From 1ae64931bea95e7a33fbf2ad50ae30f954dbf98aad1935e65ebcdc71fb676a51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Thu, 28 Nov 2024 17:39:44 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main ansible-core revision 8697e848c940ec7aade4f4cf4461069b --- ansible-core-2.15.8.tar.gz | 3 - ansible-core.changes | 1013 +++++++++++++++++++++++++++++ ansible-core.spec | 43 +- ansible_core-2.17.6.tar.gz | 3 + ansible_core-2.17.6.tar.gz.sha256 | 1 + 5 files changed, 1038 insertions(+), 25 deletions(-) delete mode 100644 ansible-core-2.15.8.tar.gz create mode 100644 ansible_core-2.17.6.tar.gz create mode 100644 ansible_core-2.17.6.tar.gz.sha256 diff --git a/ansible-core-2.15.8.tar.gz b/ansible-core-2.15.8.tar.gz deleted file mode 100644 index 006efbe..0000000 --- a/ansible-core-2.15.8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8aa49cb1ddbf33d88c2bb4bf09ecd4b0dd8b788e174adca8b88dda6e6bdbf59b -size 3160606 diff --git a/ansible-core.changes b/ansible-core.changes index 3a03c4e..cbf0f93 100644 --- a/ansible-core.changes +++ b/ansible-core.changes @@ -1,3 +1,1016 @@ +------------------------------------------------------------------- +Thu Nov 14 16:23:53 UTC 2024 - Johannes Kastl + +- update to 2.17.6: + https://github.com/ansible/ansible/blob/v2.17.6/changelogs/CHANGELOG-v2.17.rst + * Minor Changes + - ansible-test - Improve container runtime probe error + handling. When unexpected probe output is encountered, an + error with more useful debugging information is provided. + * Security Fixes + - include_vars action - Ensure that result masking is correctly + requested when vault-encrypted files are read. + (CVE-2024-8775) + - task result processing - Ensure that action-sourced result + masking (_ansible_no_log=True) is preserved. (CVE-2024-8775) + - user action won't allow ssh-keygen, chown and chmod to run on + existing ssh public key file, avoiding traversal on existing + symlinks (CVE-2024-9902). + * Bugfixes + - Fix disabling SSL verification when installing collections + and roles from git repositories. If --ignore-certs isn't + provided, the value for the GALAXY_IGNORE_CERTS configuration + option will be used (#83326). + - Improve performance on large inventories by reducing the + number of implicit meta tasks. + - Use the requested error message in the + ansible.module_utils.facts.timeout timeout function instead + of hardcoding one. + - ansible-test - Enable the sys.unraisablehook work-around for + the pylint sanity test on Python 3.11. Previously the + work-around was only enabled for Python 3.12 and later. + However, the same issue has been discovered on Python 3.11. + - debconf - set empty password values (#83214). + - facts - skip if distribution file path is directory, instead + of raising error (#84006). + - user action will now require O(force) to overwrite the public + part of an ssh key when generating ssh keys, as was already + the case for the private part. + - user module now avoids changing ownership of files symlinked + in provided home dir skeleton + +------------------------------------------------------------------- +Fri Oct 11 05:23:38 UTC 2024 - Johannes Kastl + +- update to 2.17.5: + https://github.com/ansible/ansible/blob/v2.17.5/changelogs/CHANGELOG-v2.17.rst + * Bugfixes + - Add descriptions for ansible-galaxy install --help` and + ``ansible-galaxy role|collection install --help. + - Errors now preserve stacked error messages even when YAML is + involved. + - ansible-galaxy install --help - Fix the usage text and + document that the requirements file passed to -r can include + collections and roles. + - copy - mtime/atime not updated. Fix now update + mtime/atime(#83013) + - delay keyword is now a float, matching the underlying 'time' + API and user expectations. + - dnf5 - re-introduce the state: installed alias to state: + present (#83960) + - module_utils atomic_move (used by most file based modules), + now correctly handles permission copy and setting mtime + correctly across all paths + +------------------------------------------------------------------- +Wed Sep 11 05:24:58 UTC 2024 - Johannes Kastl + +- update to 2.17.4: + https://github.com/ansible/ansible/blob/v2.17.4/changelogs/CHANGELOG-v2.17.rst + * Bugfixes + - Fix SemanticVersion.parse() to store the version string so + that __repr__ reports it instead of None (#83831). + - Fix an issue where registered variable was not available for + templating in loop_control.label on skipped looped tasks + (#83619) + - Fix for meta tasks breaking host/fork affinity with + host_pinned strategy (#83294) + - Fix using the current task's directory for looking up + relative paths within roles (#82695). + - atomic_move - fix using the setgid bit on the parent + directory when creating files (#46742, #67177). + - connection plugins using the 'extras' option feature would + need variables to match the plugin's loaded name, sometimes + requiring fqcn, which is not the same as the + documented/declared/expected variables. Now we fall back to + the 'basename' of the fqcn, but plugin authors can still set + the expected value directly. + - csvfile lookup - give an error when no search term is + provided using modern config syntax (#83689). + - include_tasks - Display location when attempting to load a + task list where include_* did not specify any value - #83874 + - powershell - Improve CLIXML decoding to decode all control + characters and unicode characters that are encoded as + surrogate pairs. + - psrp - Fix bug when attempting to fetch a file path that + contains special glob characters like [] + - runtime-metadata sanity test - do not crash on deprecations + if galaxy.yml contains an empty version field (#83831). + - ssh - Fix bug when attempting to fetch a file path with + characters that should be quoted when using the piped + transfer method + +------------------------------------------------------------------- +Tue Aug 13 17:47:30 UTC 2024 - Johannes Kastl + +- update to 2.17.3: + https://github.com/ansible/ansible/blob/v2.17.3/changelogs/CHANGELOG-v2.17.rst + * Minor Changes + - ansible-test - Improve the error message shown when an + unknown --remote or --docker option is given. + - ansible-test - Removed the vyos/1.1.8 network remote as it is + no longer functional. + * Bugfixes + - Warning now includes filename and line number of variable + when specifying a list of dictionaries for vars (#82528). + - config, restored the ability to set module compression via a + variable + - debconf - fix normalization of value representation for + boolean vtypes in new packages (#83594) + - linear strategy: fix handlers included via include_tasks + handler to be executed in lockstep (#83019) + +------------------------------------------------------------------- +Tue Jul 16 05:47:40 UTC 2024 - Johannes Kastl + +- update to 