26T21:06:19Z*
--- a/salt/cloud/init.py
+++ b/salt/cloud/init.py
@ -234,7 +234,7 @@ class CloudClient(object):
                         if a.get('provider', '')]
            if providers:
                _providers = opts.get('providers', {})
-                for provider in list(_providers):
+                for provider in list(_providers).copy():
                    if provider not in providers:
                        _providers.pop(provider)
        return opts
--- a/salt/fileclient.py
+++ b/salt/fileclient.py
@ -623,10 +623,11 @@ class Client(object):
                if write_body[1] is not False and write_body[2] is None:
                    if not hdr.strip() and 'Content-Type' not in write_body[1]:
                        # We've reached the end of the headers and not yet
-                        # found the Content-Type. Reset the values we're
-                        # tracking so that we properly follow the redirect.
-                        write_body[0] = None
-                        write_body[1] = False
+                        # found the Content-Type. Reset write_body[0] so that
+                        # we properly follow the redirect. Note that slicing is
+                        # used below to ensure that we re-use the same list
+                        # rather than creating a new one.
+                        write_body[0:2] = (None, False)
                        return
                    # Try to find out what content type encoding is used if
                    # this is a text file
@ -648,9 +649,12 @@ class Client(object):
                        # If write_body[0] is False, this means that this
                        # header is a 30x redirect, so we need to reset
                        # write_body[0] to None so that we parse the HTTP
-                        # status code from the redirect target.
+                        # status code from the redirect target. Additionally,
+                        # we need to reset write_body[2] so that we inspect the
+                        # headers for the Content-Type of the URL we're
+                        # following.
                        if write_body[0] is write_body[1] is False:
-                            write_body[0] = None
+                            write_body[0] = write_body[2] = None

                # Check the status line of the HTTP request
                if write_body[0] is None:
--- a/tests/unit/utils/test_utils.py
+++ b/tests/unit/utils/test_utils.py
@ -99,7 +99,7 @@ class UtilsTestCase(TestCase):
    def test_path_join(self):
        with patch('salt.utils.is_windows', return_value=False) as is_windows_mock:
            self.assertFalse(is_windows_mock.return_value)
-            expected_path = '/a/b/c/d'
+            expected_path = os.path.join(os.sep + 'a', 'b', 'c', 'd')
            ret = utils.path_join('/a/b/c', 'd')
            self.assertEqual(ret, expected_path)

@ -985,7 +985,8 @@ class UtilsTestCase(TestCase):
            ret = utils.daemonize_if({})
            self.assertEqual(None, ret)

-        with patch('salt.utils.daemonize'):
+        with patch('salt.utils.daemonize'), \
+                patch('sys.platform', 'not windows'):
            utils.daemonize_if({})
            self.assertTrue(utils.daemonize.called)
        # pylint: enable=assignment-from-none