From 0f21b9c7d42b62fa5a77c75c028f4d30c52e1066 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 25 Sep 2017 15:35:31 -0700 Subject: [PATCH 01/30] ansible has been retired from EPEL7 It has been added to RHEL extras with RHEL 7.4 You can get it from RHEL extras, CentOS, or http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ See bug https://bugzilla.redhat.com/show_bug.cgi?id=1455309 --- .coveragerc | 24 -- .gitignore | 50 --- ansible-newer-jinja.patch | 12 - ansible.spec | 673 -------------------------------------- dead.package | 7 + sources | 1 - 6 files changed, 7 insertions(+), 760 deletions(-) delete mode 100644 .coveragerc delete mode 100644 .gitignore delete mode 100644 ansible-newer-jinja.patch delete mode 100644 ansible.spec create mode 100644 dead.package delete mode 100644 sources diff --git a/.coveragerc b/.coveragerc deleted file mode 100644 index 698302a..0000000 --- a/.coveragerc +++ /dev/null @@ -1,24 +0,0 @@ -# This configuration file is used for manual execution of coverage -# as well as for tests run through ansible-test. - -[run] -branch = True - -# Enable concurrency. This also enables parallel mode, which results in -# multiple coverage files being created. Concurrency allows us to collect -# results from multiple tests simultaneously, as well as supporting multiple -# test runs, such as from integration tests. -concurrency = multiprocessing -parallel = True - -# When running tests through ansible-test, this option is overridden by -# the COVERAGE_FILE environment variable. This option is present for -# convenience when running coverage manually from this directory. -data_file = test/results/coverage/coverage - -# Don't collect or report code coverage from files matching these patterns. -omit = - */python*/dist-packages/* - */python*/site-packages/* - */python*/distutils - */pytest diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 6b8fb84..0000000 --- a/.gitignore +++ /dev/null @@ -1,50 +0,0 @@ -/ansible-1.5.3.tar.gz -/ansible-1.5.4.tar.gz -/ansible-1.5.5.tar.gz -/ansible-1.6.tar.gz -/ansible-1.6.1.tar.gz -/ansible-1.6.2.tar.gz -/ansible-1.6.3.tar.gz -/ansible-1.6.4.tar.gz -/ansible-1.6.5.tar.gz -/ansible-1.6.6.tar.gz -/ansible-1.6.7.tar.gz -/ansible-1.6.8.tar.gz -/ansible-1.6.9.tar.gz -/ansible-1.6.10.tar.gz -/ansible-1.7.tar.gz -/ansible-1.7.1.tar.gz -/ansible-1.7.2.tar.gz -/ansible-1.8.tar.gz -/ansible-1.8.1.tar.gz -/ansible-1.8.2.tar.gz -/ansible-1.8.3.tar.gz -/ansible-1.8.4.tar.gz -/ansible-1.9.0.tar.gz -/ansible-1.9.0.1.tar.gz -/ansible-1.9.1.tar.gz -/ansible-1.9.2.tar.gz -/ansible-1.9.3.tar.gz -/ansible-1.9.4.tar.gz -/ansible-2.0.0.1.tar.gz -/ansible-unittests.tar.xz -/ansible-2.0.0.2.tar.gz -/ansible-2.0.1.0.tar.gz -/ansible-unittests-2.0.1.0.tar.xz -/ansible-unittests-2.0.2.0.tar.xz -/ansible-2.0.2.0.tar.gz -/ansible-unittests-2.1.0.0.tar.xz -/ansible-2.1.0.0.tar.gz -/ansible-unittests-2.1.1.0.tar.xz -/ansible-2.1.1.0.tar.gz -/ansible-2.1.2.0.tar.gz -/ansible-unittests-2.1.2.0.tar.xz -/ansible-unittests-2.2.0.0.tar.xz -/ansible-2.2.0.0.tar.gz -/ansible-unittests-2.2.1.0.tar.xz -/ansible-2.2.1.0.tar.gz -/ansible-2.2.2.0-0.1.rc1.tar.gz -/ansible-unittests-2.2.2.0.tar.xz -/ansible-2.2.2.0.tar.gz -/ansible-2.3.0.0.tar.gz -/ansible-2.3.1.0.tar.gz diff --git a/ansible-newer-jinja.patch b/ansible-newer-jinja.patch deleted file mode 100644 index 575c161..0000000 --- a/ansible-newer-jinja.