2.17.2: + https://github.com/ansible/ansible/blob/v2.17.2/changelogs/CHANGELOG-v2.17.rst + * Bugfixes + - Fix a traceback when an environment variable contains certain + special characters (#83498) + - dnf - reverted incomplete fix from 2.17.2rc1 (#83504) + - dnf, dnf5 - fix for installing a set of packages by + specifying them using a wildcard character (#83373) + - linear strategy now provides a properly templated task name + to the v2_runner_on_started callback event. + - package_facts - ignore warnings sent by apk on stderr + (#83501). + - replace - Updated before/after example (#83390). + - templating hostvars under native jinja will not cause + serialization errors anymore. + +------------------------------------------------------------------- +Sun Jul 14 16:01:58 UTC 2024 - Johannes Kastl + +- update to 2.17.1: + https://github.com/ansible/ansible/blob/v2.17.1/changelogs/CHANGELOG-v2.17.rst + * Minor Changes + - ansible-test - Update pypi-test-container to version 3.1.0. + * Bugfixes + - Fix rapid memory usage growth when notifying handlers using + the listen keyword (#83392) + - Fix the task attribute resolved_action to show the FQCN + instead of None when action or local_action is used in the + playbook. + - Fix using module_defaults with local_action/action (#81905). + - fixed unit test test_borken_cowsay to address mock not been + properly applied when existing unix system already have + cowsay installed. + - powershell - Implement more robust deletion mechanism for C# + code compilation temporary files. This should avoid scenarios + where the underlying temporary directory may be temporarily + locked by antivirus tools or other IO problems. A failure to + delete one of these temporary directories will result in a + warning rather than an outright failure. + - shell plugin - properly quote all needed components of shell + commands (#82535) + +------------------------------------------------------------------- +Sun Jul 14 15:27:58 UTC 2024 - Johannes Kastl + +- update to 2.17.0: + https://github.com/ansible/ansible/blob/v2.17.0/changelogs/CHANGELOG-v2.17.rst + * Major Changes + - urls.py - Removed support for Python 2 + * Minor Changes + - Add dump and passno mount information to facts component + (#80478) + - Added MIRACLE LINUX 9.2 in RedHat OS Family. + - Interpreter Discovery - Remove hardcoded references to + specific python interpreters to use for certain distro + versions, and modify logic for python3 to become the default. + - Use Python's built-in functools.update_wrapper instead an + inline copy from Python 3.7. + - User can now set ansible.log to record higher verbosity than + what is specified for display via new configuration item + LOG_VERBOSITY. + - DEFAULT_PRIVATE_ROLE_VARS is now overridden by explicit + setting of public for include_roles and import_roles. + - ansible-galaxy role|collection init - accept --extra-vars to + supplement/override the variables ansible-galaxy injects for + templating .j2 files in the skeleton. + - import_role action now also gets a public option that + controls variable exports, default depending on + DEFAULT_PRIVATE_ROLE_VARS (if using defaults equates to + public=True). + - added configuration item TARGET_LOG_INFO that allows the + user/author to add an information string to the log output on + targets. + - ansible-doc - treat double newlines in documentation strings + as paragraph breaks. This is useful to create multi-paragraph + notes in module/plugin documentation (#82465). + - ansible-doc output has been revamped to make it more visually + pleasing when going to a terminal, also more concise, use -v + to show extra information. + - ansible-galaxy - Started normalizing build directory with a + trailing separator when building collections, internally. + (#81619). + - ansible-galaxy dependency resolution messages have changed + the unexplained 'virtual' collection for the specific type + ('scm', 'dir', etc) that is more user friendly + - ansible-test - Add Alpine 3.19 container. + - ansible-test - Add Alpine 3.19 to remotes. + - ansible-test - Add Fedora 39 container. + - ansible-test - Add Fedora 39 remote. + - ansible-test - Add a work-around for permission denied errors + when using pytest >= 8 on multi-user systems with an + installed version of ansible-test. + - ansible-test - Add support for RHEL 9.3 remotes. + - ansible-test - Added a macOS 14.3 remote VM. + - ansible-test - Bump the nios-test-container from version + 2.0.0 to version 3.0.0. + - ansible-test - Containers and remotes managed by ansible-test + will have their Python EXTERNALLY-MANAGED marker (PEP668) + removed. This provides backwards compatibility for existing + tests running in newer environments which mark their Python + as externally managed. A future version of ansible-test may + change this behavior, requiring tests to be adapted to such + environments. + - ansible-test - Make Python 3.12 the default version used in + the base and default containers. + - ansible-test - Remove Alpine 3(.18) container. + - ansible-test - Remove Alpine 3.18 from remotes. + - ansible-test - Remove Fedora 38 remote support. + - ansible-test - Remove Fedora 38 test container. + - ansible-test - Remove rhel/9.2 test remote + - ansible-test - Remove the FreeBSD 13.2 remote. + - ansible-test - Removed fallback to virtualenv when -m venv is + non-functional. + - ansible-test - Removed test remotes: macos/13.2 + - ansible-test - Removed the no-basestring sanity test. The + test is no longer necessary now that Python 3 is required. + - ansible-test - Removed the no-dict-iteritems, + no-dict-iterkeys and no-dict-itervalues sanity tests. The + tests are no longer necessary since Python 3 is required. + - ansible-test - Removed the no-main-display sanity test. The + unwanted pattern is unlikely to occur, since the test has + existed since Ansible 2.8. + - ansible-test - Removed the no-unicode-literals sanity test. + The test is unnecessary now that Python 3 is required and the + unicode_literals feature has no effect. + - ansible-test - Special handling for installation of + cryptography has been removed, as it is no longer necessary. + - ansible-test - The shellcheck sanity test no longer disables + the SC2164 check. In most cases, seeing this error means the + script is missing set -e. + - ansible-test - The unidiomatic-typecheck rule has been + enabled in the pylint sanity test. + - ansible-test - The unidiomatic-typecheck rule has been + removed from the validate-modules sanity test. + - ansible-test - Update the base and default containers to use + Ubuntu 22.04 for the base image. This also updates PowerShell + to version 7.4.0 with .NET 8.0.0 and ShellCheck to version + 0.8.0. + - ansible-test - Updated the CloudStack test container to + version 1.7.0. + - ansible-test - Updated the