summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Batch docs fixes for 2.7 (#71926)stable-2.7Sandra McCann2020-12-018-1577/+31
| | | | | | | | | * remove Edit on Github from EOL branches * try again * replace porting guides with stub pages - issue 71687 (cherry picked from commit 3528a98a3811e8d2ca7cc8870ab9b5a13f4c35f5)
* [Doc-Release-2.9][2.6] eol the 2.6 release (#64118)Sandra McCann2020-09-022-3/+2
| | | | | | | | * eol the release * remove version selector (cherry picked from commit c6f1dede4b16a72469098d13bcb71ce70a0678cc)
* [backport][2.7] point all older release pages to devel (#71428) (#71472)Sandra McCann2020-08-271-177/+4
| | | | | | | * point all older release pages to devel (#71428) (cherry picked from commit 3be597419d5656ea69fa7c505f196d528af07914) * add missing label
* Fix up host used in win_get_url tests - 2.7 (#69817)Jordan Borean2020-06-013-91/+91
| | | | | * Fix up host used in win_get_url tests * disable tests that are failing
* [stable-2.7] Pin Docker version at 19.03.1 (#69635) (#69647)Sam Doran2020-05-276-3/+13
| | | | | | | | | | | | * [stable-2.7] Pin Docker version at 19.03.1. (cherry picked from commit fe941a4045861bfe87340381e7992bcecdbc0291) Co-authored-by: Sam Doran <sdoran@redhat.com> * [stable-2.7] Pin docker-ce-cli version in tests (#69620) Installing docker-ce has a dependency of docker-ce-cli. If the version of docker-ci-cli is not specified, it installs the latest version. (cherry picked from commit 889da811d7fdc4c0fdab6ff573f7bc66b60b753c)
* Update Ansible release version to v2.7.18.post0.Matt Clay2020-05-121-1/+1
|
* New release v2.7.18v2.7.18Matt Clay2020-05-114-2/+32
|
* [2.7] Docs: point inventory script to respective versionAbhijeet Kasurde2020-05-052-9/+11
| | | | | | | With collections migration, inventory scripts are moved from devel (2.10). Point docs for inventory script to their respective version. Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* document danger of kubectl options (#68195)Brian Coca2020-04-211-0/+5
|
* Fix incorrect CVE reference in changelog fragmentRick Elrod2020-04-211-1/+1
| | | | | | | | | | | | | | Change: This corrects an incorrect CVE identifier in the changelog entry for CVE-2020-1735. Test Plan: N/A Tickets: Refs #67793, #68720 Signed-off-by: Rick Elrod <rick@elrod.me>
* [stable-2.7] pip - Fix check_mode for prerelease packages (#68690)Rick Elrod2020-04-214-2/+39
| | | | | | | | | | | | * pip - Fix check_mode for prerelease packages Fixes #68592. Signed-off-by: Rick Elrod <rick@elrod.me> Co-authored-by: Matt Martz <matt@sivel.net>. (cherry picked from commit 82c60db49b7b2f64c68308bcdb9d61231c21df24) Co-authored-by: Rick Elrod <rick@elrod.me>
* Update Ansible release version to v2.7.17.post0.Matt Clay2020-04-161-1/+1
|
* New release v2.7.17v2.7.17Matt Clay2020-04-164-1/+57
|
* added trapBrian Coca2020-04-151-0/+2
|
* added output dirBrian Coca2020-04-151-0/+2
|
* handle role diffs in older versionsBrian Coca2020-04-151-1/+1
|
* fixed fetch traversal from slurp (#68720)Brian Coca2020-04-1511-26/+118
| | | | | | | | | | | | | | | | | | | | * fixed fetch traversal from slurp * ignore slurp result for dest * fixed naming when source is relative * fixed bug in local connection plugin * added tests with fake slurp * moved existing role tests into runme.sh * normalized on action excepts * moved dest transform down to when needed * added is_subpath check * fixed bug in local connection fixes #67793 CVE-2019-3828 (cherry picked from commit ba87c225cd13343c35075fe7fc15b4cf1343fed6)
