diff --git a/.gitignore b/.gitignore index 9594499..6bd7cc7 100644 --- a/.gitignore +++ b/.gitignore @@ -26,64 +26,14 @@ /ansible-core-2.14.2.tar.gz /ansible-core-2.14.3.tar.gz /ansible-core-2.14.4.tar.gz -/ansible-core-2.15.0b3.tar.gz -/ansible-core-2.15.0rc1.tar.gz -/ansible-core-2.15.0rc2.tar.gz -/ansible-core-2.15.0.tar.gz -/ansible-core-2.15.1.tar.gz -/ansible-core-2.15.2.tar.gz -/ansible-documentation-2.15.2.tar.gz -/ansible-core-2.15.3.tar.gz -/ansible-documentation-2.15.3.tar.gz -/ansible-core-2.15.4.tar.gz -/ansible-documentation-2.15.4.tar.gz -/ansible-core-2.16.0b1.tar.gz -/ansible-documentation-2.16.0b1.tar.gz -/ansible-core-2.16.0b2.tar.gz -/ansible-documentation-2.16.0b2.tar.gz -/ansible-core-2.16.0rc1.tar.gz -/ansible-documentation-2.16.0rc1.tar.gz -/ansible-core-2.16.0.tar.gz -/ansible-documentation-2.16.0.tar.gz -/ansible-core-2.16.1.tar.gz -/ansible-documentation-2.16.1.tar.gz -/ansible-core-2.16.2.tar.gz -/ansible-documentation-2.16.2.tar.gz -/ansible-core-2.16.3.tar.gz -/ansible-documentation-2.16.3.tar.gz -/ansible-core-2.16.4.tar.gz -/ansible-documentation-2.16.4.tar.gz -/ansible-core-2.16.5.tar.gz -/ansible-documentation-2.16.5.tar.gz -/ansible-core-2.16.6.tar.gz -/ansible-documentation-2.16.6.tar.gz -/ansible-core-2.16.7.tar.gz -/ansible-documentation-2.16.7.tar.gz -/ansible-core-2.16.8.tar.gz -/ansible-documentation-2.16.8.tar.gz -/ansible-core-2.16.9.tar.gz -/ansible-documentation-2.16.9.tar.gz -/ansible-core-2.16.10.tar.gz -/ansible-documentation-2.16.10.tar.gz -/ansible-core-2.16.11.tar.gz -/ansible-documentation-2.16.11.tar.gz -/ansible-core-2.16.12.tar.gz -/ansible-documentation-2.16.12.tar.gz -/ansible-core-2.18.0.tar.gz -/ansible-documentation-2.18.0.tar.gz -/ansible-core-2.18.1.tar.gz -/ansible-documentation-2.18.1.tar.gz -/ansible-core-2.18.3.tar.gz -/ansible-documentation-2.18.3.tar.gz -/ansible-core-2.18.4.tar.gz -/ansible-documentation-2.18.4.tar.gz -/ansible-core-2.18.6.tar.gz -/ansible-documentation-2.18.6.tar.gz -/ansible-core-2.18.7.tar.gz -/ansible-documentation-2.18.7.tar.gz -/ansible-core-2.18.9.tar.gz -/ansible-documentation-2.18.9.tar.gz -/ansible-core-2.18.11.tar.gz -/ansible-documentation-2.18.11.tar.gz -/ansible-core-2.20.1.tar.gz -/ansible-documentation-2.20.1.tar.gz +/ansible-core-2.14.5.tar.gz +/ansible-core-2.14.6.tar.gz +/ansible-core-2.14.7.tar.gz +/ansible-core-2.14.8.tar.gz +/ansible-documentation-2.14.8.tar.gz +/ansible-core-2.14.9.tar.gz +/ansible-documentation-2.14.9.tar.gz +/ansible-core-2.14.10.tar.gz +/ansible-documentation-2.14.10.tar.gz +/ansible-core-2.14.11.tar.gz +/ansible-documentation-2.14.11.tar.gz diff --git a/.packit.yaml b/.packit.yaml deleted file mode 100644 index 118fa81..0000000 --- a/.packit.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# See the documentation for more information: -# https://packit.dev/docs/configuration/ - -upstream_project_url: https://github.com/ansible/ansible -upstream_tag_template: v{version} -issue_repository: https://pagure.io/ansible-packit-issues -create_sync_note: false -# TODO: Remove pending https://fedoraproject.org/wiki/Changes/Ansible13 -upstream_tag_include: "v2.18" -jobs: - - job: pull_from_upstream - trigger: release - dist_git_branches: - # Fast forward merge rawhide while it is held at v2.18. - rawhide: - fast_forward_merge_into: - - fedora-43 - - fedora-42 - - job: koji_build - trigger: commit - dist_git_branches: - - fedora-all - sidetag_group: "ansible" - dependents: - - ansible - # The update for the sidetag group is created in the ansible package. - # - job: bodhi_update - # trigger: commit - # dist_git_branches: - # - rawhide diff --git a/2.10.3-test-patch.patch b/2.10.3-test-patch.patch new file mode 100644 index 0000000..ee29168 --- /dev/null +++ b/2.10.3-test-patch.patch @@ -0,0 +1,17 @@ +diff --color -Nur ansible-base-2.10.3.orig/test/units/modules/test_async_wrapper.py ansible-base-2.10.3/test/units/modules/test_async_wrapper.py +--- ansible-base-2.10.3.orig/test/units/modules/test_async_wrapper.py 2020-11-02 14:26:08.000000000 -0800 ++++ ansible-base-2.10.3/test/units/modules/test_async_wrapper.py 2020-11-03 13:07:42.556005427 -0800 +@@ -22,11 +22,11 @@ + def test_run_module(self, monkeypatch): + + def mock_get_interpreter(module_path): +- return ['/usr/bin/python'] ++ return ['/usr/bin/python3'] + + module_result = {'rc': 0} + module_lines = [ +- '#!