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ansible-2.3.0.0/requirements.txt.bak ansible-2.3.0.0/requirements.txt ---- ansible-2.3.0.0/requirements.txt.bak 2017-04-12 08:37:59.217167604 -0700 -+++ ansible-2.3.0.0/requirements.txt 2017-04-12 08:38:33.969286602 -0700 -@@ -3,7 +3,7 @@ - # packages. Thus, this should be the loosest set possible (only required - # packages, not optional ones, and with the widest range of versions that could - # be suitable) --jinja2 -+jinja2 >= 2.6 - PyYAML - paramiko - pycrypto >= 2.6 diff --git a/ansible.spec b/ansible.spec deleted file mode 100644 index 60d9508..0000000 --- a/ansible.spec +++ /dev/null @@ -1,673 +0,0 @@ -# RHEL 6 didn't have a __python2 macro. -# Amazon Linux 2015.9 is based on RHEL6, with /usr/bin/python2 -> python2.6, while -# /usr/bin/python -> python2.7. Explicitly use python2.6. -%if 0%{?rhel} == 6 || 0%{?rhel} == 5 -%global __python2 /usr/bin/python2.6 -%endif - -%if 0%{?rhel} <= 5 -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot -%endif - -%if 0%{?fedora} -%global with_python3 1 -%else -%global with_python3 0 -%endif - -%{!?python_sitelib: %global python_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} - -Name: ansible -Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.3.1.0 -Release: 1%{?dist} - -Group: Development/Libraries -License: GPLv3+ -Source0: http://releases.ansible.com/ansible/%{name}-%{version}.tar.gz - -# Patch to utilize a newer jinja2 package on epel6 -# Non-upstreamable as it creates a dependency on a specific version of jinja. -# This is desirable for us as we have packages for that version but not for -# upstream as they don't know what their customers are running. -Patch100: ansible-newer-jinja.patch - -Url: http://ansible.com -BuildArch: noarch - -%if 0%{?rhel} && 0%{?rhel} <= 5 -BuildRequires: python26-devel - -Requires: python26-PyYAML -Requires: python26-paramiko -Requires: python26-jinja2 -Requires: python26-keyczar - -%else - -BuildRequires: python2-devel -BuildRequires: python-setuptools - -# For building docs -BuildRequires: python-sphinx - -# For tests -# We don't run tests on epel6, so don't bother pulling these in there. -%if (0%{?fedora} || 0%{?rhel} > 6) -BuildRequires: PyYAML -BuildRequires: python-crypto -BuildRequires: python-paramiko -BuildRequires: python-keyczar -BuildRequires: python-six -BuildRequires: python-nose -BuildRequires: python-coverage -BuildRequires: python-mock -BuildRequires: python-boto3 -BuildRequires: python-botocore -BuildRequires: python-passlib -# rhel7 does not have python-pytest but has pytest -%if 0%{?rhel} > 6 -BuildRequires: pytest -#BuildRequires: python-pytest-xdist -#BuildRequires: python-pytest-mock -%else -BuildRequires: python-pytest -BuildRequires: python-pytest-xdist -BuildRequires: python-pytest-mock -%endif -%endif - -%if (0%{?rhel} && 0%{?rhel} <= 6) -# Ansible will work with the jinja2 shipped with RHEL6 but users can gain -# additional jinja features by using the newer version -Requires: python-jinja2-26 -BuildRequires: python-jinja2-26 - -# Distros with python < 2.7.0 -BuildRequires: python-unittest2 - -%else -Requires: python-jinja2 -BuildRequires: python-jinja2 -%endif - -Requires: PyYAML -Requires: python-crypto -Requires: python-paramiko -Requires: python-keyczar -Requires: python-httplib2 -Requires: python-setuptools -Requires: python-six -Requires: sshpass -%endif - -%if 0%{?rhel} == 6 -# RHEL 6 needs a newer version