* safely use vault to edit secrets (#68644)Brian Coca2020-04-152-39/+82
| | | | | | | | | | | * when possible, use filedescriptors from mkstemp to avoid race * when using path strings, ensure we are always creating the file CVE-2020-1740 Fixes #67798 Co-authored-by: samdoran (cherry picked from commit 28f9fbdb5e281976e33f443193047068afb97a9b)
* [2.7] CVE-2020-1746 - Remove the params module option from ldap_attr and ↵Sloane Hertel2020-04-145-23/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ldap_entry (#68716) * Remove the params module option from ldap_attr and ldap_entry Module options that circumvent Ansible's option handling were disallowed in: https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html Additionally, this particular usage can be insecure if bind_pw is set this way as the password could end up in a logfile or displayed on stdout. Fixes CVE-2020-1746 (cherry picked from commit 0ff609f1bc5e391fa25710b9a0baaf669f347eb1) * Fix formatting for option names Co-Authored-By: Felix Fontein <felix@fontein.de> * Fix fail_json * update sanity * fix indentation error Co-authored-by: Toshio Kuratomi <a.badger@gmail.com> Co-authored-by: Felix Fontein <felix@fontein.de>
* prevent ansible_facts injection (#68431) (#68446)Brian Coca2020-04-147-5/+36
| | | | | | | | | | | | | * prevent ansible_facts injection (#68431) - also only replace when needed - switched from replace to index - added test to verify bogus_facts are not accepted CVE-2020-10684 (cherry picked from commit a9d2ceafe429171c0e2ad007058b88bae57c74ce) * add to ignore
* fix vault temp file handling (#68433)Brian Coca2020-04-148-2/+72
| | | | | | | | | | | | | * fix vault tmpe file handling * use local temp dir instead of system temp * ensure each worker clears dataloader temp files * added test for dangling temp files * added notes to data loader CVE-2020-10685 (cherry picked from commit 6452a82452f3a721233b50f62419598206442fd9)
* [2.7] CVE-2020-1739 - provide password securely for subversion module or ↵Sloane Hertel2020-04-1416-52/+137
| | | | | | | | | | | | | | | | warn (#68913) * subversion module - provide password securely when possible or warn (#67829) * subversion module - provide password securely with svn command line option --password-from-stdin when possible, and provide a warning otherwise. * Update lib/ansible/modules/source_control/subversion.py. * Add a test. Co-authored-by: Sam Doran <sdoran@redhat.com> (cherry picked from commit d91658ec0c8434c82c3ef98bfe9eb4e1027a43a3) * Create the OUTPUT_DIR and make sure it is removed at the end * fix sanity test
* [stable-2.7] win_unzip - normalize and compare paths to prevent path ↵Sam Doran2020-04-145-0/+145
| | | | | | | | | | | | | | traversal (#67799) (#67938) * win_unzip - normalize and compare paths to prevent path traversal (#67799) * Actually inspect the paths and prevent escape * Add integration tests * Generate zip files for use in integration test * Adjust error message (cherry picked from commit d30c57ab22db24f6901166fcc3155667bdd3443f) * Fix tests for 2.7
* avoid mkdir -p (#68921) (#68928)Brian Coca2020-04-144-11/+26
| | | | | | | | | | | | | | | | | | | | | | * avoid mkdir -p (#68921) * also consolidated temp dir name generation, added pid for more 'uniqness' * generalize error message * added notes about remote expansion CVE-2020-1733 fixes #67791 (cherry picked from commit 8077d8e40148fe77e2393caa5f2b2ea855149d63) * C * Update lib/ansible/plugins/shell/__init__.py Co-Authored-By: Abhijeet Kasurde <akasurde@redhat.com> * adjusted for missing api Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* [stable-2.7] Update tests to use RHEL 7.8. (#68787)Matt Clay2020-04-094-4/+8
