Commit Graph

47868 Commits (685a4b6d3ff72186d2b4ffce73172a5446a71ccc)
 

Author SHA1 Message Date
Brian Coca 685a4b6d3f safely use vault to edit secrets (#68644)
* when possible, use filedescriptors from mkstemp to avoid race
  * when using path strings, ensure we are always creating the file

CVE-2020-1740
Fixes #67798

Co-authored-by: samdoran
(cherry picked from commit 28f9fbdb5e)
5 years ago
Sloane Hertel d41e38435b
[2.9] CVE-2020-1746 - Remove the params module option from ldap_attr and ldap_entry (#68714)
* Remove the params module option from ldap_attr and ldap_entry

Module options that circumvent Ansible's option handling were disallowed
in:
https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html

Additionally, this particular usage can be insecure if bind_pw is set
this way as the password could end up in a logfile or displayed on
stdout.

Fixes CVE-2020-1746

(cherry picked from commit 0ff609f1bc)

* Fix formatting for option names

Co-Authored-By: Felix Fontein <felix@fontein.de>

* Fix fail_json

* fix indentation error

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
5 years ago
Brian Coca 0b4788a71f prevent ansible_facts injection (#68431)
- also only replace when needed
 - switched from replace to index
 - added test to verify bogus_facts are not accepted

CVE-2020-10684

(cherry picked from commit a9d2ceafe4)
5 years ago
Brian Coca 51d2514753 fix vault temp file handling (#68433)
* fix vault tmpe file handling

 * use local temp dir instead of system temp
 * ensure each worker clears dataloader temp files
 * added test for dangling temp files
 * added notes to data loader

CVE-2020-10685

(cherry picked from commit 6452a82452)
5 years ago
Dmitriy Rabotyagov 65866519e4
support rabbitmq 3.8.x in version check (#66855) (#68137)
* support rabbitmq 3.8.x in version check (#66855)

* support rabbitmq 3.8.x in version check

* Removed extraneous white space

(cherry picked from commit 6b017db05b)

* Add changelog fragment.

Co-authored-by: bitchkat <kjh@flyballdogs.com>
Co-authored-by: Matt Clay <matt@mystile.com>
5 years ago
Sloane Hertel c6c4fbf4a1 subversion module - provide password securely when possible or warn (#67829)
* subversion module - provide password securely with svn command line option --password-from-stdin when possible, and provide a warning otherwise.
* Update lib/ansible/modules/source_control/subversion.py.
* Add a test.

Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit d91658ec0c)
5 years ago
Jordan Borean b2551bb694
ansible-galaxy - Fix tar path traversal issue during install - CVE-2020-10691 - 2.9 (#68601)
* ansible-galaxy - Fix tar path traversal issue during install - CVE-2020-10691 (#68596)

(cherry picked from commit a20a527014)

* Remove extra tests missing from rebase
5 years ago
Jordan Borean cef6296735 WebRequest - Fix use_proxy: no on module options (#68603)
* WebRequest - Fix use_proxy: no on module options

* Fix up changelog fragment

(cherry picked from commit ae1cd27b57)
5 years ago
Florian Apolloner 3bebeb9cc3 Fixed mysql_user module idempotency for long privilege lists. (Fixes #68044) 5 years ago
Abhijeet Kasurde 8d387802ec [2.9] ipa: Remove redundant encoding in json.loads
Backport of https://github.com/ansible-collections/community.general/pull/87

Fixes: ansible/ansible#66592

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
5 years ago
Felix Fontein 2b536b8e82 Backport of ansible-collections/community.general@07e8911fd8 to stable-2.9. 5 years ago
Nathaniel Case a41f09901b
[stable-2.9] Fix missing persistent connection messages (#68496) (#68562)
* [stable-2.9] Fix missing persistent connection messages (#68496)

* Be more proactive about returning module messages

* Move message display to a function, and replace handling already in shutdown().
(cherry picked from commit 5f6427b1fc)

Co-authored-by: Nathaniel Case <ncase@redhat.com>

* Add changelog
5 years ago
nkshrishail ea4f6e1539 nxos_lacp: updated tests to handle platforms not supporting lacp system mac command (#64074)
* Updated nxos_lacp tests to handle platforms not supporting lacp system mac command