/usr/bin/python', ++ '#!/usr/bin/python3', + 'import sys', + 'sys.stderr.write("stderr stuff")', + "print('%s')" % json.dumps(module_result) diff --git a/CVE-2024-0690.patch b/CVE-2024-0690.patch new file mode 100644 index 0000000..6dfaf38 --- /dev/null +++ b/CVE-2024-0690.patch @@ -0,0 +1,85 @@ +From beb04bc2642c208447c5a936f94310528a1946b1 Mon Sep 17 00:00:00 2001 +From: Matt Martz +Date: Thu, 18 Jan 2024 17:17:23 -0600 +Subject: [PATCH] [stable-2.14] Ensure ANSIBLE_NO_LOG is respected + (CVE-2024-0690) (#82565) (#82568) + +(cherry picked from commit 6935c8e) +--- + changelogs/fragments/cve-2024-0690.yml | 2 ++ + lib/ansible/playbook/base.py | 2 +- + lib/ansible/playbook/play_context.py | 4 ---- + test/integration/targets/no_log/no_log_config.yml | 13 +++++++++++++ + test/integration/targets/no_log/runme.sh | 5 +++++ + 5 files changed, 21 insertions(+), 5 deletions(-) + create mode 100644 changelogs/fragments/cve-2024-0690.yml + create mode 100644 test/integration/targets/no_log/no_log_config.yml + +diff --git a/changelogs/fragments/cve-2024-0690.yml b/changelogs/fragments/cve-2024-0690.yml +new file mode 100644 +index 00000000000000..0e030d88864ca5 +--- /dev/null ++++ b/changelogs/fragments/cve-2024-0690.yml +@@ -0,0 +1,2 @@ ++security_fixes: ++- ANSIBLE_NO_LOG - Address issue where ANSIBLE_NO_LOG was ignored (CVE-2024-0690) +diff --git a/lib/ansible/playbook/base.py b/lib/ansible/playbook/base.py +index c772df11926d86..c3bce16ba48a52 100644 +--- a/lib/ansible/playbook/base.py ++++ b/lib/ansible/playbook/base.py +@@ -722,7 +722,7 @@ class Base(FieldAttributeBase): + + # flags and misc. settings + environment = FieldAttribute(isa='list', extend=True, prepend=True) +- no_log = FieldAttribute(isa='bool') ++ no_log = FieldAttribute(isa='bool', default=C.DEFAULT_NO_LOG) + run_once = FieldAttribute(isa='bool') + ignore_errors = FieldAttribute(isa='bool') + ignore_unreachable = FieldAttribute(isa='bool') +diff --git a/lib/ansible/playbook/play_context.py b/lib/ansible/playbook/play_context.py +index 90de929364974e..44914454357522 100644 +--- a/lib/ansible/playbook/play_context.py ++++ b/lib/ansible/playbook/play_context.py +@@ -320,10 +320,6 @@ def set_task_and_variable_override(self, task, variables, templar): + display.warning('The "%s" connection plugin has an improperly configured remote target value, ' + 'forcing "inventory_hostname" templated value instead of the string' % new_info.connection) + +- # set no_log to default if it was not previously set +- if new_info.no_log is None: +- new_info.no_log = C.DEFAULT_NO_LOG +- + if task.check_mode is not None: + new_info.check_mode = task.check_mode + +diff --git a/test/integration/targets/no_log/no_log_config.yml b/test/integration/targets/no_log/no_log_config.yml +new file mode 100644 +index 00000000000000..8a5088059db424 +--- /dev/null ++++ b/test/integration/targets/no_log/no_log_config.yml +@@ -0,0 +1,13 @@ ++- hosts: testhost ++ gather_facts: false ++ tasks: ++ - debug: ++ no_log: true ++ ++ - debug: ++ no_log: false ++ ++ - debug: ++ ++ - debug: ++ loop: '{{ range(3) }}' +diff --git a/test/integration/targets/no_log/runme.sh b/test/integration/targets/no_log/runme.sh +index bb5c048fc9ab3f..8bfe019bb98289 100755 +--- a/test/integration/targets/no_log/runme.sh ++++ b/test/integration/targets/no_log/runme.sh +@@ -19,3 +19,8 @@ set -eux + + # test invalid data passed to a suboption + [ "$(ansible-playbook no_log_suboptions_invalid.yml -i ../../inventory -vvvvv "$@" | grep -Ec '(SUPREME|IDIOM|MOCKUP|EDUCATED|FOOTREST|CRAFTY|FELINE|CRYSTAL|EXPECTANT|AGROUND|GOLIATH|FREEFALL)')" = "0" ] ++ ++# test variations on ANSIBLE_NO_LOG ++[ "$(ansible-playbook no_log_config.yml -i ../../inventory -vvvvv "$@" | grep -Ec 'the output has been hidden')" = "1" ] ++[ "$(ANSIBLE_NO_LOG=0 ansible-playbook no_log_config.yml -i ../../inventory -vvvvv "$@" | grep -Ec 'the output has been hidden')" = "1" ] ++[ "$(ANSIBLE_NO_LOG=1 ansible-playbook no_log_config.yml -i ../../inventory -vvvvv "$@" | grep -Ec 'the output has been hidden')" = "6" ] diff --git a/GALAXY_COLLECTIONS_PATH_WARNINGS.patch b/GALAXY_COLLECTIONS_PATH_WARNINGS.patch new file mode 100644 index 0000000..59f8359 --- /dev/null +++ b/GALAXY_COLLECTIONS_PATH_WARNINGS.patch @@ -0,0 +1,65 @@ +From 734f38b2594692707d1fd3cbcfc8dc8a677f4ee3 Mon