distro test containers to version + 6.3.0 to include coverage 7.3.2 for Python 3.8+. The alpine3 + container is now based on 3.18 instead of 3.17 and includes + Python 3.11 instead of Python 3.10. + - ansible-test - Updated the distro test containers to version + 7.1.0. + - ansible-test - When ansible-test installs requirements, it + now instructs pip to allow installs on externally managed + environments as defined by PEP 668. This only occurs in + ephemeral environments managed by ansible-test, such as + containers, or when the --requirements option is used. + - ansible-test - When invoking sleep in containers during + container setup, the env command is used to avoid invoking + the shell builtin, if present. + - ansible-test - document block name now included in error + message for YAML parsing errors (#82353). + - ansible-test - sanity test allows EXAMPLES to be + multi-document YAML (#82353). + - ansible-test now has FreeBSD 13.3 and 14.0 support + - ansible.builtin.user - Remove user not found warning (#80267) + - apt_repository.py - use api.launchpad.net endpoint instead of + launchpad.net/api + - async tasks can now also support check mode at the same time. + - async_status now supports check mode. + - constructed inventory plugin - Adding a note that only + group_vars of explicit groups are loaded (#82580). + - csvfile - add a keycol parameter to specify in which column + to search. + - dnf - add the best option + - dnf5 - add the best option + - filter plugin - Add the count and mandatory_count parameters + in the regex_replace filter + - find - add a encoding parameter to specify which encoding of + the files to be searched. + - git module - gpg_allowlist name was added in 2.17 and we will + eventually deprecate the gpg_whitelist alias. + - import_role - allow subdirectories with `_from` options for + parity with include_role (#82584). + - module argument spec - Allow module authors to include + arbitrary additional context in the argument spec, by making + use of a new top level key called context. This key should be + a dict type. This allows for users to customize what they + place in the argument spec, without having to ignore sanity + tests that validate the schema. + - modules - Add the ability for an action plugin to call + self._execute_module(*, ignore_unknown_opts=True) to execute + a module with options that may not be supported for the + version being called. This tells the module basic wrapper to + ignore validating the options provided match the arg spec. + - package action now has a configuration that overrides the + detected package manager, it is still overridden itself by + the use option. + - py3compat - Remove ansible.utils.py3compat as it is no longer + necessary + - removed the unused argument create_new_password from + CLI.build_vault_ids (#82066). + - urls - Add support for TLS 1.3 post handshake certificate + authentication - #81782 + - urls - reduce complexity of Request.open + - user - accept yescrypt hash as user password + - validate-modules tests now correctly handles choices in + dictionary format. + * Breaking Changes / Porting Guide + - assert - Nested templating may result in an inability for the + conditional to be evaluated. See the porting guide for more + information. + * Deprecated Features + - Old style vars plugins which use the entrypoints + get_host_vars or get_group_vars are deprecated. The plugin + should be updated to inherit from BaseVarsPlugin and define a + get_vars method as the entrypoint. + - The 'required' parameter in + 'ansible.module_utils.common.process.get_bin_path' API is + deprecated (#82464). + - module_utils - importing the following convenience helpers + from ansible.module_utils.basic has been deprecated: + get_exception, literal_eval, _literal_eval, datetime, signal, + types, chain, repeat, PY2, PY3, b, binary_type, + integer_types, iteritems, string_types, test_type, map and + shlex_quote. + - ansible-doc - role entrypoint attributes are deprecated and + eventually will no longer be shown in ansible-doc from + ansible-core 2.20 on (#82639, #82678). + - paramiko connection plugin, configuration items in the global + scope are being deprecated and will be removed in favor or + the existing same options in the plugin itself. Users should + not need to change anything (how to configure them are the + same) but plugin authors using the global constants should + move to using the plugin's get_option(). + * Removed Features (previously deprecated) + - Remove deprecated APIs from ansible-docs (#81716). + - Remove deprecated JINJA2_NATIVE_WARNING environment variable + (#81714) + - Remove deprecated scp_if_ssh from ssh connection plugin + (#81715). + - Remove deprecated crypt support from ansible.utils.encrypt + (#81717) + - Removed Python 2.7 and Python 3.6 as a supported remote + version. Python 3.7+ is now required for target execution. + - With the removal of Python 2 support, the yum module and yum + action plugin are removed and redirected to dnf. + * Security Fixes + - ANSIBLE_NO_LOG - Address issue where ANSIBLE_NO_LOG was + ignored (CVE-2024-0690) + - ansible-galaxy - Prevent roles from using symlinks to + overwrite files outside of the installation directory + (CVE-2023-5115) + - templating - Address issues where internal templating can + cause unsafe variables to lose their unsafe designation + (CVE-2023-5764) + * Bugfixes + - Add a version ceiling constraint for pypsrp to avoid + potential breaking changes in the 1.0.0 release. + - All core lookups now use set_option(s) even when doing their + own custom parsing. This ensures that the options are always + the proper type. + - Allow for searching handler subdir for included task via + include_role (#81722) + - AnsibleModule.atomic_move - fix preserving extended ACLs of + the destination when it exists (#72929). + - Cache host_group_vars after instantiating it once and limit + the amount of repetitive work it needs to do every time it + runs. + - Call PluginLoader.all() once for vars plugins, and load vars + plugins that run automatically or are enabled specifically by + name subsequently. + - Consolidate systemd detection logic into one place (#80975). + - Consolidated the list of internal static vars, centralized + them as constant and completed from some missing entries. + - Do not print undefined error message twice (#78703). + - Enable file cache for vaulted files during vars lookup to fix + a strong performance penalty in huge and complex playbboks. + - Fix NEVRA parsing of package names that include digit(s) in + them (#76463, #81018) + - Fix force_handlers not working with any_errors_fatal (#36308) + - Fix run_once being incorrectly interpreted on handlers + (#81666) + - Fix an issue when setting a plugin name from an unsafe source + resulted in ValueError: