From 6cab366afba65c8cc07adb9c98a8a8e8b895ee84 Mon Sep 17 00:00:00 2001
From: Frode Gundersen <fgundersen@saltstack.com>
Date: Tue, 1 Dec 2020 10:47:40 -0700
Subject: [PATCH] Update 3000.6 release

---
 CHANGELOG.md                     |  8 ++++++++
 changelog/58922.fixed            |  1 -
 doc/man/salt-api.1               |  2 +-
 doc/man/salt-call.1              |  2 +-
 doc/man/salt-cloud.1             |  2 +-
 doc/man/salt-cp.1                |  2 +-
 doc/man/salt-key.1               |  2 +-
 doc/man/salt-master.1            |  2 +-
 doc/man/salt-minion.1            |  2 +-
 doc/man/salt-proxy.1             |  2 +-
 doc/man/salt-run.1               |  2 +-
 doc/man/salt-ssh.1               |  2 +-
 doc/man/salt-syndic.1            |  2 +-
 doc/man/salt-unity.1             |  2 +-
 doc/man/salt.1                   |  2 +-
 doc/man/salt.7                   |  2 +-
 doc/man/spm.1                    |  2 +-
 doc/topics/releases/2019.2.7.rst | 15 +++++++++++++++
 doc/topics/releases/2019.2.8.rst | 12 ++++++++++++
 doc/topics/releases/3000.6.rst   | 15 +++++++++++++++
 20 files changed, 65 insertions(+), 16 deletions(-)
 delete mode 100644 changelog/58922.fixed
 create mode 100644 doc/topics/releases/2019.2.7.rst
 create mode 100644 doc/topics/releases/2019.2.8.rst
 create mode 100644 doc/topics/releases/3000.6.rst

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f21a5010bbe4..5d3a57a48a4a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,14 @@ This changelog follows [keepachangelog](https://keepachangelog.com/en/1.0.0/) fo
 This project versioning is _similar_ to [Semantic Versioning](https://semver.org), and is documented in [SEP 14](https://github.com/saltstack/salt-enhancement-proposals/pull/20/files).
 Versions are `MAJOR.PATCH`.
 
+Salt 3000.6 (2020-12-01)
+========================
+
+Fixed
+-----
+
+- Fixes salt-ssh authentication when using tty (#58922)
+
 Salt 3000.5 (2020-09-16)
 ========================
 