Sep 17 00:00:00 2001 +From: Maxwell G +Date: Fri, 21 Apr 2023 07:29:10 -0500 +Subject: [PATCH] Add GALAXY_COLLECTIONS_PATH_WARNINGS option. (#78487) + +* Add GALAXY_COLLECTIONS_PATH_WARNING option. + +This allows users to disable warnings from `ansible-galaxy collection +install` about `--collections-path` missing from Ansible's configured +collections_paths. +--- + .../fragments/78487-galaxy-collections-path-warnings.yml | 6 ++++++ + lib/ansible/cli/galaxy.py | 5 ++++- + lib/ansible/config/base.yml | 9 +++++++++ + 3 files changed, 19 insertions(+), 1 deletion(-) + create mode 100644 changelogs/fragments/78487-galaxy-collections-path-warnings.yml + +diff --git a/changelogs/fragments/78487-galaxy-collections-path-warnings.yml b/changelogs/fragments/78487-galaxy-collections-path-warnings.yml +new file mode 100644 +index 00000000000000..4702e94f961d82 +--- /dev/null ++++ b/changelogs/fragments/78487-galaxy-collections-path-warnings.yml +@@ -0,0 +1,6 @@ ++--- ++minor_changes: ++- >- ++ Add ``GALAXY_COLLECTIONS_PATH_WARNING`` option to disable the warning ++ given by ``ansible-galaxy collection install`` when installing a collection ++ to a path that isn't in the configured collection paths. +diff --git a/lib/ansible/cli/galaxy.py b/lib/ansible/cli/galaxy.py +index fc88137ff63604..0deb0331a582b9 100755 +--- a/lib/ansible/cli/galaxy.py ++++ b/lib/ansible/cli/galaxy.py +@@ -1393,7 +1393,10 @@ def _execute_install_collection( + upgrade = context.CLIARGS.get('upgrade', False) + + collections_path = C.COLLECTIONS_PATHS +- if len([p for p in collections_path if p.startswith(path)]) == 0: ++ if ( ++ C.GALAXY_COLLECTIONS_PATH_WARNING ++ and len([p for p in collections_path if p.startswith(path)]) == 0 ++ ): + display.warning("The specified collections path '%s' is not part of the configured Ansible " + "collections paths '%s'. The installed collection will not be picked up in an Ansible " + "run, unless within a playbook-adjacent collections directory." % (to_text(path), to_text(":".join(collections_path)))) +diff --git a/lib/ansible/config/base.yml b/lib/ansible/config/base.yml +index 052a8f0834e4ca..206deb76d2e916 100644 +--- a/lib/ansible/config/base.yml ++++ b/lib/ansible/config/base.yml +@@ -1366,6 +1366,15 @@ GALAXY_COLLECTION_SKELETON_IGNORE: + ini: + - {key: collection_skeleton_ignore, section: galaxy} + type: list ++GALAXY_COLLECTIONS_PATH_WARNING: ++ name: "ansible-galaxy collection install colections path warnings" ++ description: "whether ``ansible-galaxy collection install`` should warn about ``--collections-path`` missing from configured :ref:`collections_paths`" ++ default: true ++ type: bool ++ env: [{name: ANSIBLE_GALAXY_COLLECTIONS_PATH_WARNING}] ++ ini: ++ - {key: collections_path_warning, section: galaxy} ++ version_added: "2.16" + # TODO: unused? + #GALAXY_SCMS: + # name: Galaxy SCMS diff --git a/ansible-core.spec b/ansible-core.spec index 4df897f..64f62ac 100644 --- a/ansible-core.spec +++ b/ansible-core.spec @@ -1,74 +1,83 @@ -# SPDX-License-Identifier: MIT -# Copyright (C) Fedora Project Authors -# License Text: https://spdx.org/licenses/MIT.html - -# several test dependencies are unwanted in RHEL -%bcond tests %{undefined rhel} - -# controls whether to generate shell completions -# may be useful for bootstrapping purposes -%bcond argcomplete 1 - +%bcond_without tests # disable the python -s shbang flag as we want to be able to find non system modules %undefine _py3_shebang_s -Name: ansible-core -Version: 2.20.1 +Name: ansible-core +Summary: A radically simple IT automation system +Version: 2.14.11 %global uversion %{version_no_tilde %{quote:%nil}} -Release: 2%{?dist} -Summary: A radically simple IT automation system - +Release: 2%{?dist} # The main license is GPLv3+. Many of the files in lib/ansible/module_utils # are BSD licensed. There are various files scattered throughout the codebase # containing code under different licenses. -# The ssh-agent helper code is BSD-3-Clause. -License: GPL-3.