of the pycrypto library for the ansible-vault -# command. Note: If other pieces of ansible also grow to need pycrypto you may -# need to add: Requires: python-crypto or patch the other pieces of ansible to -# make use of this forward compat package (see the patch for ansible-vault -# above to see what needs to be done.) -Requires: python-crypto2.6 -# The python-2.6 stdlib json module has a bug that affects the ansible -# to_nice_json filter -Requires: python-simplejson - -# For testing -BuildRequires: python-crypto2.6 -BuildRequires: python-simplejson -%endif - -# -# This is needed to update the old ansible-firewall package that is no -# longer needed. Note that you should also remove ansible-node-firewall manually -# Where you still have it installed. -# -Provides: ansible-fireball = %{version}-%{release} -Obsoletes: ansible-fireball < 1.2.4 - -%description - -Ansible is a radically simple model-driven configuration management, -multi-node deployment, and remote task execution system. Ansible works -over SSH and does not require any software or daemons to be installed -on remote nodes. Extension modules can be written in any language and -are transferred to managed machines automatically. - - -%if 0%{?with_python3} -# Note, ansible is not intended to be used as a library so avoiding the -# python3-ansible and python2-ansible package names so we don't confuse users. - -# Also note, similarly to dnf in its transition period, the python2 and python3 -# versions of ansible should behave identically but python3-only bugs may be present. -# So upstream would like us to ship both py2 and py3 ansible (at least in -# rawhide) for people to beat on and find bugs. -%package -n ansible-python3 -Summary: SSH-based configuration management, deployment, and task execution system -BuildRequires: python3-devel -BuildRequires: python3-setuptools - -# For tests -BuildRequires: python3-PyYAML -BuildRequires: python3-paramiko -BuildRequires: python3-crypto -# accelerate is the only thing that makes keyczar mandatory. Since accelerate -# is deprecated, just ignore it -#BuildRequires: python-keyczar -BuildRequires: python3-six -BuildRequires: python3-nose -BuildRequires: python3-pytest -BuildRequires: python3-pytest-xdist -BuildRequires: python3-pytest-mock -BuildRequires: python3-coverage -BuildRequires: python3-mock -BuildRequires: python3-boto3 -BuildRequires: python3-botocore -BuildRequires: python3-passlib -BuildRequires: python3-jinja2 - -Requires: python3-PyYAML -Requires: python3-paramiko -Requires: python3-crypto -# accelerate is the only thing that makes keyczar mandatory. Since accelerate -# is deprecated, just ignore it -#Requires: python3-keyczar -Requires: python3-setuptools -Requires: python3-six -Requires: python3-jinja2 -Requires: sshpass -%endif - - -%if 0%{?with_python3} -%description -n ansible-python3 - -Ansible is a radically simple model-driven configuration management, -multi-node deployment, and remote task execution system. Ansible works -over SSH and does not require any software or daemons to be installed -on remote nodes. Extension modules can be written in any language and -are transferred to managed machines automatically. - -This package installs versions of ansible that execute on Python3. -%endif # with_python3 - -%package -n ansible-doc -Summary: Documentation for Ansible - -%description -n ansible-doc - -Ansible is a radically simple