* nxos_lacp: addressing comments

* nxos_lacp: Updating image tag search to include more tags

(cherry picked from commit 00193f27eb)

Add changelog for nxos_lacp fix
5 years ago
Egor Zaitsev 852b64b3ba
routeros_facts: prevent crash of module when ipv6 package is not installed (#68554)
* routeros_facts: fix crash when ipv6 is disabled

* Update 64958-routeros-facts-ipv6.yml
5 years ago
Abhijeet Kasurde eec5cc4f73 [2.9] VMware: Use existing DVPG network in vmware_guest_network
* Handle all cases of networks

Fixes: #65968

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit afb71c14bd)
5 years ago
Martin Nečas 61c6a6b7b3
ovirt_storage_domain: fix update_check warning_low_space (#68505)
* ovirt_storage_domain: fix update_check warning_low_space

* add changelog
5 years ago
Sam Doran 0e51aadd8e
[stable-2.9] Add CentOS 8 to the test matrix (#68025)
* Add CentOS 8 to the test matrix (#63649)

(cherry picked from commit 2a7623dd5c)

* Skip PostgreSQL tests on CentOS 8

The tests in devel have diverged significantly from what is in
stable-2.9. It is easiest to skip these test for CentOS 8 in this branch
since they are still being run in devel.
5 years ago
Jordan Borean b0e2321a17 setup - Use original logic for FQDN hostname builder 5 years ago
Simon Dodsley 281af782e2 Fix purefa_snmp errors 5 years ago
Graham Mainwaring 32f41334fb Fix colorization to not extend across newline boundary (#68517)
* Fix colorization to not extend across newline boundary

* Fix unit test to look for the newline outside the coloration

* Add changelog fragment

(cherry picked from commit 2068131589)
5 years ago
Brian Coca 52d509717e fallback to uid when no uname (#68466)
* fallback to uid when no uname

 fixes #68007

Co-Authored-By: Matt Clay <matt@mystile.com>
(cherry picked from commit 1570098e86)
5 years ago
Abhijeet Kasurde 8088ffb853 [2.9] Fix warning message in dense callback plugin
Fix dense callback plugin access to its configuration variables
and remove a warning message

Backport of https://github.com/ansible-collections/community.general/pull/83

Fixes: #64628
5 years ago
Matt Martz 76f1aeb188 [stable-2.9] Always set the discovered interpreter on the delegated host (#64906)
* Always set the discovered interpreter on the delegated host. Fixes #63180

* Make code a little more generic

* Move code into a function

* Implement some changes based on reviews

* Add changelog fragment
(cherry picked from commit 123c624)

Co-authored-by: Matt Martz <matt@sivel.net>
5 years ago
gp 859cdc8695 [2.9] VMware: Fix cluster argument of module vmware_content_deploy_template
(cherry picked from commit 98f19c970f)

Signed-off-by: gp <gp@gparent.net>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
5 years ago
Abhijeet Kasurde 64d8947f7f [2.9] docs: Fixed "Edit on GitHub" link for plugin, cli
Fixed sphinx theme to navigate "Edit on Github" link to locate correct
plugin, cli source in GitHub repo.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 2728c2476e)
5 years ago
Brian Coca 80b9a0a25c avoid mkdir -p (#68921)
* also consolidated temp dir name generation, added pid for more 'uniqness'
* generalize error message
* added notes about remote expansion

CVE-2020-1733
fixes #67791

(cherry picked from commit 8077d8e401)
5 years ago
Abhijeet Kasurde 378434a148 passwordstore: Honor equal sign in userpass
passwordstore lookup plugin now can handle equal sign in user input

Fixes: ansible/ansible#68265

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
5 years ago
Abhijeet Kasurde 9f22ef10b6 [2.9] Handle get_tags_for_object in vmware_rest_client
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
5 years ago
yatinkarel a0491f804f Fix os_user_role issue to grant a role in a domain
Fixes #66525.