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND PSF-2.0 AND MIT AND Apache-2.0 -URL: https://ansible.com +License: GPL-3.0-or-later AND BSD-2-Clause AND PSF-2.0 AND MIT AND Apache-2.0 -Source0: https://github.com/ansible/ansible/archive/v%{uversion}/%{name}-%{uversion}.tar.gz -Source1: https://github.com/ansible/ansible-documentation/archive/v%{uversion}/ansible-documentation-%{uversion}.tar.gz +Source0: https://github.com/ansible/ansible/archive/v%{uversion}/%{name}-%{uversion}.tar.gz +Source1: https://github.com/ansible/ansible-documentation/archive/v%{uversion}/ansible-documentation-%{uversion}.tar.gz -BuildArch: noarch +Patch: https://github.com/ansible/ansible/commit/734f38b2594692707d1fd3cbcfc8dc8a677f4ee3.patch#/GALAXY_COLLECTIONS_PATH_WARNINGS.patch +# urls - remove deprecated client key calls (#80751) +# This is needed for Python 3.12, but we apply it unconditionally so +# controllers running on older Fedora versions can still work with Python 3.12 +# F39+ targets. +Patch: https://github.com/ansible/ansible/commit/0df794e5a4fe4597ee65b0d492fbf0d0989d5ca0.patch#/urls-remove-deprecated-client-key-calls.patch +# Ensure ANSIBLE_NO_LOG is respected (CVE-2024-0690) (#82565) (#82568) +Patch: https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1.patch#/CVE-2024-0690.patch +Url: https://ansible.com +BuildArch: noarch # Virtual provides for bundled libraries # Search for `_BUNDLED_METADATA` to find them +# lib/ansible/module_utils/urls.py +# SPDX-License-Identifier: BSD-2-Clause AND PSF-2.0 +Provides: bundled(python3dist(backports-ssl-match-hostname)) = 3.7.0.1 + # lib/ansible/module_utils/distro/* # SPDX-License-Identifier: Apache-2.0 -Provides: bundled(python3dist(distro)) = 1.9.0 +Provides: bundled(python3dist(distro)) = 1.6.0 # lib/ansible/module_utils/six/* # SPDX-License-Identifier: MIT -Provides: bundled(python3dist(six)) = 1.17.0 +Provides: bundled(python3dist(six)) = 1.16.0 -# lib/ansible/_internal/_wrapt.py -# SPDX-License-Identifier: BSD-2-Clause -Provides: bundled(python3dist(wrapt)) = 1.17.2 +# lib/ansible/module_utils/compat/selectors.py +# SPDX-License-Identifier: GPL-3.0-or-later +Provides: bundled(python3dist(selectors2)) = 1.1.1 -BuildRequires: make -BuildRequires: python%{python3_pkgversion}-devel -# This is only used in %%prep to relax the required setuptools version, -# which is not necessary in RHEL 10+. -# Not using it in RHEL avoids unwanted dependencies. -%if %{undefined rhel} -BuildRequires: tomcli >= 0.3.0 -%endif +# lib/ansible/module_utils/compat/ipaddress.py +# SPDX-License-Identifier: PSF-2.0 +Provides: bundled(python3dist(ipaddress)) = 1.0.22 + +Conflicts: ansible <= 2.9.99 +# +# obsoletes/provides for ansible-base +# +Provides: ansible-base = %{version}-%{release} +Obsoletes: ansible-base < 2.10.6-1 + +BuildRequires: make +BuildRequires: python%{python3_pkgversion}-devel # Needed to build manpages from source. -BuildRequires: python%{python3_pkgversion}-docutils +BuildRequires: python%{python3_pkgversion}-docutils +# Shell completions +BuildRequires: python%{python3_pkgversion}-argcomplete %if %{with tests} -BuildRequires: git-core -BuildRequires: glibc-all-langpacks -BuildRequires: python%{python3_pkgversion}-systemd +BuildRequires: git-core +BuildRequires: glibc-all-langpacks +BuildRequires: python%{python3_pkgversion}-systemd +# test/units/modules/test_async_wrapper.py needs this. +# Instead of patching the tests to use /usr/bin/python3, +# just give it what it wants. +BuildRequires: /usr/bin/python %endif -%if %{with argcomplete} -Requires: python%{python3_pkgversion}-argcomplete -%endif -%if 0%{?fedora} >= 39 -BuildRequires: python3-libdnf5 -Recommends: python3-libdnf5 -%endif +Requires: python%{python3_pkgversion}-argcomplete +# Require packaging macros if rpm-build exists +# This makes the transition seamless for other packages +# This is DEPRECATED. Packages must explicitly BuildRequire ansible-packaging. +Requires: (ansible-packaging if rpm-build) %global _description %{expand: @@ -83,9 +92,9 @@ are transferred to managed machines automatically.} This is the base part of ansible (the engine). %package doc -Summary: Documentation for Ansible Core -Provides: ansible-base-doc = %{version}-%{release} -Obsoletes: ansible-base-doc < 2.10.6-1 +Summary: Documentation for Ansible Core +Provides: ansible-base-doc = %{version}-%{release} +Obsoletes: ansible-base-doc < 2.10.6-1 %description doc %_description @@ -94,13 +103,8 @@ This package installs extensive documentation for ansible-core %prep %autosetup -p1 -n ansible-%{uversion} -a1 -# Relax setuptools constraint on Fedora -# Future RHELs have new enough setuptools -%if %{undefined rhel} -tomcli-set pyproject.toml lists replace \ - 'build-system.requires' 'setuptools >=.