Merge pull request saltstack#292 from barbaricyawps/docs_3002.8

Add 3002.8 changelog and release notes, update man pages

CHANGELOG.md

@@ -7,6 +7,18 @@ Versions are `MAJOR.PATCH`.
 
 # Changelog
 
+Salt 3002.8 (2022-02-25)
+========================
+
+Security
+--------
+
+- Sign authentication replies to prevent MiTM (cve-2020-22935)
+- Sign pillar data to prevent MiTM attacks. (cve-2022-22934)
+- Prevent job and fileserver replays (cve-2022-22936)
+- Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) (#60413)
+
+
 Salt 3002.7 (2021-08-20)
 ========================
 

doc/man/salt-api.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-API" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-API" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-api \- salt-api Command
 .

doc/man/salt-call.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-CALL" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-CALL" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-call \- salt-call Documentation
 .

doc/man/salt-cloud.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-CLOUD" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-CLOUD" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-cloud \- Salt Cloud Command
 .

doc/man/salt-cp.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-CP" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-CP" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-cp \- salt-cp Documentation
 .

doc/man/salt-key.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-KEY" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-KEY" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-key \- salt-key Documentation
 .

doc/man/salt-master.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-MASTER" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-MASTER" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-master \- salt-master Documentation
 .

doc/man/salt-minion.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-MINION" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-MINION" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-minion \- salt-minion Documentation
 .

doc/man/salt-proxy.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-PROXY" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-PROXY" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-proxy \- salt-proxy Documentation
 .

doc/man/salt-run.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-RUN" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-RUN" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-run \- salt-run Documentation
 .

doc/man/salt-ssh.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-SSH" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-SSH" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-ssh \- salt-ssh Documentation
 .

doc/man/salt-syndic.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-SYNDIC" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-SYNDIC" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-syndic \- salt-syndic Documentation
 .

doc/man/salt-unity.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-UNITY" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT-UNITY" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt-unity \- salt-unity Command
 .

doc/man/salt.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SALT" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 salt \- salt
 .

doc/man/spm.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SPM" "1" "Aug 20, 2021" "3002.7" "Salt"
+.TH "SPM" "1" "Feb 25, 2022" "3002.8" "Salt"
 .SH NAME
 spm \- Salt Package Manager Command
 .

doc/ref/beacons/all/salt.beacons.aix_account.rst

@@ -1,5 +1,5 @@
-salt.beacons.aix_account module
-===============================
+salt.beacons.aix_account
+========================
 
 .. automodule:: salt.beacons.aix_account
     :members:

doc/topics/releases/3002.8.rst

@@ -0,0 +1,34 @@
+.. _release-3002-8:
+
+========================
+Salt 3002.8 (2022-02-25)
+========================
+
+Version 3002.8 is a CVE security fix release for :ref:`3002 <release-3002>`.
+
+
+Important notice about upgrading
+--------------------------------
+
+Version 3002.8 is a security release. 3002.8 minions are not able to
+communicate with masters older than 3002.8. You must upgrade your masters
+before upgrading minions.
+
+
+Minion authentication security
+------------------------------
+
+Authentication between masters and minions rely on public/private key
+encryption and message signing. To secure minion authentication before you must
+pre-seed the master's public key on minions. To pre-seed the minions' master
+key, place a copy of the master's public key in the minion's pki directory as
+``minion_master.pub``.
+
+
+Security
+--------
+
+- Sign authentication replies to prevent MiTM (cve-2020-22935)
+- Sign pillar data to prevent MiTM attacks. (cve-2022-22934)
+- Prevent job and fileserver replays (cve-2022-22936)
+- Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) (#60413)