| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
* remove Edit on Github from EOL branches
* try again
* replace porting guides with stub pages - issue 71687
(cherry picked from commit 3528a98a3811e8d2ca7cc8870ab9b5a13f4c35f5)
|
|
|
|
|
|
|
|
| |
* eol the release
* remove version selector
(cherry picked from commit c6f1dede4b16a72469098d13bcb71ce70a0678cc)
|
|
|
|
|
|
|
| |
* point all older release pages to devel (#71428)
(cherry picked from commit 3be597419d5656ea69fa7c505f196d528af07914)
* add missing label
|
|
|
|
|
| |
* Fix up host used in win_get_url tests
* disable tests that are failing
|
|
|
|
|
|
|
|
|
|
|
|
| |
* [stable-2.7] Pin Docker version at 19.03.1.
(cherry picked from commit fe941a4045861bfe87340381e7992bcecdbc0291)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* [stable-2.7] Pin docker-ce-cli version in tests (#69620)
Installing docker-ce has a dependency of docker-ce-cli. If the version of docker-ci-cli is not specified, it installs the latest version.
(cherry picked from commit 889da811d7fdc4c0fdab6ff573f7bc66b60b753c)
|
| |
|
| |
|
|
|
|
|
|
|
| |
With collections migration, inventory scripts are moved from devel (2.10).
Point docs for inventory script to their respective version.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change:
This corrects an incorrect CVE identifier in the changelog entry for
CVE-2020-1735.
Test Plan:
N/A
Tickets:
Refs #67793, #68720
Signed-off-by: Rick Elrod <rick@elrod.me>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* pip - Fix check_mode for prerelease packages
Fixes #68592.
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Martz <matt@sivel.net>.
(cherry picked from commit 82c60db49b7b2f64c68308bcdb9d61231c21df24)
Co-authored-by: Rick Elrod <rick@elrod.me>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fixed fetch traversal from slurp
* ignore slurp result for dest
* fixed naming when source is relative
* fixed bug in local connection plugin
* added tests with fake slurp
* moved existing role tests into runme.sh
* normalized on action excepts
* moved dest transform down to when needed
* added is_subpath check
* fixed bug in local connection
fixes #67793
CVE-2019-3828
(cherry picked from commit ba87c225cd13343c35075fe7fc15b4cf1343fed6)
|
|
|
|
|
|
|
|
|
|
|
| |
* when possible, use filedescriptors from mkstemp to avoid race
* when using path strings, ensure we are always creating the file
CVE-2020-1740
Fixes #67798
Co-authored-by: samdoran
(cherry picked from commit 28f9fbdb5e281976e33f443193047068afb97a9b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ldap_entry (#68716)
* Remove the params module option from ldap_attr and ldap_entry
Module options that circumvent Ansible's option handling were disallowed
in:
https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html
Additionally, this particular usage can be insecure if bind_pw is set
this way as the password could end up in a logfile or displayed on
stdout.
Fixes CVE-2020-1746
(cherry picked from commit 0ff609f1bc5e391fa25710b9a0baaf669f347eb1)
* Fix formatting for option names
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix fail_json
* update sanity
* fix indentation error
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* prevent ansible_facts injection (#68431)
- also only replace when needed
- switched from replace to index
- added test to verify bogus_facts are not accepted
CVE-2020-10684
(cherry picked from commit a9d2ceafe429171c0e2ad007058b88bae57c74ce)
* add to ignore
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix vault tmpe file handling
* use local temp dir instead of system temp
* ensure each worker clears dataloader temp files
* added test for dangling temp files
* added notes to data loader
CVE-2020-10685
(cherry picked from commit 6452a82452f3a721233b50f62419598206442fd9)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
warn (#68913)
* subversion module - provide password securely when possible or warn (#67829)
* subversion module - provide password securely with svn command line option --password-from-stdin when possible, and provide a warning otherwise.
* Update lib/ansible/modules/source_control/subversion.py.
* Add a test.
Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit d91658ec0c8434c82c3ef98bfe9eb4e1027a43a3)
* Create the OUTPUT_DIR and make sure it is removed at the end
* fix sanity test
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
traversal (#67799) (#67938)
* win_unzip - normalize and compare paths to prevent path traversal (#67799)
* Actually inspect the paths and prevent escape
* Add integration tests
* Generate zip files for use in integration test
* Adjust error message
(cherry picked from commit d30c57ab22db24f6901166fcc3155667bdd3443f)
* Fix tests for 2.7
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* avoid mkdir -p (#68921)
* also consolidated temp dir name generation, added pid for more 'uniqness'
* generalize error message
* added notes about remote expansion
CVE-2020-1733
fixes #67791
(cherry picked from commit 8077d8e40148fe77e2393caa5f2b2ea855149d63)
* C
* Update lib/ansible/plugins/shell/__init__.py
Co-Authored-By: Abhijeet Kasurde <akasurde@redhat.com>
* adjusted for missing api
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* Update tests to use RHEL 7.8.