model-driven configuration management, -multi-node deployment, and remote task execution system. Ansible works -over SSH and does not require any software or daemons to be installed -on remote nodes. Extension modules can be written in any language and -are transferred to managed machines automatically. - -This package installs extensive documentation for ansible - -%prep -%setup -q - -%if 0%{?rhel} == 6 -%patch100 -p1 -%endif - -%if 0%{?with_python3} -rm -rf %{py3dir} -cp -a . %{py3dir} -%endif # with_python3 - -%build -%{__python2} setup.py build -# Build docs -# EPEL6/7 don't have a recent enough sphinx to build the docs -%if 0%{?fedora} || 0%{?rhel} >= 8 - make webdocs -%endif - -%if 0%{?with_python3} -%py3_build -%endif # with_python3 - - -%install -%if 0%{?with_python3} -pushd %{py3dir} -%{__python3} setup.py install --root=$RPM_BUILD_ROOT -popd - -for i in $RPM_BUILD_ROOT/%{_bindir}/ansible* ; do - mv $i $i-%{python3_version} - ln -s %{_bindir}/$(basename $i)-%{python3_version} $i-3 -done -%endif # with_python3 - -%{__python2} setup.py install --root=$RPM_BUILD_ROOT -for i in $RPM_BUILD_ROOT/%{_bindir}/{ansible,ansible-console,ansible-doc,ansible-galaxy,ansible-playbook,ansible-pull,ansible-vault} ; do - mv $i $i-%{python2_version} - ln -s %{_bindir}/$(basename $i)-%{python2_version} $i - ln -s %{_bindir}/$(basename $i)-%{python2_version} $i-2 -done - -mkdir -p $RPM_BUILD_ROOT/etc/ansible/ -mkdir -p $RPM_BUILD_ROOT/etc/ansible/roles/ -cp examples/hosts $RPM_BUILD_ROOT/etc/ansible/ -cp examples/ansible.cfg $RPM_BUILD_ROOT/etc/ansible/ -mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man1 -cp -v docs/man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1/ - -cp -pr docs/docsite/rst . -%if 0%{?fedora} || 0%{?rhel} >= 8 - cp -pr docs/docsite/_build/html . -%endif - - -%check -# RHEL <= 6 doesn't have a new enough python-mock to run the tests -# Currently RHEL <= 7 doesn't have pytest-xdist or a new enough pytest -# Fedora 25 doesn't have a new enough pytest -%if 0%{?fedora} >= 26 || 0%{?rhel} >= 8 -if test -z $(which pytest) ; then - mkdir tests_bin - pushd tests_bin - ln -s `which py.test` pytest - export PATH=$PATH:$(pwd) - popd -fi -make tests - -%if 0%{?with_python3} -pushd %{py3dir} -if test -z $(which pytest) ; then - mkdir tests_bin - pushd tests_bin - ln -s `which py.test` pytest - export PATH=$PATH:$(pwd) - popd -fi -make tests -%endif # python3 - -%endif # New enough Fedora/RHEL - - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root) -%{python_sitelib}/ansible* -%{_bindir}/ansible* -%if 0%{?with_python3} -%exclude %{_bindir}/ansible*-3* -%endif # python3 -%config(noreplace) %{_sysconfdir}/ansible/ -%doc README.md PKG-INFO COPYING CHANGELOG.md -%doc %{_mandir}/man1/ansible* - -%if 0%{?with_python3} -%files -n ansible-python3 -%defattr(-,root,root,-) -%{python3_sitelib}/ansible* -%{_bindir}/ansible*-3* -%config(noreplace) %{_sysconfdir}/ansible/ -%doc README.md PKG-INFO COPYING CHANGELOG.md -%doc %{_mandir}/man1/ansible* -%endif # python3 - -%files -n ansible-doc -%doc rst -%if 0%{?fedora} || 0%{?rhel} >= 8 -%doc html -%endif - -%changelog -* Thu Jun 01 2017 Kevin Fenzi - 2.3.1.0-1 -- Update to 2.3.1.0. - -* Wed Apr 19 2017 James Hogarth - 2.3.0.0-3 -- Update backported patch to the one actually merged upstream - -* Wed Apr 19 2017 James Hogarth - 2.3.0.0-2 -- Backport hotfix to fix ansible-galaxy regression