*' 'setuptools' -%endif +# ansible-test is executed directly by the Makefile, so we need to fix the shebang. sed -i -s 's|/usr/bin/env python|%{python3}|' \ bin/ansible-test \ test/lib/ansible_test/_util/target/cli/ansible_test_cli_stub.py @@ -115,10 +119,6 @@ sed '/^mock$/d' test/lib/ansible_test/_data/requirements/units.txt > _requiremen %generate_buildrequires %pyproject_buildrequires %{?with_tests:_requirements.txt test/units/requirements.txt} -%if %{with argcomplete} -# Shell completions -echo 'python%{python3_pkgversion}-argcomplete' -%endif %build @@ -128,8 +128,6 @@ echo 'python%{python3_pkgversion}-argcomplete' mkdir -p docs/man/man1 %{python3} packaging/cli-doc/build.py man --output-dir docs/man/man1 - -%if %{with argcomplete} # Build shell completions ( cd bin @@ -152,7 +150,6 @@ mkdir -p docs/man/man1 done done ) -%endif %install @@ -169,10 +166,8 @@ done < <(find \ %{buildroot}%{python3_sitelib}/ansible/cli/scripts/ansible_connection_cli_stub.py \ -type f ! -executable) -%if %{with argcomplete} install -Dpm 0644 bash_completions/* -t %{buildroot}%{bash_completions_dir} install -Dpm 0644 fish_completions/* -t %{buildroot}%{fish_completions_dir} -%endif # Create system directories that Ansible defines as default locations in # ansible/config/base.yml @@ -228,22 +223,20 @@ install -Dpm 0644 licenses/* -t %{buildroot}%{_pkglicensedir} %check %if %{with tests} %{python3} bin/ansible-test \ - units --local --python-interpreter %{python3} -vv + units --local --python-interpreter %{python3} %endif %files -f %{pyproject_files} %license COPYING -%license %{_pkglicensedir}/{Apache-License,MIT-license,PSF-license,simplified_bsd,BSD-3-Clause}.txt -%doc README.md changelogs/CHANGELOG-v2.2?.rst +%license %{_pkglicensedir}/{Apache-License,MIT-license,PSF-license,simplified_bsd}.txt +%doc README.md changelogs/CHANGELOG-v2.1?.rst %dir %{_sysconfdir}/ansible/ %config(noreplace) %{_sysconfdir}/ansible/* %{_bindir}/ansible* %{_datadir}/ansible/ -%if %{with argcomplete} %{bash_completions_dir}/ansible* %{fish_completions_dir}/ansible*.fish -%endif %{_mandir}/man1/ansible* %files doc @@ -254,184 +247,34 @@ install -Dpm 0644 licenses/* -t %{buildroot}%{_pkglicensedir} %changelog -* Fri Jan 16 2026 Fedora Release Engineering - 2.20.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild - -* Tue Dec 09 2025 Maxwell G - 2.20.1-1 -- Update to 2.20.1. Fixes rhbz#2382388. -- Update bundled() Provides -- Remove upstreamed patches -- Remove old Provides and Obsoletes for ansible-base and Ansible <= 2.9 - -* Mon Nov 17 2025 Packit - 2.18.11-1 -- Update to version 2.18.11 - -* Sat Sep 27 2025 Maxwell G - 2.18.9-1 -- Update to 2.18.9. - -* Fri Sep 19 2025 Python Maint - 2.18.7-4 -- Rebuilt for Python 3.14.0rc3 bytecode - -* Fri Aug 15 2025 Python Maint - 2.18.7-3 -- Rebuilt for Python 3.14.0rc2 bytecode - -* Wed Jul 23 2025 Fedora Release Engineering - 2.18.7-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Wed Jul 16 2025 Maxwell G - 2.18.7-1 -- Update to 2.18.7. Fixes rhbz#2380244. - -* Sat Jun 07 2025 Maxwell G - 2.18.6-2 -- Add initial support for Python 3.14 (rhbz#2366307) - -* Sat Jun 07 2025 Maxwell G - 2.18.6-1 -- Update to 2.18.6. Fixes rhbz#2354908. - -* Tue Jun 03 2025 Python Maint - 2.18.4-2 -- Rebuilt for Python 3.14 - -* Tue Mar 25 2025 Packit - 2.18.4-1 -- Update to version 2.18.4 -- Resolves: rhbz#2354908 - -* Mon Mar 17 2025 Packit - 2.18.3-1 -- Update to version 2.18.3 -- Resolves: rhbz#2342365 - -* Thu Jan 16 2025 Fedora Release Engineering - 2.18.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Wed Dec 04 2024 Maxwell G - 2.18.1-1 -- Update to 2.18.1. Fixes rhbz#2330005. -- dnf5 - backport support for automatically installing python3-libdnf5 (rhbz#2322751). - -* Tue Nov 26 2024 Maxwell G - 2.18.0-1 -- Update to 2.18.0. Fixes rhbz#2282011. - -* Fri Oct 11 2024 Maxwell G - 2.16.12-1 -- Update to 2.16.12. - -* Tue Sep 10 2024 Maxwell G - 2.16.11-1 -- Update to 2.16.11. - -* Tue Aug 13 2024 Maxwell G - 2.16.10-1 -- Update to 2.16.10. - -* Fri Jul 19 2024 Maxwell G - 2.16.9-1 -- Update to 2.16.9. - -* Wed Jul 17 2024 Fedora Release Engineering - 2.16.8-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Sun Jun 23 2024 Maxwell G - 2.16.8-1 -- Update to 2.16.8. - -* Sun Jun 09 2024 Python