unmarshallable object (#82708) + - Fix check for missing _sub_plugin attribute in older + connection plugins (#82954) + - Fix condition for unquoting configuration strings from ini + files (#82387). + - Fix for when any_errors_fatal was ignored if error occurred + in a block with always (#31543) + - Fix handlers not being executed in lockstep using the linear + strategy in some cases (#82307) + - Fix handling missing urls in + ansible.module_utils.urls.fetch_file for Python 3. + - Fix issue where an include_tasks handler in a role was not + able to locate a file in tasks/ when tasks_from was used as a + role entry point and main.yml was not present (#82241) + - Fix issues when tasks withing nested blocks wouldn't run when + force_handlers is set (#81533) + - Fix loading vars_plugins in roles (#82239). + - Fix notifying role handlers by listen keyword topics with the + "role_name : " prefix (#82849). + - Fix setting proper locale for git executable when running on + non english systems, ensuring git output can always be + parsed. + - Fix tasks in always section not being executed for nested + blocks with any_errors_fatal (#73246) + - Fixes permission for cache json file from 600 to 644 + (#82683). + - Give the tombstone error for include pre-fork like other + tombstoned action/module plugins. + - Harden python templates for respawn and ansiballz around str + literal quoting + - Include the task location when a module or action plugin is + deprecated (#82450). + - Interpreter discovery - Add Amzn to OS_FAMILY_MAP for correct + family fallback for interpreter discovery (#80882). + - Mirror the behavior of dnf on the command line when handling + NEVRAs with omitted epoch (#71808) + - Plugin loader does not dedupe nor cache filter/test plugins + by file basename, but full path name. + - Properly template tags in parent blocks (#81053) + - Provide additional information about the alternative plugin + in the deprecation message (#80561). + - Remove the galaxy_info field platforms from the role + templates (#82453). + - Restoring the ability of filters/tests can have same file + base name but different tests/filters defined inside. + - Reword the error message when the module fails to parse + parameters in JSON format (#81188). + - Reword warning if the reserved keyword _ansible_ used as a + module parameter (#82514). + - Run all handlers with the same listen topic, even when + notified from another handler (#82363). + - Slight optimization to hostvars (instantiate template only + once per host, vs per call to var). + - Stopped misleadingly advertising async mode support in the + reboot module (#71517). + - ansible-galaxy role import - fix using the role_name in a + standalone role's galaxy_info metadata by disabling automatic + removal of the ansible-role- prefix. This matches the + behavior of the Galaxy UI which also no longer implicitly + removes the ansible-role- prefix. Use the --role-name option + or add a role_name to the galaxy_info dictionary in the + role's meta/main.yml to use an alternate role name. + - ansible-test sanity --test runtime-metadata - add + action_plugin as a valid field for modules in the schema + (#82562). + - ansible.module_utils.service - ensure binary data + transmission in daemonize() + - any_errors_fatal should fail all hosts and rescue all of them + when a rescue section is specified (#80981) + - include_role - properly execute v2_playbook_on_include and + v2_runner_on_failed callbacks as well as increase ok and + failed stats in the play recap, when appropriate (#77336) + - allow_duplicates - fix evaluating if the current role allows + duplicates instead of using the initial value from the + duplicate's cached role. + - ansible-config init will now dedupe ini entries from plugins. + - ansible-config will now properly template defaults before + dumping them. + - ansible-doc - fixed "inicates" typo in output + - ansible-doc - format top-level descriptions with multiple + paragraphs as multiple paragraphs, instead of concatenating + them (#83155). + - ansible-galaxy - Deprecate use of the Galaxy v2 API (#81781) + - ansible-galaxy - Provide a better error message when using a + requirements file with an invalid format - #81901 + - ansible-galaxy - Resolve issue with the dataclass used for + galaxy.yml manifest caused by using future annotations + - ansible-galaxy - ensure path to ansible collection when + installing or downloading doesn't have a backslash (#79705). + - ansible-galaxy - started allowing the use of pre-releases for + collections that do not have any stable versions published. + (#81606) + - ansible-galaxy - started allowing the use of pre-releases for + dependencies on any level of the dependency tree that + specifically demand exact pre-release versions of collections + and not version ranges. (#81606) + - ansible-galaxy error on dependency resolution will not error + itself due to 'virtual' collections not having a + name/namespace. + - ansible-galaxy info - fix reporting no role found when + lookup_role_by_name returns None. + - ansible-galaxy role import - exit with 1 when the import + fails (#82175). + - ansible-galaxy role install - fix installing roles from + Galaxy that have version None (#81832). + - ansible-galaxy role install - fix symlinks (#82702, #81965). + - ansible-galaxy role install - normalize tarfile paths and + symlinks using ansible.utils.path.unfrackpath and consider + them valid as long as the realpath is in the tarfile's role + directory (#81965). + - ansible-inventory - index available_hosts for major + performance boost when dumping large inventories + - ansible-pull now will expand relative paths for the + -d|--directory option is now expanded before use. + - ansible-pull will now correctly handle become and connection + password file options for ansible-playbook. + - ansible-test - Add a pylint plugin to work around a known + issue on Python 3.12. + - ansible-test - Explicitly supply ControlPath=none when + setting up port forwarding over SSH to address the scenario + where the local ssh configuration uses ControlPath for all + hosts, and would prevent ports to be forwarded after the + initial connection to the host. + - ansible-test - Fix parsing of cgroup entries which contain a + : in the path (#81977). + - ansible-test - Include missing pylint requirements for Python + 3.10. + - ansible-test - Properly detect docker host when using ssh:// + protocol for connecting to the docker daemon. + - ansible-test - The libexpat package is automatically upgraded + during remote bootstrapping to maintain compatibility with + newer Python packages. + - ansible-test - The validate-modules sanity test no longer + attempts to process files with unrecognized extensions as + Python (resolves #82604). + - ansible-test - Update pylint to version 