Backport of https://github.com/openstack/ansible-collections-openstack/commit/4c03ae.
5 years ago
Ernesto 203e74b73a Fix wrong parameter name in example
Changed from name to workflow_templated (the right parameter name)
5 years ago
Sam Doran 1f304ef372 win_unzip - normalize and compare paths to prevent path traversal (#67799)
* Actually inspect the paths and prevent escape
* Add integration tests
* Generate zip files for use in integration test
* Adjust error message

(cherry picked from commit d30c57ab22)
5 years ago
flowerysong 938fb16069 adhoc: Load callbacks before sending v2_playbook_on_start (#67673)
(cherry picked from commit 370f788731)
5 years ago
Zhanwei Wang f7c63c1201 get_url pass incorrect If-Modified-Since header(#67417) (#67419)
Fix #67417. HTTP header value of `If-Modified-Since` set by `get_url` does not follow HTTP protocol.

(cherry picked from commit 1097694355)
5 years ago
Matt Clay bf3cd041e7 Disable failing azure_rm_cosmosdbaccount test. 5 years ago
Nathaniel Case f75e1698f5
[stable-2.9] Optionally support task_uuid if passed from newer modules (#68556)
* Optionally support task_uuid if passed from newer modules

* Add changelog
5 years ago
Matt Clay 8a14392a29 [stable-2.9] Update tests to use RHEL 7.8. (#68787)
* Update tests to use RHEL 7.8.

Keeping support for RHEL 7.6 since collections are still using it.

* Fix tests for RHEL 7.7+ due to extras repo name change..
(cherry picked from commit 04edd77c42)

Co-authored-by: Matt Clay <mclay@redhat.com>
5 years ago
Rick Elrod 89937180c5 Fix win_psrepository tests
Backport of a5414cb0e4

Signed-off-by: Rick Elrod <rick@elrod.me>
5 years ago
Rick Elrod 7a861dd2f1
OpenSUSE15.1 container image + necessary test change (2.9 edition) (#68788)
* add changelog fragment

Signed-off-by: Rick Elrod <rick@elrod.me>

* Update changelogs/fragments/ansible-test-opensuse-15.1.yml

Co-Authored-By: Matt Clay <matt@mystile.com>

* Update docker.txt to use the OpenSUSE 15.1 container image

Signed-off-by: Rick Elrod <rick@elrod.me>

* handle installing mysql on suse

Signed-off-by: Rick Elrod <rick@elrod.me>

* attempt to get tests passing again

Signed-off-by: Rick Elrod <rick@elrod.me>

Co-authored-by: Matt Clay <matt@mystile.com>
5 years ago
Felix Fontein f1a21eb600
Backport of ansible-collections/community.general@7cec9cc972 (#68658) 5 years ago
Felix Fontein 6196aadcfa
Backport of ansible-collections/community.crypto@28827db5d9 (#68630) 5 years ago
Jeff Geerling b84e3faa3f
Add Kubernetes Working Group to Communicating guide. (#68501) 5 years ago
Brian Coca 04ba05e003
document danger of kubectl options (#68195) 5 years ago
Mario Lenz 4433899b79
[2.9] vmware_cluster: Improve documentation for deprecated parameters (#68175)
* vmware_cluster: Improve documentation for deprecated parameters, with changelog fragment
5 years ago
Jordan Borean d6a82e6865
galaxy - preserve mode properly on artifact (#68418) - 2.9 (#68451)
* galaxy - preserve mode properly on artifact (#68418)

* galaxy - preserve mode properly on artifact

* Fix py2 encoding issue

* Update lib/ansible/galaxy/collection.py

Co-Authored-By: Matt Clay <matt@mystile.com>

* Use sane defaults instead of sourcing from tarfile

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit 127d54b363)

* added mode to dir creation that was missed in backport
5 years ago
Matt Clay e5995a2eed Update Ansible release version to v2.9.6.post0. 5 years ago
Matt Clay 9e3ccd64b6 New release v2.9.6 5 years ago
Andrew Klychkov 77be6d1b8d mysql_db: partial revert of backport #66998 5 years ago
Jordan Borean 6703ffd21d [stable-2.9] win_unzip - LiteralPath fix (#66972)
* win_unzip - LiteralPath fix

* Fix up Python sanity issues
(cherry picked from commit 2a9ec8975f)

Co-authored-by: Jordan Borean <jborean93@gmail.com>
5 years ago
Matt Clay 8377f03eb2 Increase unit test timeouts. 5 years ago
Sam Doran 1f2758af20
ansible-galaxy - fix role list bug (#67391) (#67619)
Properly list roles even when the role name is the same or a substring of the
path to the role.

(cherry picked from commit c64202a495)
5 years ago