Maint - 2.16.7-2 -- Rebuilt for Python 3.13 - -* Tue Jun 04 2024 Maxwell G - 2.16.7-1 -- Update to 2.16.7. - -* Thu May 23 2024 Miro Hrončok - 2.16.6-2 -- Fix build with Python 3.13 - -* Tue Apr 16 2024 Maxwell G - 2.16.6-1 -- Update to 2.16.6. Fixes rhbz#2261507. - -* Fri Mar 29 2024 Maxwell G - 2.16.5-1 -- Update to 2.16.5. Fixes rhbz#2261507. - -* Fri Mar 29 2024 Maxwell G - 2.16.5-1 -- Update to 2.16.5. - -* Sat Mar 02 2024 Maxwell G - 2.16.4-1 -- Update to 2.16.4. Fixes rhbz#2261507. - -* Thu Feb 01 2024 Maxwell G - 2.16.3-1 -- Update to 2.16.3. Fixes rhbz#2261507. - -* Mon Jan 22 2024 Fedora Release Engineering - 2.16.2-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 2.16.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Thu Jan 18 2024 Maxwell G - 2.16.2-2 +* Fri Jan 19 2024 Maxwell G - 2.14.11-2 - Mitigate CVE-2024-0690. -* Mon Dec 11 2023 Maxwell G - 2.16.2-1 -- Update to 2.16.2. Fixes rhbz#2254093. +* Thu Oct 12 2023 Maxwell G - 2.14.11-1 +- Update to 2.14.11. -* Wed Dec 06 2023 Maxwell G - 2.16.1-1 -- Update to 2.16.1. Fixes rhbz#2252860. +* Wed Sep 13 2023 Maxwell G - 2.14.10-1 +- Update to 2.14.10. -* Fri Nov 10 2023 Maxwell G - 2.16.0-1 -- Update to 2.16.0. Fixes rhbz#2248187. +* Sun Aug 20 2023 Maxwell G - 2.14.9-1 +- Update to 2.14.9. -* Thu Oct 19 2023 Maxwell G - 2.16.0~rc1-1 -- Update to 2.16.0~rc1. +* Tue Jul 18 2023 Maxwell G - 2.14.8-1 +- Update to 2.14.8. -* Tue Oct 03 2023 Maxwell G - 2.16.0~b2-1 -- Update to 2.16.0~b2. +* Mon Jul 10 2023 Maxwell G - 2.14.7-2 +- Backport patch to make the `url` module_util compatible with Python 3.12 + (Fedora 39+) hosts -* Mon Oct 02 2023 Miro Hrončok - 2.16.0~b1-2 -- Do not use tomcli in Fedora ELN, avoid pulling unwanted dependencies +* Fri Jun 30 2023 Maxwell G - 2.14.7-1 +- Update to 2.14.7. -* Wed Sep 27 2023 Maxwell G - 2.16.0~b1-1 -- Update to 2.16.0~b1. - -* Tue Sep 26 2023 Kevin Fenzi - 2.15.4-2 -- Add patch to fix readfp with python-3.12. Fixes rhbz#2239728 - -* Mon Sep 11 2023 Maxwell G - 2.15.4-1 -- Update to 2.15.4. Fixes rhbz#2238445. - -* Thu Aug 17 2023 Maxwell G - 2.15.3-1 -- Update to 2.15.3. Fixes rhbz#2231963. - -* Wed Jul 19 2023 Fedora Release Engineering - 2.15.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Tue Jul 18 2023 Maxwell G - 2.15.2-1 -- Update to 2.15.2. Fixes rhbz#2223469. -- Use the docs sources from https://github.com/ansible/ansible-documentation. - -* Mon Jul 03 2023 Maxwell G - 2.15.1-2 -- Rebuilt for Python 3.12 - -* Thu Jun 22 2023 Maxwell G - 2.15.1-1 -- Update to 2.15.1. Fixes rhbz#2204492. -- Add Recommends on python3-libdnf5 for Fedora 39 - -* Sat Jun 17 2023 Maxwell G - 2.15.0-5 -- Add patch to avoid importlib.abc.TraversableResources DeprecationWarning - -* Fri Jun 16 2023 Python Maint - 2.15.0-4 -- Rebuilt for Python 3.12 - -* Tue Jun 13 2023 Maxwell G - 2.15.0-3 -- Add support for Python 3.12. Fixes rhbz#2196539. -- Remove conditional Requires on ansible-packaging. - -* Tue May 23 2023 Yaakov Selkowitz - 2.15.0-2 -- Disable tests in RHEL builds - -* Tue May 16 2023 Maxwell G - 2.15.0-1 -- Update to 2.15.0. +* Mon May 29 2023 Maxwell G - 2.14.6-1 +- Update to 2.14.6. - Don't remove dotfiles and empty files. ansible-core actually needs these. -* Wed May 03 2023 Maxwell G - 2.15.0~rc2-1 -- Update to 2.15.0~rc2. - -* Thu Apr 27 2023 Maxwell G - 2.15.0~rc1-1 -- Update to 2.15.0~rc1. - -* Mon Apr 24 2023 Maxwell G - 2.15.0~b3-1 -- Update to 2.15.0~b3. -- Account for the removed Makefile - -* Mon Apr 24 2023 Maxwell G - 2.14.4-2 -- Add gating +* Mon May 01 2023 Maxwell G - 2.14.5-1 +- Update to 2.14.5. Fixes rhbz#2189287. * Wed Mar 29 2023 Maxwell G - 2.14.4-1 - Update to 2.14.4. Fixes rhbz#2173765. diff --git a/sources b/sources index 47c7d63..2ec8a8f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (ansible-core-2.20.1.tar.gz) = fa0a4836e3548cd4e432e87b241beb6fb556765699c25b1f3b1c47111a1c44d5ba3244aeb8793408e72ab63564d6e848148becbfb550bd965e466752d7f78229 -SHA512 (ansible-documentation-2.20.1.tar.gz) = 0dc20cb62280c715e4b06788a5eb2c757c388d0da646a38fc3ab56e38d236ddb0fd7586a567d973e530ed3ed2310ff26542cdb0e1621e0049147dc747e20205b +SHA512 (ansible-core-2.14.11.tar.gz) = 4246b0fcab2e89ff2e905c582b03dc4c05a2db29aaac72d9ce75a88edeb0ba3a2b5baee2756adf19b98af5516db4c0dca96c46f8d30d0029cbb37232dc197ee2 +SHA512 (ansible-documentation-2.14.11.tar.gz) = 