Commit Graph

39 Commits

Author SHA1 Message Date
Anders Kaseorg
1134b0bc6e
ansible: Use overridePythonAttrs to get the right name attribute (#83107)
Fixes #83105.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-03-22 03:09:42 -04:00
Jonathan Ringer
1474940ea4 ansible_2_8: 2.8.6 -> 2.8.7 2020-01-22 01:12:28 -08:00
Jonathan Ringer
3444d76c1b ansible_2_*: overridePythonAttrs -> overrideAttrs 2020-01-22 01:12:28 -08:00
Jonathan Ringer
99eb9231d4 ansible_2_9: init at 2.9.2 2020-01-22 01:12:28 -08:00
Andreas Rammhold
b21b92947e ansible_2_6: 2.6.17 -> 2.6.20
This addresses the following security issues:

  * CVE-2019-14846 - Several Ansible plugins could disclose aws
    credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
    lookup/aws_account_attribute.py, and lookup/aws_secret.py,
    lookup/aws_ssm.py use the boto3 library from the Ansible process. The
    boto3 library logs credentials at log level DEBUG. If Ansible's
    logging was enabled (by setting LOG_PATH to a value) Ansible would set
    the global log level to DEBUG. This was inherited by boto and would
    then log boto credentials to the file specified by LOG_PATH. This did
    not affect aws ansible modules as those are executed in a separate
    process. This has been fixed by switching to log level INFO
  * Convert CLI provided passwords to text initially, to prevent unsafe
    context being lost when converting from bytes->text during post
    processing of PlayContext. This prevents CLI provided passwords from
    being incorrectly templated (CVE-2019-14856)
  * properly hide parameters marked with no_log in suboptions when
    invalid parameters are passed to the module (CVE-2019-14858)
  * resolves CVE-2019-10206, by avoiding templating passwords from
    prompt as it is probable they have special characters.
  * Handle improper variable substitution that was happening in
    safe_eval, it was always meant to just do 'type enforcement' and have
    Jinja2 deal with all variable interpolation. Also see CVE-2019-10156

Changelog: 9bdb89f740/changelogs/CHANGELOG-v2.6.rst
2019-12-15 21:25:07 +01:00
Andreas Rammhold
64e2791092 ansible_2_7: 2.7.11 -> 2.7.15
This fixes the following security issues:
  * Ansible: Splunk and Sumologic callback plugins leak sensitive data
    in logs (CVE-2019-14864)
  * CVE-2019-14846 - Several Ansible plugins could disclose aws
    credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
    lookup/aws_account_attribute.py, and lookup/aws_secret.py,
    lookup/aws_ssm.py use the boto3 library from the Ansible process. The
    boto3 library logs credentials at log level DEBUG. If Ansible's
    logging was enabled (by setting LOG_PATH to a value) Ansible would set
    the global log level to DEBUG. This was inherited by boto and would
    then log boto credentials to the file specified by LOG_PATH. This did
    not affect aws ansible modules as those are executed in a separate
    process. This has been fixed by switching to log level INFO
  * Convert CLI provided passwords to text initially, to prevent unsafe
    context being lost when converting from bytes->text during post
    processing of PlayContext. This prevents CLI provided passwords from
    being incorrectly templated (CVE-2019-14856)
  * properly hide parameters marked with no_log in suboptions when invalid
    parameters are passed to the module (CVE-2019-14858)
  * resolves CVE-2019-10206, by avoiding templating passwords from
    prompt as it is probable they have special characters.
  * Handle improper variable substitution that was happening in
    safe_eval, it was always meant to just do 'type enforcement' and have
    Jinja2 deal with all variable interpolation. Also see CVE-2019-10156