3.0.1. + - ansible-test ansible-doc sanity test - do not remove + underscores from plugin names in collections before calling + ansible-doc (#82574). + - ansible-test validate-modules sanity test - do not treat + leading underscores for plugin names in collections as an + attempted deprecation (#82575). + - ansible-test — Python 3.8–3.12 will use coverage v7.3.2. + - ansible.builtin.apt - calling clean = true does not properly + clean certain cache files such as /var/cache/apt/pkgcache.bin + and /var/cache/apt/pkgcache.bin (#82611) + - ansible.builtin.uri - the module was ignoring the force + parameter and always requesting a cached copy (via the + If-Modified-Since header) when downloading to an existing + local file. Disable caching when force is true, as documented + (#82166). + - ansible_managed restored it's 'templatability' by ensuring + the possible injection routes are cut off earlier in the + process. + - apt - honor install_recommends and dpkg_options while + installing python3-apt library (#40608). + - apt - install recommended packages when installing package + via deb file (#29726). + - apt_repository - do not modify repo files if the file is a + symlink (#49809). + - apt_repository - update PPA URL to point to https URL + (#82463). + - assemble - fixed missing parameter 'content' in + `_get_diff_data` API (#82359). + - async - Fix bug that stopped running async task in --check + when check_mode: False was set as a task attribute - #82811 + - blockinfile - when create=true is used with a filename + without path, the module crashed (#81638). + - check if there are attributes to set before attempting to set + them (#76727) + - copy action now also generates temprary files as hidden ('.' + prefixed) to avoid accidental pickup by running services that + glob by extension. + - copy action now ensures that tempfiles use the same suffix as + destination, to allow for validate to work with utilities + that check extensions. + - deb822_repository - handle idempotency if the order of + parameters is changed (#82454). + - debconf - allow user to specify a list for value when vtype + is multiselect (#81345). + - delegate_to when set to an empty or undefined variable will + now give a proper error. + - distribution.py - Recognize ALP-Dolomite as part of the SUSE + OS family in Ansible, fixing its previous misidentification + (#82496). + - distro - bump bundled distro version from 1.6.0 to 1.8.0 + (#81713). + - dnf - fix an issue when cached RPMs were left in the cache + directory even when the keepcache setting was unset (#81954) + - dnf - fix an issue when installing a package by specifying a + file it provides could result in installing a different + package providing the same file than the package already + installed resulting in resolution failure (#82461) + - dnf - properly set gpg check options on enabled repositories + according to the disable_gpg_check option (#80110) + - dnf - properly skip unavailable packages when skip_broken is + enabled (#80590) + - dnf - the nobest option only overrides the distribution + default when explicitly used, and is used for all supported + operations (#82616) + - dnf5 - replace removed API calls + - dnf5 - respect allow_downgrade when installing packages + directly from rpm files + - dnf5 - the nobest option only overrides the distribution + default when used + - dwim functions for lookups should be better at detectging + role context even in abscense of tasks/main. + - ensure we have logger before we log when we have increased + verbosity. + - expect - fix argument spec error using timeout=null (#80982). + - fact gathering on linux now handles thread count by using + rounding vs dropping decimals, it should give slightly more + accurate numbers. + - facts - add a generic detection for VMware in product name. + - facts - detect VMware ESXi 8.0 virtualization by product name + VMware20,1 + - fetch - Do not calculate the file size for Windows fetch + targets to improve performance. + - fetch - add error message when using dest with a trailing + slash that becomes a local directory - #82878 + - find - do not fail on Permission errors (#82027). + - first_found lookup now always returns a full (absolute) and + normalized path + - first_found lookup now always takes into account k=v options + - flush_handlers - properly handle a handler failure in a + nested block when force_handlers is set + (http://github.com/ansible/ansible/issues/81532) + - galaxy - skip verification for unwanted Python compiled + bytecode files (#81628). + - handle exception raised while validating with elements='int' + and value is not within choices (#82776). + - include_tasks - include ansible_loop_var and + ansible_index_var in a loop (#82655). + - include_vars - fix calculating depth relative to the root and + ensure all files are included (#80987). + - interpreter_discovery - handle AnsibleError exception raised + while interpreter discovery (#78264). + - iptables - add option choices 'src,src' and 'dst,dst' in + match_set_flags (#81281). + - iptables - set jump to DSCP when set_dscp_mark or + set_dscp_mark_class is set (#77077). + - known_hosts - Fix issue with @cert-authority entries in + known_hosts incorrectly being removed. + - module no_log will no longer affect top level booleans, for + example no_log_module_parameter='a' will no longer hide + changed=False as a 'no log value' (matches 'a'). + - moved assemble, raw, copy, fetch, reboot, script and + wait_for_connection to query task instead of play_context + ensuring they get the lastest and most correct data. + - reboot action now handles connections with 'timeout' vs only + 'connection_timeout' settings. + - role params now have higher precedence than host facts again, + matching documentation, this had unintentionally changed in + 2.15. + - roles, code cleanup and performance optimization of + dependencies, now cached, and public setting is now + determined once, at role instantiation. + - roles, the static property is now correctly set, this will + fix issues with public and DEFAULT_PRIVATE_ROLE_VARS controls + on exporting vars. + - set_option method for plugins to update config now properly + passes through type casting and validation. + - ssh - add tests for the SSH connection plugin. + - support url-encoded credentials in URLs like + http://x%40:%40@example.com (#82552) + - syslog - Handle ValueError exception raised when sending Null + Characters to syslog with Python 3.12. + - systemd_services - update documentation regarding + required_one_of and required_by parameters (#82914). + - template - Fix error when templating an unsafe string which + corresponds to an invalid type in Python (#82600). + - template action will also inherit the behavior from copy (as + it uses it internally). + - templating - ensure syntax errors