40261e647092048b398a825abcdcc0b7fed51cabdb0c3e1b5f403ecc36ee7c289f41fec5fe4065ff0b955cf24db56914d61749525922b36f6fc6e606c5e975ad diff --git a/tests/smoke.sh b/tests/smoke.sh index 14eeea6..2ee036c 100755 --- a/tests/smoke.sh +++ b/tests/smoke.sh @@ -3,38 +3,15 @@ set -euo pipefail ansible --version - -cat <inventory -[all] -localhost ansible_connection=local -EOF -export ANSIBLE_INVENTORY=inventory - -chroot="fedora-rawhide-x86_64" - -ansible localhost -bm setup |& tee out - -if ! grep Fedora out; then - chroot="epel-9-x86_64" -fi - -ansible localhost -b \ - -m package \ - -a name=filesystem \ - |& tee out -grep -F 'localhost | SUCCESS' out -(! grep -F 'localhost | CHANGED' out) - -ansible localhost -b \ +ansible -c local -i localhost, localhost -m setup +ansible -c local -i locahost, localhost -b \ -m community.general.copr \ - -a "name=gotmax23/community.general.copr_integration_tests chroot=${chroot}" \ + -a "name=gotmax23/community.general.copr_integration_tests chroot=fedora-rawhide-x86_64" \ |& tee out -grep -F 'localhost | CHANGED' out - -ansible localhost -b \ +grep 'localhost | CHANGED' out +ansible -c local -i localhost, localhost -b \ -m package \ - -a name=copr-module-integration-dummy-package \ + -a name=copr-module-integration-dummy-package \ |& tee out -grep -F 'localhost | CHANGED' out - +grep 'localhost | CHANGED' out rpm -ql copr-module-integration-dummy-package diff --git a/tests/smoke1.fmf b/tests/smoke1.fmf index 22c50f8..a586316 100644 --- a/tests/smoke1.fmf +++ b/tests/smoke1.fmf @@ -6,7 +6,6 @@ discover: - name: Run tests/smoke.sh test: tests/smoke.sh require: - - python3 - python3-dnf - dnf-plugins-core - ansible-core diff --git a/tests/smoke2.fmf b/tests/smoke2.fmf index cfd06d1..250065c 100644 --- a/tests/smoke2.fmf +++ b/tests/smoke2.fmf @@ -6,7 +6,6 @@ discover: - name: Run tests/smoke.sh test: tests/smoke.sh require: - - python3 - python3-dnf - dnf-plugins-core - ansible-core diff --git a/urls-remove-deprecated-client-key-calls.patch b/urls-remove-deprecated-client-key-calls.patch new file mode 100644 index 0000000..1e7d9cd --- /dev/null +++ b/urls-remove-deprecated-client-key-calls.patch @@ -0,0 +1,154 @@ +From 0df794e5a4fe4597ee65b0d492fbf0d0989d5ca0 Mon Sep 17 00:00:00 2001 +From: Jordan Borean +Date: Thu, 18 May 2023 08:17:25 +1000 +Subject: [PATCH] urls - remove deprecated client key calls (#80751) + +--- + .../fragments/urls-client-cert-py12.yml | 2 ++ + lib/ansible/module_utils/urls.py | 28 +++++++++++-------- + test/units/module_utils/urls/test_Request.py | 14 ++++------ + 3 files changed, 24 insertions(+), 20 deletions(-) + create mode 100644 changelogs/fragments/urls-client-cert-py12.yml + +diff --git a/changelogs/fragments/urls-client-cert-py12.yml b/changelogs/fragments/urls-client-cert-py12.yml +new file mode 100644 +index 00000000000000..aab129ed96e94b +--- /dev/null ++++ b/changelogs/fragments/urls-client-cert-py12.yml +@@ -0,0 +1,2 @@ ++bugfixes: ++- urls.py - fixed cert_file and key_file parameters when running on Python 3.12 - https://github.com/ansible/ansible/issues/80490 +diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py +index 0e5fbb74c4fae2..0197d86e1033b2 100644 +--- a/lib/ansible/module_utils/urls.py ++++ b/lib/ansible/module_utils/urls.py +@@ -535,15 +535,18 @@ def __init__(self, message, import_traceback, module=None): + UnixHTTPSConnection = None + if hasattr(httplib, 'HTTPSConnection') and hasattr(urllib_request, 'HTTPSHandler'): + class CustomHTTPSConnection(httplib.HTTPSConnection): # type: ignore[no-redef] +- def __init__(self, *args, **kwargs): ++ def __init__(self, client_cert=None, client_key=None, *args, **kwargs): + httplib.HTTPSConnection.__init__(self, *args, **kwargs) + self.context = None + if HAS_SSLCONTEXT: + self.context = self._context + elif HAS_URLLIB3_PYOPENSSLCONTEXT: + self.context = self._context = PyOpenSSLContext(PROTOCOL) +- if self.context and self.cert_file: +- self.context.load_cert_chain(self.cert_file, self.key_file) ++ ++ self._client_cert = client_cert ++ self._client_key = client_key ++ if self.context and self._client_cert: ++ self.context.load_cert_chain(self._client_cert, self._client_key) + + def connect(self): + "Connect to a host on a given (SSL) port." +@@ -564,10 +567,10 @@ def connect(self): + if HAS_SSLCONTEXT or HAS_URLLIB3_PYOPENSSLCONTEXT: + self.sock = self.context.wrap_socket(sock, server_hostname=server_hostname) + elif HAS_URLLIB3_SSL_WRAP_SOCKET: +- self.sock = ssl_wrap_socket(sock, keyfile=self.key_file, cert_reqs=ssl.CERT_NONE, # pylint: disable=used-before-assignment +- certfile=self.cert_file, ssl_version=PROTOCOL, server_hostname=server_hostname) ++ self.sock = ssl_wrap_socket(sock, keyfile=self._client_key, cert_reqs=ssl.CERT_NONE, # pylint: disable=used-before-assignment ++ certfile=self._client_cert, ssl_version=PROTOCOL, server_hostname=server_hostname) + else: +- self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, certfile=self.cert_file, ssl_version=PROTOCOL) ++ self.sock = ssl.wrap_socket(sock, keyfile=self._client_key, certfile=self._client_cert, ssl_version=PROTOCOL) + + class CustomHTTPSHandler(urllib_request.HTTPSHandler): # type: ignore[no-redef] + +@@ -602,10 +605,6 @@ def https_open(self, req): + return self.do_open(self._build_https_connection, req) + + def _build_https_connection(self, host, **kwargs): +- kwargs.update({ +- 'cert_file': self.client_cert, +- 'key_file': self.client_key, +- }) + try: + kwargs['context'] = self._context + except AttributeError: +@@ -613,7 +612,7 @@ def _build_https_connection(self, host, **kwargs): + if self._unix_socket: + return UnixHTTPSConnection(self._unix_socket)(host, **kwargs) + if not HAS_SSLCONTEXT: +- return CustomHTTPSConnection(host, **kwargs) ++ return CustomHTTPSConnection(host, client_cert=self.client_cert, client_key=self.client_key, **kwargs) + return httplib.HTTPSConnection(host, **kwargs) + + @contextmanager +@@ -979,7 +978,7 @@ def atexit_remove_file(filename): + pass + + +-def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True): ++def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True, client_cert=None, client_key=None): + if ciphers is None: + ciphers = [] + +@@ -1006,6 +1005,9 @@ def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True): + if ciphers: + context.set_ciphers(':'.join(map(to_native, ciphers))) + ++ if client_cert: ++ context.load_cert_chain(client_cert, keyfile=client_key) ++ + return context + + +@@ -1514,6 +1516,8 @@ def open(self, method, url, data=None, headers=None, use_proxy=None, + cadata=cadata, + ciphers=ciphers, + validate_certs=validate_certs, ++ client_cert=client_cert, ++ client_key=client_key, + ) + handlers.append(HTTPSClientAuthHandler(client_cert=client_cert, + client_key=client_key, +diff --git a/test/units/module_utils/urls/test_Request.py b/test/units/module_utils/urls/test_Request.py +index d2c4ea38012a49..a8bc3a0b6bde3b 100644 +--- a/test/units/module_utils/urls/test_Request.py ++++ b/test/units/module_utils/urls/test_Request.py +@@ -33,6 +33,7 @@ def install_opener_mock(mocker): + def test_Request_fallback(urlopen_mock, install_opener_mock, mocker): + here = os.path.dirname(__file__) + pem = os.path.join(here, 'fixtures/client.pem') ++ client_key = os.path.join(here, 'fixtures/client.key') + + cookies = cookiejar.CookieJar() + request = Request( +@@ -46,8 +47,8 @@ def test_Request_fallback(urlopen_mock, install_opener_mock, mocker): + http_agent='ansible-tests', + force_basic_auth=True, + follow_redirects='all', +- client_cert='/tmp/client.pem', +- client_key='/tmp/client.key', ++ client_cert=pem, ++ client_key=client_key, + cookies=cookies, + unix_socket='/foo/bar/baz.sock', + ca_path=pem, +@@ -68,8 +69,8 @@ def test_Request_fallback(urlopen_mock, install_opener_mock, mocker): + call(None, 'ansible-tests'), # http_agent + call(None, True), # force_basic_auth + call(None, 'all'), # follow_redirects +- call(None, '/tmp/client.pem'), # client_cert +- call(None, '/tmp/client.key'), # client_key ++ call(None, pem), # client_cert ++ call(None, client_key), # client_key + call(None, cookies), # cookies + call(None, '/foo/bar/baz.sock'), # unix_socket + call(None, pem), # ca_path +@@ -358,10 +359,7 @@ def test_Request_open_client_cert(urlopen_mock, install_opener_mock): + assert ssl_handler.client_cert == client_cert + assert ssl_handler.client_key == client_key + +- https_connection = ssl_handler._build_https_connection('ansible.com') +- +- assert https_connection.key_file == client_key +- assert https_connection.cert_file == client_cert ++ ssl_handler._build_https_connection('ansible.com') + + + def test_Request_open_cookies(urlopen_mock, install_opener_mock):