* prevent templating of passwords from prompt (#59246)
* prevent templating of passwords from prompt
fixes CVE-2019-10206
(cherry picked from commit e9a37f8e31)
* Improve performane of UnsafeProxy __new__
This adds an early return to the __new__ method of the UnsafeProxy object
which avoids creating the unsafe object if the incoming object is already
unsafe.
(cherry picked from commit c1e23c22a9)
(cherry picked from commit 490f17c7f9)
As described in #53385 (and #31759), the docker connection driver did
not support privilege escalation. This commit is a shameless
cut-and-paste of the privilege escalation support from the `local`
connection plugin into the `docker` plugin.
This is a backport to stable-2.7 of #55816.
* sysctl will now return an error if the value is invalid
sysctl can fail to set a value even if it returns an exit status 0. More
details: https://bugzilla.redhat.com/show_bug.cgi?id=1264080. Because of
this in case of an invalid value or a read-only file system, sysctl
module would return OK, even though it didn't set anything. To be sure
that sysctl correctly applied the changes we also need to check the
output of stderr.
(cherry picked from commit 0432b7f252)
* Run sysctl with LANG=C
Because we are parsing sysctl stderr we need to make sure that errors
are persistent across different system language settings.
(cherry picked from commit a16128f778)
* Add changelog fragment for sysctl
(cherry picked from commit 3ad9d4d83c)
Implement a new method for shadow file parsing so it can be subclassed..
(cherry picked from commit f27eccabbd)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* [stable-2.7] Move missing library abort to use rather than import for netconf (#55384).
(cherry picked from commit b442706b54)
Co-authored-by: Nathaniel Case <this.is@nathanielca.se>
* Add changelog
* missing_required_lib not in 2.7
* psrp - Fix raw and script tests for connection plugin
* Fix error propagation with raw in psrp
* uncomment test
(cherry picked from commit fdf9df89f5)
* nxos_interface:DI: delay only when operation state check is requested (#54862)
* nxos_interface:DI: should only use delay when operation state check is requested
There is a 10 second delay that is added for every interface that is changed.
This delay should only occur when a task sets one of the `want` vars.
* /return/continue/
(cherry picked from commit 0fe6bf911a)
* changelog
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Warn when log_options values are not strings.
* Add changelog.
* Improve message.
* Improve formatting and formulation of other messages.
* Add test for warning.
* Trying double escaping.
(cherry picked from commit d64b17731d)
* The Univention modules have a issue with an unassigned variable.
The variable diff is only assigned if state is 'present', else the
variable is unused. But the module will return the diff variable as a
return value. If the state isn't 'present' the module will fail with an
python UnboundLocalError exception.
(cherry picked from commit 26fa97922a)
* Add a changelog fragment for PR 55083.
(cherry picked from commit b4ae654890)
* Allow all of yum version compare operators
* * yum: name="foo >= VERSION" integration test
* changelog fragment
(cherry picked from commit 1532e31ec0)
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.
(cherry picked from commit 7d27348356)
* Performance fixes for net and org lookups
- Both methods had duplicate lookups
- This should significantly improve performance
- Currently untested
* Add ChangeLog file
* Change from bugfix to bugfixes and change indent
(cherry picked from commit c254b93796)
The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.
We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to generalize this into
a helper function, though.
Fixes#44412
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit d15812fabf)
Fixes#53236
* If dispatch() rpc response has data element
return the xml string from `<data>` element
else return the complete xml string from
`<rpc-reply>`.
(cherry picked from commit aac5ef5e13)
When using before and after in combination, the opposite behavior was induced. This PR makes the the replacement happen between the specified patterns as intended.
* Added integration tests
* Add changelog, porting guide entry, and minor doc fixes.
(cherry picked from commit cf69ec5db0)
Co-authored-by: Evan Kaufman <evan.kaufman@gmail.com>
* Catch all request timeouts for winrm connection
The current implementation only catches 'ConnectTimeout' exceptions.
Instead we should catch 'Timout' which also catches ReadTimeout
exceptions.
Improves on: #51744
Co-Authored-By: westphahl <westphahl@gmail.com>
* Changelog for winrm error handling improvement
Matt Clay