Keeping support for RHEL 7.6 since collections are still using it.
* Fix tests for RHEL 7.7+ due to extras repo name change..
(cherry picked from commit 04edd77c4273b321867c0f08d6ff2b67dacfcf2d)
Co-authored-by: Matt Clay <mclay@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add changelog fragment
Signed-off-by: Rick Elrod <rick@elrod.me>
* Update changelogs/fragments/ansible-test-opensuse-15.1.yml
Co-Authored-By: Matt Clay <matt@mystile.com>
* handle installing mysql on suse
Signed-off-by: Rick Elrod <rick@elrod.me>
* attempt to get tests passing again
Signed-off-by: Rick Elrod <rick@elrod.me>
* Update docker.txt to use the OpenSUSE 15.1 container image
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Clay <matt@mystile.com>
|
|
|
|
|
|
| |
(cherry picked from commit 91063f40d6)
Co-authored-by: Rene Moser <mail@renemoser.net>
|
|
|
|
|
|
|
|
|
|
| |
* Remove Tower module tests from CI.
The required AMIs are no longer available.
* Mark Tower tests as unsupported..
(cherry picked from commit b041d9676246f2aa8258c078d673cb9bb39044b8)
Co-authored-by: Matt Clay <mclay@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* ansible-test - add constraint for virtualenv
* Limit virtualenv only on macOS.
Co-authored-by: Matt Clay <matt@mystile.com>.
(cherry picked from commit 8f296a6533dd8c10e80b04de8495be3140a94c66)
Co-authored-by: Sam Doran <sdoran@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* Add constraint for Jinja2 on Python 2.6.
* Fix constraint in inventory_aws_conformance test.
* Add constrraints for template_jinja2_latest test..
(cherry picked from commit 965854fbd2107ddc1449d9463c47f1e0f8525727)
Co-authored-by: Matt Clay <matt@mystile.com>
|
| |
|
| |
|
|
|
|
|
|
| |
(cherry picked from commit 3db1ac4f56cfd781bc531c5223c7fe748994c588)
Co-authored-by: Matt Clay <matt@mystile.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Add test constraint for setuptools.
* Update pip test to work on centos6 container..
(cherry picked from commit 51e5b714e040dd21b1528866d0e13d2672160678)
Co-authored-by: Matt Clay <matt@mystile.com>
|
|
|
|
|
|
| |
(cherry picked from commit 9ea5b539b60cb7035f08ac17688976a8e6dfb126)
Co-authored-by: Matt Clay <matt@mystile.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix nxos_file_copy option value path validation
* Modify `local_file`, `local_file_directory` and
`remote_file` option type from `str` to `path`
so that the option value is validated in Ansible
for a legitimate path value
* Fix review comments
(cherry picked from commit 88008badb1b0186e060d6796449ddb28f4a8457b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that.
However, there is no user input validation done while performing actions.
A malicious user could provide a crafted zone name which allows executing commands
into the server manipulating the module behaviour.
Adding user input validation as per Solaris Zone documentation fixes this issue.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
|
|
|
|
|
|
| |
(cherry picked from commit 342b9953bcc47278de4a31e5c7c97d0037431093)
Co-authored-by: Matt Clay <matt@mystile.com>
|
|
|
|
|
|
| |
(cherry picked from commit 14ebceec25)
Co-authored-by: Justin Ossevoort <github@internetionals.nl>
|
|
|
|
|
| |
* update version metadata to get faceted swiftype search running
(cherry picked from commit 96cbbdd59fe82574b9292bf3cafe34bb8b9ceade)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a clarification, not a relicensing.
Our source code says "GPLv3+" or "version 3 of the License, or later".
Our documentation says GPLv3+:
https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/dev_guide/developing_modules_checklist.rst#contributing-to-ansible-objective-requirements
We were just lazy when we wrote the README and left out the "or later".
this update to the README brings it in line with what everything else
says.
(cherry picked from commit a15fb26)
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
plugin(#63527) (#64748)
CVE-2019-14864 Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
Fixes #63522
Signed-off-by: Patrick O’Brien <patrick.obrien@thetradedesk.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit c76e074e4c71c7621a1ca8159261c1959b5287af)
|
|
|
|
|
|
| |
* win_psmodule - remove reliance on PSGallery in the tests for stable-2.7
* Ignore non-powershell files from sanity check
|
|
|
|
|
|
|
|
|
|
|
|
| |
* docs: update to latest 3 versions (#64109)
(cherry picked from commit 409545825f33406d2475864dc23d719b095da683)
* [Doc-Release-2.9] update release and maintenance page for 2.9 (#64166)
* update release and maintenance page for 2.9
* only 2.4 and earlier used the old changelog system
(cherry picked from commit 3f808d9ed621d226289dcd4ce858b0de6d04f1dd)
|
| |
|