SUSE-SU-2021:1690-1

This update fixes the following issues:

salt:

• Update to Salt release version 3002.2 (jsc#ECO-3212)
• Drop support for Python2. Obsoletes 'python2-salt' package
• Virt module updates
  • network: handle missing ipv4 netmask attribute
  • more network support
  • PCI/USB host devices passthrough support
• Set distro requirement to oldest supported version in requirements/base.txt
• Bring missing part of async batch implementation back
• Always require python3-distro (bsc#1182293)
• Remove deprecated warning that breaks minion execution when 'serveriduse_crc' opts is missing
• Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
• Msgpack support for version >= 1.0.0 (bsc#1171257)
• Fix issue parsing errors in ansiblegate state module
• Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607)
• Transactional_update: detect recursion in the executor
• Add subpackage salt-transactional-update
• Remove duplicate directories from specfile
• Improvements on 'ansiblegate' module (bsc#1185092):
  • New methods: ansible.targets / ansible.discover_playbooks
• Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
• Regression fix of salt-ssh on processing targets
• Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281)
• Add notify beacon for Debian/Ubuntu systems
• Fix zmq bug that causes salt-call to freeze (bsc#1181368)
• Add core grains support for AlmaLinux
• Allow vendor change option with zypper
• Virt: virtual network backports to Salt 3000
• Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474)
• Only require python-certifi for CentOS7
• Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110)
• Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976)
• Fix recursion false detection in payload (bsc#1180101)
• Add sleep on exception handling on minion connection attempt to the master (bsc#1174855)
• Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347)
• Always require python-certifi (used by salt.ext.tornado)
• Exclude SLE 12 from requiring python-certifi
• Do not crash when unexpected cmd output at listing patches (bsc#1181290)
• Fix behavior for 'onlyif/unless' when multiple conditions (bsc#1180818)
• Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
• Allow extra_filerefs as sanitized kwargs for SSH client
• Fix errors with virt.update
• Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)
• Virt: search for grub.xen path
• Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs
• Virt UEFI fix: virt.update when efi=True
• Revert wrong zypper patch to support vendorchanges flags on pkg.install