https://github.com/ansible/ansible/issues/22572 - -* Wed Apr 12 2017 Toshio Kuratomi - 2.3.0.0-1 -- Update to 2.3.0 -- Remove upstreamed patches -- Remove controlpersist socket path path as a custom solution was included - upstream -- Run the unittests from the upstream tarball now instead of having to download - separately -- Build a documentation subpackage - -* Tue Mar 28 2017 Kevin Fenzi - 2.2.2.0-3 -- Deal with RHEL7 pytest vs python-pytest. -- Rebase epel6 newer jinja patch. -- Conditionalize exclude for RHEL6 rpm. - -* Tue Mar 28 2017 Kevin Fenzi - 2.2.2.0-2 -- Conditionalize python3 files for epel builds. - -* Tue Mar 28 2017 Toshio Kuratomi - - 2.2.2.0-1 -- 2.2.2.0 final -- Add new patch to fix unittests - -* Mon Mar 27 2017 Toshio Kuratomi - - 2.2.2.0-0.4.rc1 -- Add python-crypto and python3-crypto as explicit requirements - -* Mon Mar 27 2017 Toshio Kuratomi - - 2.2.2.0-0.3.rc1 -- Add a symlink for ansible executables to be accessed via python major version - (ie: ansible-3) in addition to python-major-minor (ansible-3.6) - -* Wed Mar 8 2017 Toshio Kuratomi - - 2.2.2.0-0.2.rc1 -- Add a python3 ansible package. Note that upstream doesn't intend for the library - to be used by third parties so this is really just for the executables. It's not - strictly required that the executables be built for both python2 and python3 but - we do need to get testing of the python3 version to know if it's stable enough to - go into the next Fedora. We also want the python2 version available in case a user - has to get something done and the python3 version is too buggy. -- Fix Ansible cli scripts to handle appended python version - -* Wed Feb 22 2017 Kevin Fenzi - 2.2.2.0-0.1.rc1 -- Update to 2.2.2.0 rc1. Fixes bug #1421485 - -* Fri Feb 10 2017 Fedora Release Engineering - 2.2.1.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Mon Jan 16 2017 Kevin Fenzi - 2.2.1.0-1 -- Update to 2.2.1. -- Fixes: CVE-2016-9587 CVE-2016-8647 CVE-2016-9587 CVE-2016-8647 -- Fixes bug #1405110 - -* Wed Nov 09 2016 Kevin Fenzi - 2.2.0.0-3 -- Update unit tests that will skip docker related tests if docker isn't available. -- Drop docker BuildRequires. Fixes bug #1392918 - -* Fri Nov 4 2016 Toshio Kuratomi - - 2.2.0.0-3 -- Fix for dnf group install - -* Tue Nov 01 2016 Kevin Fenzi - 2.2.0.0-2 -- Fix some BuildRequires to work on all branches. - -* Tue Nov 01 2016 Kevin Fenzi - 2.2.0.0-1 -- Update to 2.2.0. Fixes #1390564 #1388531 #1387621 #1381538 #1388113 #1390646 #1388038 #1390650 -- Fixes for CVE-2016-8628 CVE-2016-8614 CVE-2016-8628 CVE-2016-8614 - -* Thu Sep 29 2016 Kevin Fenzi - 2.1.2.0-1 -- Update to 2.1.2 - -* Thu Jul 28 2016 Kevin Fenzi - 2.1.1.0-1 -- Update to 2.1.1 - -* Tue Jul 19 2016 Fedora Release Engineering - 2.1.0.0-3 -- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages - -* Wed Jun 15 2016 Matt Domsch - 2.1.0.0-2 -- Force python 2.6 on EL6 - -* Wed May 25 2016 Kevin Fenzi - 2.1.0.0-1 -- Update to 2.1.0.0. -- Fixes: 1334097 1337474 1332233 1336266 - -* Tue Apr 19 2016 Kevin Fenzi - 2.0.2.0-1 -- Update to 2.0.2.0. https://github.com/ansible/ansible/blob/stable-2.0/CHANGELOG.md -- Fixes CVE-2016-3096 -- Fix for failed to resolve remote temporary directory issue. bug #1328359 - -* Thu Feb 25 2016 Toshio Kuratomi - 2.0.1.0-2 -- Patch control_path to be not hit path length limitations (RH BZ #1311729) -- Version the test tarball - -* Thu Feb 25 2016 Toshio Kuratomi - 2.0.1.0-1 -- Update to upstream bugfix for 2.0.x release series. - -* Thu Feb 4 2016 Toshio Kuratomi - - 2.0.0.2-3 -- Utilize the python-jinja26 package on EPEL6 - -* Wed Feb 03 2016 Fedora Release Engineering - 2.0.0.