| | | | | | | | | | | * Update tests to use RHEL 7.8. Keeping support for RHEL 7.6 since collections are still using it. * Fix tests for RHEL 7.7+ due to extras repo name change.. (cherry picked from commit 04edd77c4273b321867c0f08d6ff2b67dacfcf2d) Co-authored-by: Matt Clay <mclay@redhat.com>
* OpenSUSE15.1 container image + necessary test changes (2.7 edition) (#68801)Rick Elrod2020-04-094-4/+18
| | | | | | | | | | | | | | | | | | | | | | | * add changelog fragment Signed-off-by: Rick Elrod <rick@elrod.me> * Update changelogs/fragments/ansible-test-opensuse-15.1.yml Co-Authored-By: Matt Clay <matt@mystile.com> * handle installing mysql on suse Signed-off-by: Rick Elrod <rick@elrod.me> * attempt to get tests passing again Signed-off-by: Rick Elrod <rick@elrod.me> * Update docker.txt to use the OpenSUSE 15.1 container image Signed-off-by: Rick Elrod <rick@elrod.me> Co-authored-by: Matt Clay <matt@mystile.com>
* [stable-2.7] tests: ipify_facts: retry on fail (#66897)René Moser2020-03-021-1/+3
| | | | | | (cherry picked from commit 91063f40d6) Co-authored-by: Rene Moser <mail@renemoser.net>
* [stable-2.7] Remove Tower module tests from CI. (#67368) (#67373)Matt Clay2020-02-1224-22/+27
| | | | | | | | | | * Remove Tower module tests from CI. The required AMIs are no longer available. * Mark Tower tests as unsupported.. (cherry picked from commit b041d9676246f2aa8258c078d673cb9bb39044b8) Co-authored-by: Matt Clay <mclay@redhat.com>
* Fix unmerged merge conflict (#67250)timothymctim2020-02-111-7/+0
|
* [stable-2.7] ansible-test - add constraint for virtualenv (#67289)Sam Doran2020-02-102-1/+3
| | | | | | | | | | | * ansible-test - add constraint for virtualenv * Limit virtualenv only on macOS. Co-authored-by: Matt Clay <matt@mystile.com>. (cherry picked from commit 8f296a6533dd8c10e80b04de8495be3140a94c66) Co-authored-by: Sam Doran <sdoran@redhat.com>
* [stable-2.7] Add constraints for Jinja2 on Python 2.6. (#66826)Matt Clay2020-01-274-1/+6
| | | | | | | | | | | * Add constraint for Jinja2 on Python 2.6. * Fix constraint in inventory_aws_conformance test. * Add constrraints for template_jinja2_latest test.. (cherry picked from commit 965854fbd2107ddc1449d9463c47f1e0f8525727) Co-authored-by: Matt Clay <matt@mystile.com>
* Update Ansible release version to v2.7.16.post0.Matt Davis2020-01-151-1/+1
|
* New release v2.7.16v2.7.16Matt Davis2020-01-154-1/+33
|
* [stable-2.7] Ignore warnings in ansible-test environment check.Matt Clay2020-01-142-0/+5
| | | | | | (cherry picked from commit 3db1ac4f56cfd781bc531c5223c7fe748994c588) Co-authored-by: Matt Clay <matt@mystile.com>
* Remove Server 2008 from CIJordan Borean2020-01-141-8/+0
|
* [stable-2.7] Add test constraint for setuptools. (#66426)Matt Clay2020-01-133-1/+8
| | | | | | | | | * Add test constraint for setuptools. * Update pip test to work on centos6 container.. (cherry picked from commit 51e5b714e040dd21b1528866d0e13d2672160678) Co-authored-by: Matt Clay <matt@mystile.com>
* [stable-2.7] Add ansible-test constraint to avoid coverage 5.0+.Matt Clay2020-01-102-1/+3
| | | | | | (cherry picked from commit 9ea5b539b60cb7035f08ac17688976a8e6dfb126) Co-authored-by: Matt Clay <matt@mystile.com>
* Fix nxos_file_copy option value path validation (#65423) (#65848)Ganesh Nalawade2020-01-102-4/+12