originating from a template + being compiled into Python code object result in a failure + (#82606) + - unarchive - add support for 8 character permission strings + for zip archives (#81705). + - unarchive - force unarchive if symlink target changes + (#30420). + - unarchive modules now uses zipinfo options without relying on + implementation defaults, making it more compatible with all + OS/distributions. + - unsafe data - Address an incompatibility when iterating or + getting a single index from AnsibleUnsafeBytes + - unsafe data - Address an incompatibility with + AnsibleUnsafeText and AnsibleUnsafeBytes when pickling with + protocol=0 + - unsafe data - Enable directly using AnsibleUnsafeText with + Python pathlib (#82414) + - uri - update the documentation for follow_redirects. + - uri action plugin now skipped during check mode (not + supported) instead of even trying to execute the module, + which already skipped, this does not really change the + result, but returns much faster. + - vars - handle exception while combining VarsWithSources and + dict (#81659). + - wait_for should not handle 'non mmapable files' again. + - winrm - Better handle send input failures when communicating + with hosts under load + - winrm - Do not raise another exception during cleanup when a + task is timed out - #81095 + - winrm - does not hang when attempting to get process output + when stdin write failed + +------------------------------------------------------------------- +Wed Jun 19 05:05:30 UTC 2024 - Johannes Kastl + +- update to 2.16.8: + https://github.com/ansible/ansible/blob/v2.16.8/changelogs/CHANGELOG-v2.16.rst + * Minor Changes + - ansible-test - Update pypi-test-container to version 3.1.0. + * Bugfixes + - Fix the task attribute resolved_action to show the FQCN + instead of None when action or local_action is used in the + playbook. + - Fix using module_defaults with local_action/action (#81905). + - fixed unit test test_borken_cowsay to address mock not been + properly applied when existing unix system already have + cowsay installed. + - powershell - Implement more robust deletion mechanism for C# + code compilation temporary files. This should avoid scenarios + where the underlying temporary directory may be temporarily + locked by antivirus tools or other IO problems. A failure to + delete one of these temporary directories will result in a + warning rather than an outright failure. + +------------------------------------------------------------------- +Thu May 23 11:07:12 UTC 2024 - Johannes Kastl + +- update to 2.16.7: + https://github.com/ansible/ansible/blob/v2.16.7/changelogs/CHANGELOG-v2.16.rst + * Minor Changes + - ansible.builtin.user - Remove user not found warning (#80267) + * Bugfixes + - Add a version ceiling constraint for pypsrp to avoid + potential breaking changes in the 1.0.0 release. + - Fix NEVRA parsing of package names that include digit(s) in + them (#76463, #81018) + - Fix handlers not being executed in lockstep using the linear + strategy in some cases (#82307) + - Give the tombstone error for include pre-fork like other + tombstoned action/module plugins. + - Include the task location when a module or action plugin is + deprecated (#82450). + - Mirror the behavior of dnf on the command line when handling + NEVRAs with omitted epoch (#71808) + - ansible-test - Automatically enable the PyPI proxy for the + centos7 container to restore the ability to use pip in that + container. + - ansible_managed restored it's 'templatability' by ensuring + the possible injection routes are cut off earlier in the + process. + - assemble - fixed missing parameter 'content' in + `_get_diff_data` API (#82359). + - dnf - fix an issue when installing a package by specifying a + file it provides could result in installing a different + package providing the same file than the package already + installed resulting in resolution failure (#82461) + - uri - update the documentation for follow_redirects. + +------------------------------------------------------------------- +Tue Apr 16 10:37:56 UTC 2024 - Johannes Kastl + +- adjust spec to new name for PyPI file name (underscore instead of + hyphen: ansible_core-2.16.6.tar.gz) +- update to 2.16.6: + https://github.com/ansible/ansible/blob/v2.16.6/changelogs/CHANGELOG-v2.16.rst + * Bugfixes + - Consolidated the list of internal static vars, centralized + them as constant and completed from some missing entries. + - Fix check for missing `_sub_plugin` attribute in older + connection plugins (#82954) + - Fixes permission for cache json file from 600 to 644 + (#82683). + - Slight optimization to hostvars (instantiate template only + once per host, vs per call to var). + - allow_duplicates - fix evaluating if the current role allows + duplicates instead of using the initial value from the + duplicate's cached role. + - ansible-config will now properly template defaults before + dumping them. + - ansible-test ansible-doc sanity test - do not remove + underscores from plugin names in collections before calling + ansible-doc (#82574). + - async - Fix bug that stopped running async task in --check + when check_mode: False was set as a task attribute - #82811 + - blockinfile - when create=true is used with a filename + without path, the module crashed (#81638). + - dnf - fix an issue when cached RPMs were left in the cache + directory even when the keepcache setting was unset (#81954) + - dnf5 - replace removed API calls + - facts - add a generic detection for VMware in product name. + - fetch - add error message when using dest with a trailing + slash that becomes a local directory - #82878 + - find - do not fail on Permission errors (#82027). + - unarchive modules now uses zipinfo options without relying on + implementation defaults, making it more compatible with all + OS/distributions. + - winrm - Do not raise another exception during cleanup when a + task is timed out - #81095 + +------------------------------------------------------------------- +Wed Mar 27 19:54:49 UTC 2024 - Johannes Kastl + +- update to 2.16.5: + https://github.com/ansible/ansible/blob/v2.16.5/changelogs/CHANGELOG-v2.16.rst + * Minor Changes + - ansible-test - Add a work-around for permission denied errors + when using pytest >= 8 on multi-user systems with an + installed version of ansible-test. + * Bugfixes + - Fix an issue when setting a plugin name from an unsafe source + resulted in ValueError: unmarshallable object (#82708) + - Harden python templates for respawn and ansiballz around str + literal quoting + - ansible-test - The libexpat package is automatically upgraded + during remote bootstrapping to maintain compatibility with + newer Python packages. + - template - Fix error when templating an unsafe string which + corresponds to an invalid type in Python (#82600). + - winrm - does not hang when attempting to get process output + when stdin write failed + +------------------------------------------------------------------- +Sat Mar 16 16:09:28 UTC 2024 - Johannes Kastl + +- update to 2.16.4: + https://github.com/ansible/ansible/blob/v2.16.4/changelogs/CHANGELOG-v2.16.rst + * Bugfixes + - Fix loading vars_plugins in roles (#82239). + - expect - fix argument spec error using timeout=null (#80982). + - include_vars - fix calculating depth relative to the root and + ensure all files are included (#80987). + - templating - ensure syntax errors originating from a template + being compiled into Python code object result in a failure + (#82606) + +------------------------------------------------------------------- +Tue Jan 30 14:18:05 UTC 2024 - Johannes Kastl + +- update to 2.16.3: + https://github.com/ansible/ansible/blob/v2.16.3/changelogs/CHANGELOG-v2.16.rst + * Security Fixes + - ANSIBLE_NO_LOG - Address issue where ANSIBLE_NO_LOG was + ignored (CVE-2024-0690) + * Bugfixes + - Run all handlers with the same listen topic, even when + notified from another handler (#82363). + - ansible-galaxy role import - fix using the role_name in a + standalone role's galaxy_info metadata by disabling automatic + removal of the ansible-role- prefix. This matches the + behavior of the Galaxy UI which also no longer implicitly + removes the ansible-role- prefix. Use the --role-name option + or add a role_name to the galaxy_info dictionary in the + role's meta/main.yml to use an alternate role name. + - ansible-test sanity --test runtime-metadata - add + action_plugin as a valid field for modules in the schema + (#82562). + - ansible-config init will now dedupe ini entries from plugins. + - ansible-galaxy role import - exit with 1 when the import + fails (#82175). + - ansible-galaxy role install - normalize tarfile paths and + symlinks using ansible.utils.path.unfrackpath and consider + them valid as long as the realpath is in the tarfile's role + directory (#81965). + - delegate_to when set to an empty or undefined variable will + now give a proper error. + - dwim functions for lookups should be better at detectging + role context even in abscense of tasks/main. + - roles, code cleanup and performance optimization of + dependencies, now cached, and public setting is now + determined once, at role instantiation. + - roles, the static property is now correctly set, this will + fix issues with public and DEFAULT_PRIVATE_ROLE_VARS controls + on exporting vars. + - unsafe data - Enable directly using AnsibleUnsafeText with + Python pathlib (#82414) + +------------------------------------------------------------------- +Sun Jan 21 08:09:23 UTC 2024 - Johannes Kastl + +- update to 2.16.2: + https://github.com/ansible/ansible/blob/v2.16.2/changelogs/CHANGELOG-v2.16.rst + * Bugfixes + - unsafe data - Address an incompatibility when iterating or + getting a single index from AnsibleUnsafeBytes + - unsafe data - Address an incompatibility with + AnsibleUnsafeText and AnsibleUnsafeBytes when pickling with + protocol=0 + +------------------------------------------------------------------- +Sun Jan 21 08:06:56 UTC 2024 - Johannes Kastl + +- update to 2.16.1: + https://github.com/ansible/ansible/blob/v2.16.1/changelogs/CHANGELOG-v2.16.rst + * Breaking Changes / Porting Guide + - assert - Nested templating may result in an inability for the + conditional to be evaluated. See the porting guide for more + information. + * Security Fixes + - templating - Address issues where internal templating can + cause unsafe variables to lose their unsafe designation + (CVE-2023-5764) + * Bugfixes + - Fix issue where an include_tasks handler in a role was not + able to locate a file in tasks/ when tasks_from was used as a + role entry point and main.yml was not present (#82241) + - Plugin loader does not dedupe nor cache filter/test plugins + by file basename, but full path name. + - Restoring the ability of filters/tests can have same file + base name but different tests/filters defined inside. + - ansible-pull now will expand relative paths for the + -d|--directory option is now expanded before use. + - ansible-pull will now correctly handle become and connection + password file options for ansible-playbook. + - flush_handlers - properly handle a handler failure in a + nested block when force_handlers is set + (http://github.com/ansible/ansible/issues/81532) + - module no_log will no longer affect top level booleans, for + example no_log_module_parameter='a' will no longer hide + changed=False as a 'no log value' (matches 'a'). + - role params now have higher precedence than host facts again, + matching documentation, this had unintentionally changed in + 2.15. + - wait_for should not handle 'non mmapable files' again. + +------------------------------------------------------------------- +Sun Jan 21 08:02:12 UTC 2024 - Johannes Kastl + +- update to 2.16.0: + https://github.com/ansible/ansible/blob/v2.16.0/changelogs/CHANGELOG-v2.16.rst + * Bugfixes and Minor changes omitted for brevity, see full + changelog + * Breaking Changes / Porting Guide + - Any plugin using the config system and the cli entry to use + the timeout from the command line, will see the value change + if the use had configured it in any of the lower precedence + methods. If relying on this behaviour to consume the + global/generic timeout from the DEFAULT_TIMEOUT constant, + please consult the documentation on plugin configuration to + add the overlaping entries. + - ansible-test - Test plugins that rely on containers no longer + support reusing running containers. The previous behavior was + an undocumented, untested feature. + - service module will not permanently configure variables/flags + for openbsd when doing enable/disable operation anymore, this + module was never meant to do this type of work, just to + manage the service state itself. A rcctl_config or similar + module should be created and used instead. + * Deprecated Features + - Deprecated ini config option collections_paths, use the + singular form collections_path instead + - Deprecated the env var ANSIBLE_COLLECTIONS_PATHS, use the + singular form ANSIBLE_COLLECTIONS_PATH instead + - Old style vars plugins which use the entrypoints + get_host_vars or get_group_vars are deprecated. The plugin + should be updated to inherit from BaseVarsPlugin and define a + get_vars method as the entrypoint. + - Support for Windows Server 2012 and 2012 R2 has been removed + as the support end of life from Microsoft is October 10th + 2023. These versions of Windows will no longer be tested in + this Ansible release and it cannot be guaranteed that they + will continue to work going forward. + - STRING_CONVERSION_ACTION config option is deprecated as it is + no longer used in the Ansible Core code