Changelog: 0623dedf2d/changelogs/CHANGELOG-v2.7.rst (v2-7-15)
2019-12-15 21:24:59 +01:00
Mario Rodas
30f2074503
ansible_2_5: drop
Ansible 2.5 has reached EOL in May 21, 2019
https://access.redhat.com/support/policy/updates/ansible-engine
2019-06-08 21:05:24 -05:00
Mario Rodas
e38bbb01eb
ansible_2_6: 2.6.15 -> 2.6.17 2019-06-08 21:05:24 -05:00
Mario Rodas
69a45144d5
ansible_2_7: 2.7.10 -> 2.7.11 2019-06-08 21:05:24 -05:00
Giacomo Longo
646ed20652
ansible: 2.7.6 -> 2.8.1 2019-06-08 21:05:24 -05:00
Aaron Bull Schaefer
290be50d1e ansible_2_6: 2.6.9 -> 2.6.15 (#58286) 2019-04-13 21:35:28 +02:00
Aaron Bull Schaefer
dcf5fd5afc ansible_2_5: 2.5.14 -> 2.5.15 (#58287) 2019-04-13 21:34:51 +02:00
Chris Ostrouchov
300ca8132b
pythonPackages.ansible: refactor move to python-modules 2019-03-01 14:46:56 -05:00
R. RyanTM
a977695d0f ansible: 2.7.5 -> 2.7.6 (#54855)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/python2.7-ansible/versions
2019-02-24 00:50:44 +01:00
R. RyanTM
37ef1274ba ansible: 2.7.4 -> 2.7.5
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/python2.7-ansible/versions
2019-01-04 11:11:09 +01:00
R. RyanTM
4f73b718d1 ansible: 2.7.2 -> 2.7.4
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/python2.7-ansible/versions
2018-12-16 18:48:26 +01:00
R. RyanTM
263f4c43de ansible: 2.7.1 -> 2.7.2
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/python2.7-ansible/versions
2018-11-19 17:21:37 -08:00
Thilo Uttendorfer
c0d30e5f03 ansible_2_7: init at 2.7.1 2018-11-03 00:11:24 +01:00
Thilo Uttendorfer
e63509a651 ansible_2_6: 2.6.2 -> 2.6.7 2018-11-03 00:11:24 +01:00
Thilo Uttendorfer
de8a3e3125 ansible_2_5: 2.5.2 -> 2.5.11 2018-11-03 00:11:24 +01:00
Jaka Hudoklin
dd7de496d8 ansible: add dopy dependency for digitalocean integration (#47441) 2018-09-28 10:20:30 +02:00
Meghea Iulian
4f0e53da94 ansible: add jmespath dependency 2018-08-19 17:23:06 +03:00
Oleg Pykhalov
a5b455aeb6 ansible: install man pages (#44980) 2018-08-13 15:30:41 +02:00
adisbladis
ea3310c944 ansible_2_6: init at 2.6.2 (#44673) 2018-08-09 08:19:55 +02:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
volth
87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00
Peter Hoeg
efbeca76fe ansible: drop 2.1, 2.2 and 2.3 as they are EOL 2018-05-10 23:11:37 +08:00
Peter Hoeg
06e394bbb4 ansible: update point releases and unify build
1) We had lots of copy paste - instead use a generic builder for the various reasons.

2) Default version changed to latest (2.5 instead of 2.4)

3) Point release updates to all
2018-05-10 23:11:37 +08:00
Tim Steinbach
8cd80f3871
ansible: 2.5.0 -> 2.5.1 2018-04-19 21:36:55 -04:00
Thilo Uttendorfer
cf45cfc58c ansible_2_5: init at 2.5.0 2018-03-30 08:08:29 +02:00
Robin Gloster
e16f887ec5
ansible_2_{1,2}: fix for jinja src change 2017-12-26 20:39:26 +01:00
rnhmjoj
491bc4cfed
pythonPackages: rename dns -> dnspython 2017-12-10 15:27:06 +01:00
Aaron Bull Schaefer
6636f3bc25 ansible: 2.4.1.0 -> 2.4.2.0 2017-11-30 08:41:10 -08:00
Aaron Bull Schaefer
16e9541169 ansible: 2.4.0.0 -> 2.4.1.0 2017-10-30 16:09:40 -07:00
Aaron Bull Schaefer
19fda23a50 ansible_2_3: 2.3.1.0 -> 2.3.2.0 2017-10-25 12:23:52 -07:00
Peter Romfeld
29f9ca40cb ansible_2_4: init at 2.4.0.0 (#30073) 2017-10-17 22:03:43 +01:00
Frederik Rietdijk
67651d80bc Merge pull request #28884 from FRidh/python-fixes
Python: several fixes
2017-09-06 13:54:10 +02:00
Jörg Thalheim
2f5dab753c ansible: move out of pythonPackages
ansible is not a library
2017-08-28 11:30:22 +01:00