| | | | | | | | | | | | * Fix nxos_file_copy option value path validation * Modify `local_file`, `local_file_directory` and `remote_file` option type from `str` to `path` so that the option value is validated in Ansible for a legitimate path value * Fix review comments (cherry picked from commit 88008badb1b0186e060d6796449ddb28f4a8457b)
* Ignore false positive in sanity test.Matt Clay2020-01-101-0/+2
|
* [2.7] solaris_zone: Allow only valid characters in zone nameAbhijeet Kasurde2020-01-102-0/+16
| | | | | | | | | | | CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that. However, there is no user input validation done while performing actions. A malicious user could provide a crafted zone name which allows executing commands into the server manipulating the module behaviour. Adding user input validation as per Solaris Zone documentation fixes this issue. Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* [stable-2.7] Disable failing azure_rm_storageaccount test.Matt Clay2019-12-201-0/+1
| | | | | | (cherry picked from commit 342b9953bcc47278de4a31e5c7c97d0037431093) Co-authored-by: Matt Clay <matt@mystile.com>
* [stable-2.7] Fix 'Assert CNAME failure' assertion (#65875)Justin Ossevoort2019-12-201-1/+1
| | | | | | (cherry picked from commit 14ebceec25) Co-authored-by: Justin Ossevoort <github@internetionals.nl>
* update version metadata to get faceted swiftype search running (#65574) (#65581)Sandra McCann2019-12-101-2/+2
| | | | | * update version metadata to get faceted swiftype search running (cherry picked from commit 96cbbdd59fe82574b9292bf3cafe34bb8b9ceade)
* [stable-2.7] Add or later to the license expressed in the README (#65289)Toshio Kuratomi2019-12-031-1/+1
| | | | | | | | | | | | | | | This is a clarification, not a relicensing. Our source code says "GPLv3+" or "version 3 of the License, or later". Our documentation says GPLv3+: https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/dev_guide/developing_modules_checklist.rst#contributing-to-ansible-objective-requirements We were just lazy when we wrote the README and left out the "or later". this update to the README brings it in line with what everything else says. (cherry picked from commit a15fb26) Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
* Update Ansible release version to v2.7.15.post0.Matt Davis2019-11-131-1/+1
|
* New release v2.7.15v2.7.15Matt Davis2019-11-134-1/+25
|
* Callback: removing args from task_fields from Sumologic and Splunk ↵Matt Davis2019-11-123-0/+8
| | | | | | | | | | | plugin(#63527) (#64748) CVE-2019-14864 Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs Fixes #63522 Signed-off-by: Patrick O’Brien <patrick.obrien@thetradedesk.com> Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit c76e074e4c71c7621a1ca8159261c1959b5287af)
* win_psmodule - remove reliance on PSGallery in the tests for stable-2.7 (#64468)Jordan Borean2019-11-0711-145/+293
| | | | | | * win_psmodule - remove reliance on PSGallery in the tests for stable-2.7 * Ignore non-powershell files from sanity check
* [Doc-Release-2.9] Backport/2.7/docs release (#64272)Sandra McCann2019-11-012-26/+18
| | | | | | | | | | | | * docs: update to latest 3 versions (#64109) (cherry picked from commit 409545825f33406d2475864dc23d719b095da683) * [Doc-Release-2.9] update release and maintenance page for 2.9 (#64166) * update release and maintenance page for 2.9 * only 2.4 and earlier used the old changelog system (cherry picked from commit 3f808d9ed621d226289dcd4ce858b0de6d04f1dd)
* Update Ansible release version to v2.7.14.post0.Toshio Kuratomi2019-10-171-1/+1
|
View Lorry Controller Status