base. + - the 'smart' option for setting a connection plugin is being + removed as it's main purpose (choosing between ssh and + paramiko) is now irrelevant. + - vault and unfault filters - the undocumented vaultid + parameter is deprecated and will be removed in ansible-core + 2.20. Use vault_id instead. + - yum_repository - deprecated parameter 'keepcache' (#78693). + * Removed Features (previously deprecated) + - ActionBase - remove deprecated _remote_checksum method + - PlayIterator - remove deprecated cache_block_tasks and + get_original_task methods + - Remove deprecated FileLock class + - Removed Python 3.9 as a supported version on the controller. + Python 3.10 or newer is required. + - Removed include which has been deprecated in Ansible 2.12. + Use include_tasks or import_tasks instead. + - Templar - remove deprecated shared_loader_obj parameter of + __init__ + - fetch_url - remove auto disabling decompress when gzip is not + available + - get_action_args_with_defaults - remove deprecated + redirected_names method parameter + - ansible-test - Removed support for the remote Windows targets + 2012 and 2012-R2 + - inventory_cache - remove deprecated + default.fact_caching_prefix ini configuration option, use + defaults.fact_caching_prefix instead. + - module_utils/basic.py - Removed Python 3.5 as a supported + remote version. Python 2.7 or Python 3.6+ is now required. + - stat - removed unused get_md5 parameter. + * Security Fixes + - ansible-galaxy - Prevent roles from using symlinks to + overwrite files outside of the installation directory + (CVE-2023-5115) + * Known issues + - ansible-galaxy - dies in the middle of installing a role when + that role contains Java inner classes (files with $ in the + file name). This is by design, to exclude temporary or backup + files. (#81553). + - ansible-test - The pep8 sanity test is unable to detect + f-string spacing issues (E201, E202) on Python 3.10 and 3.11. + They are correctly detected under Python 3.12. See + (PyCQA/pycodestyle#1190). + ------------------------------------------------------------------- Tue Dec 12 17:22:59 UTC 2023 - Johannes Kastl diff --git a/ansible-core.spec b/ansible-core.spec index e77050e..ff23d59 100644 --- a/ansible-core.spec +++ b/ansible-core.spec @@ -1,7 +1,7 @@ # # spec file for package ansible-core # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,35 +38,35 @@ %endif Name: ansible-core -Version: 2.15.8 +Version: 2.17.6 Release: 0 Summary: Radically simple IT automation License: GPL-3.0-or-later URL: https://ansible.com/ -Source: https://files.pythonhosted.org/packages/source/a/ansible-core/ansible-core-%{version}.tar.gz +Source0: https://files.pythonhosted.org/packages/source/a/ansible-core/ansible_core-%{version}.tar.gz#/ansible_core-%{version}.tar.gz +Source1: ansible_core-%{version}.tar.gz.sha256 BuildArch: noarch # cannot be installed with ansible < 3 or ansible-base Conflicts: ansible < 3 Conflicts: ansible-base -# https://github.com/ansible/ansible/blob/devel/setup.cfg#L40 -BuildRequires: %{ansible_python}-base >= 3.9 +# https://github.com/ansible/ansible/blob/stable-2.17/setup.cfg#L40 +BuildRequires: %{ansible_python}-base >= 3.10 BuildRequires: %{ansible_python}-setuptools -BuildRequires: fdupes -BuildRequires: python-rpm-macros -# importlib_resources not required, as we are using python 3.10 or higher -# SECTION test requirements -BuildRequires: %{ansible_python}-botocore +# https://github.com/ansible/ansible/blob/stable-2.17/requirements.txt BuildRequires: %{ansible_python}-Jinja2 >= 3.0.0 BuildRequires: %{ansible_python}-PyYAML >= 5.1 BuildRequires: %{ansible_python}-cryptography -BuildRequires: %{ansible_python}-curses BuildRequires: %{ansible_python}-packaging -BuildRequires: %{ansible_python}-pytest -BuildRequires: %{ansible_python}-pytz -# https://github.com/ansible/ansible/blob/devel/requirements.txt +BuildRequires: fdupes +BuildRequires: python-rpm-macros BuildRequires: (%{ansible_python}-resolvelib >= 0.5.3 with %{ansible_python}-resolvelib < 1.1.0) +# SECTION test requirements +###BuildRequires: %{ansible_python}-botocore +###BuildRequires: %{ansible_python}-curses +###BuildRequires: %{ansible_python}-pytest +###BuildRequires: %{ansible_python}-pytz # /SECTION # SECTION docs BuildRequires: %{ansible_python}-docutils @@ -75,18 +75,17 @@ Requires: %{ansible_python}-Jinja2 >= 3.0.0 Requires: %{ansible_python}-PyYAML >= 5.1 Requires: %{ansible_python}-cryptography Requires: %{ansible_python}-packaging -# https://github.com/ansible/ansible/blob/devel/requirements.txt -# importlib_resources not required, as we are using python 3.10 or higher Requires: (%{ansible_python}-resolvelib >= 0.5.3 with %{ansible_python}-resolvelib < 1.1.0) # ansible-documentation is a separate package since 2.15.3 Recommends: ansible-documentation %description -Ansible is a radically simple IT automation system. It handles -configuration management, application deployment, cloud provisioning, -ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex -changes like zero-downtime rolling updates with load balancers easy. More information on the Ansible `website `_. +Ansible is a radically simple IT automation system. It handles configuration +management, application deployment, cloud provisioning, ad-hoc task execution, +network automation, and multi-node orchestration. Ansible makes complex changes +like zero-downtime rolling updates with load balancers easy. More information +on the Ansible website . %package -n ansible-test Summary: Tool for testing ansible plugin and module code @@ -105,7 +104,7 @@ modules can be written in any language and are transferred to managed machines automatically. %prep -%setup -q -n ansible-core-%{version} +%setup -q -n ansible_core-%{version} for file in .git_keep .travis.yml ; do find . -name "$file" -delete @@ -186,7 +185,7 @@ cp -v ./man1/*.1 %{buildroot}/%{_mandir}/man1/ #python3 bin/ansible-test units -v --python %%{python3_version} %files -%doc changelogs/CHANGELOG-v2.15.rst changelogs/changelog.yaml +%doc changelogs/CHANGELOG-v2.17.rst changelogs/changelog.yaml %license COPYING licenses/Apache-License.txt licenses/MIT-license.txt licenses/PSF-license.txt licenses/simplified_bsd.txt %{_bindir}/ansible %{_bindir}/ansible-config diff --git a/ansible_core-2.17.6.tar.gz b/ansible_core-2.17.6.tar.gz new file mode 100644 index 0000000..a839ea3 --- /dev/null +++ b/ansible_core-2.17.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3e53970b7cebfe2adb39b711c1e2f8bbfcbedac828da51dc0357a19070638e95 +size 3102618 diff --git a/ansible_core-2.17.6.tar.gz.sha256 b/ansible_core-2.17.6.tar.gz.sha256 new file mode 100644 index 0000000..9d8e585 --- /dev/null +++ b/ansible_core-2.17.6.tar.gz.sha256 @@ -0,0 +1 @@ +3e53970b7cebfe2adb39b711c1e2f8bbfcbedac828da51dc0357a19070638e95 ansible_core-2.17.6.tar.gz