diff --git a/changelog/58922.fixed b/changelog/58922.fixed
deleted file mode 100644
index 0297dfaa2e66..000000000000
--- a/changelog/58922.fixed
+++ /dev/null
@@ -1 +0,0 @@
-Fixes salt-ssh authentication when using tty
diff --git a/doc/man/salt-api.1 b/doc/man/salt-api.1
index 77461da93a50..d14c37519e24 100644
--- a/doc/man/salt-api.1
+++ b/doc/man/salt-api.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-API" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-API" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-api \- salt-api Command
 .
diff --git a/doc/man/salt-call.1 b/doc/man/salt-call.1
index 88322f3add2a..6c47f05df4fb 100644
--- a/doc/man/salt-call.1
+++ b/doc/man/salt-call.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-CALL" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-CALL" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-call \- salt-call Documentation
 .
diff --git a/doc/man/salt-cloud.1 b/doc/man/salt-cloud.1
index 76f93354382f..a0f543693b3e 100644
--- a/doc/man/salt-cloud.1
+++ b/doc/man/salt-cloud.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-CLOUD" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-CLOUD" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-cloud \- Salt Cloud Command
 .
diff --git a/doc/man/salt-cp.1 b/doc/man/salt-cp.1
index 32c6de7aa6d0..63ae2d0d51f2 100644
--- a/doc/man/salt-cp.1
+++ b/doc/man/salt-cp.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-CP" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-CP" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-cp \- salt-cp Documentation
 .
diff --git a/doc/man/salt-key.1 b/doc/man/salt-key.1
index a16f7610cf3e..20fd3be71c9e 100644
--- a/doc/man/salt-key.1
+++ b/doc/man/salt-key.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-KEY" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-KEY" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-key \- salt-key Documentation
 .
diff --git a/doc/man/salt-master.1 b/doc/man/salt-master.1
index 9aaf25cd4b87..72dcae8ff25e 100644
--- a/doc/man/salt-master.1
+++ b/doc/man/salt-master.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-MASTER" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-MASTER" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-master \- salt-master Documentation
 .
diff --git a/doc/man/salt-minion.1 b/doc/man/salt-minion.1
index 527384a05ac6..292ca7d34941 100644
--- a/doc/man/salt-minion.1
+++ b/doc/man/salt-minion.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-MINION" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-MINION" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-minion \- salt-minion Documentation
 .
diff --git a/doc/man/salt-proxy.1 b/doc/man/salt-proxy.1
index 51fec0ec224e..34a854c38927 100644
--- a/doc/man/salt-proxy.1
+++ b/doc/man/salt-proxy.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-PROXY" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-PROXY" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-proxy \- salt-proxy Documentation
 .
diff --git a/doc/man/salt-run.1 b/doc/man/salt-run.1
index 4f180f72ffd5..6879f0daffac 100644
--- a/doc/man/salt-run.1
+++ b/doc/man/salt-run.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-RUN" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-RUN" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-run \- salt-run Documentation
 .
diff --git a/doc/man/salt-ssh.1 b/doc/man/salt-ssh.1
index 63818368eccc..395dbcf2ff09 100644
--- a/doc/man/salt-ssh.1
+++ b/doc/man/salt-ssh.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-SSH" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-SSH" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-ssh \- salt-ssh Documentation
 .
diff --git a/doc/man/salt-syndic.1 b/doc/man/salt-syndic.1
index f0d402bbd7b0..fb4d57163eb1 100644
--- a/doc/man/salt-syndic.1
+++ b/doc/man/salt-syndic.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-SYNDIC" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-SYNDIC" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-syndic \- salt-syndic Documentation
 .
diff --git a/doc/man/salt-unity.1 b/doc/man/salt-unity.1
index 47dfcdb3c2c2..f6671e91efcb 100644
--- a/doc/man/salt-unity.1
+++ b/doc/man/salt-unity.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-UNITY" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT-UNITY" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt-unity \- salt-unity Command
 .
diff --git a/doc/man/salt.1 b/doc/man/salt.1
index 20e81d66b0d0..563d2ed7483d 100644
--- a/doc/man/salt.1
+++ b/doc/man/salt.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt \- salt
 .
diff --git a/doc/man/salt.7 b/doc/man/salt.7
index 01cd2fb01ab6..75ef3c20e3ba 100644
--- a/doc/man/salt.7
+++ b/doc/man/salt.7
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT" "7" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SALT" "7" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 salt \- Salt Documentation
 .
diff --git a/doc/man/spm.1 b/doc/man/spm.1
index 0f1d3b738cf1..41b0c5599eeb 100644
--- a/doc/man/spm.1
+++ b/doc/man/spm.1
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SPM" "1" "Sep 16, 2020" "3000.5"  "Salt"
+.TH "SPM" "1" "Dec 01, 2020" "3000.6"  "Salt"
 .SH NAME
 spm \- Salt Package Manager Command
 .
diff --git a/doc/topics/releases/2019.2.7.rst b/doc/topics/releases/2019.2.7.rst
new file mode 100644
index 000000000000..515556998252
--- /dev/null
+++ b/doc/topics/releases/2019.2.7.rst
@@ -0,0 +1,15 @@
+.. _release-2019-2-7:
+
+===========================
+Salt 2019.2.7 Release Notes
+===========================
+
+Version 2019.2.7 is a CVE fix release for :ref:`2019.2.0 <release-2019-2-0>`.
+
+Fixed
+-----
+
+- Properly validate eauth credentials and tokens along with their ACLs.
+  Prior to this change eauth was not properly validated when calling
+  Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user
+  to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)
diff --git a/doc/topics/releases/2019.2.8.rst b/doc/topics/releases/2019.2.8.rst
new file mode 100644
index 000000000000..d05b82af7ae5
--- /dev/null
+++ b/doc/topics/releases/2019.2.8.rst
@@ -0,0 +1,12 @@
+.. _release-2019-2-8:
+
+===========================
+Salt 2019.2.8 Release Notes
+===========================
+
+Version 2019.2.8 is a bugfix release for :ref:`2019.2.0 <release-2019-2-0>`.
+
+Fixed
+-----
+
+- Fixes salt-ssh authentication when using tty (#58922)
diff --git a/doc/topics/releases/3000.6.rst b/doc/topics/releases/3000.6.rst
new file mode 100644
index 000000000000..86d98db8abb1
--- /dev/null
+++ b/doc/topics/releases/3000.6.rst
@@ -0,0 +1,15 @@
+.. _release-3000-5:
+
+===========================
+Salt 3000.5 Release Notes
+===========================
+
+Version 3000.5 is a CVE fix release for :ref:`3000 <release-3000>`.
+
+Fixed
+-----
+
+- CVE-2020-16804 - Properly validate eauth credentials and tokens along with
+  their ACLs. Prior to this change eauth was not properly validated when calling
+  Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user
+  to bypass authentication and make calls to Salt ssh. (CVE-2020-25592)