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Thu Jan 14 2016 Toshio Kuratomi - - 2.0.0.2-1 -- Ansible 2.0.0.2 release from upstream. (Minor bugfix to one callback plugin - API). - -* Tue Jan 12 2016 Toshio Kuratomi - 2.0.0.1-1 -- Ansible 2.0.0.1 from upstream. Rewrite with many bugfixes, rewritten code, - and new features. See the upstream changelog for details: - https://github.com/ansible/ansible/blob/devel/CHANGELOG.md - -* Wed Oct 14 2015 Adam Williamson - 1.9.4-2 -- backport upstream fix for GH #2043 (crash when pulling Docker images) - -* Fri Oct 09 2015 Kevin Fenzi 1.9.4-1 -- Update to 1.9.4 - -* Sun Oct 04 2015 Kevin Fenzi 1.9.3-3 -- Backport dnf module from head. Fixes bug #1267018 - -* Tue Sep 8 2015 Toshio Kuratomi - 1.9.3-2 -- Pull in patch for yum module that fixes state=latest issue - -* Thu Sep 03 2015 Kevin Fenzi 1.9.3-1 -- Update to 1.9.3 -- Patch dnf as package manager. Fixes bug #1258080 -- Fixes bug #1251392 (in 1.9.3 release) -- Add requires for sshpass package. Fixes bug #1258799 - -* Thu Jun 25 2015 Kevin Fenzi 1.9.2-1 -- Update to 1.9.2 - -* Tue Jun 16 2015 Fedora Release Engineering - 1.9.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Wed May 27 2015 Toshio Kuratomi - 1.9.1-2 -- Fix for dnf - -* Tue Apr 28 2015 Kevin Fenzi 1.9.1-1 -- Update to 1.9.1 - -* Wed Mar 25 2015 Kevin Fenzi 1.9.0.1-2 -- Drop upstreamed epel6 patches. - -* Wed Mar 25 2015 Kevin Fenzi 1.9.0.1-1 -- Update to 1.9.0.1 - -* Wed Mar 25 2015 Kevin Fenzi 1.9.0-1 -- Update to 1.9.0 - -* Thu Feb 19 2015 Kevin Fenzi 1.8.4-1 -- Update to 1.8.4 - -* Tue Feb 17 2015 Kevin Fenzi 1.8.3-1 -- Update to 1.8.3 - -* Sun Jan 11 2015 Toshio Kuratomi - 1.8.2-3 -- Work around a bug in python2.6 by using simplejson (applies in EPEL6) - -* Wed Dec 17 2014 Michael Scherer 1.8.2-2 -- precreate /etc/ansible/roles and /usr/share/ansible_plugins - -* Sun Dec 07 2014 Kevin Fenzi 1.8.2-1 -- Update to 1.8.2 - -* Thu Nov 27 2014 Kevin Fenzi 1.8.1-1 -- Update to 1.8.1 - -* Tue Nov 25 2014 Kevin Fenzi 1.8-2 -- Rebase el6 patch - -* Tue Nov 25 2014 Kevin Fenzi 1.8-1 -- Update to 1.8 - -* Thu Oct 9 2014 Toshio Kuratomi - 1.7.2-2 -- Add /usr/bin/ansible to the rhel6 newer pycrypto patch - -* Wed Sep 24 2014 Kevin Fenzi 1.7.2-1 -- Update to 1.7.2 - -* Thu Aug 14 2014 Kevin Fenzi 1.7.1-1 -- Update to 1.7.1 - -* Wed Aug 06 2014 Kevin Fenzi 1.7-1 -- Update to 1.7 - -* Fri Jul 25 2014 Kevin Fenzi 1.6.10-1 -- Update to 1.6.10 - -* Thu Jul 24 2014 Kevin Fenzi 1.6.9-1 -- Update to 1.6.9 with more shell quoting fixes. - -* Tue Jul 22 2014 Kevin Fenzi 1.6.8-1 -- Update to 1.6.8 with fixes for shell quoting from previous release. -- Fixes bugs #1122060 #1122061 #1122062 - -* Mon Jul 21 2014 Kevin Fenzi 1.6.7-1 -- Update to 1.6.7 -- Fixes CVE-2014-4966 and CVE-2014-4967 - -* Tue Jul 01 2014 Kevin Fenzi 1.6.6-1 -- Update to 1.6.6 - -* Wed Jun 25 2014 Kevin Fenzi 1.6.5-1 -- Update to 1.6.5 - -* Wed Jun 25 2014 Kevin Fenzi 1.6.4-1 -- Update to 1.6.4 - -* Mon Jun 09 2014 Kevin Fenzi 1.6.3-1 -- Update to 1.6.3 - -* Sat Jun 07 2014 Fedora Release Engineering - 1.6.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Fri May 23 2014 Kevin Fenzi 1.6.2-1 -- Update to 1.6.2 release - -* Wed May 7 2014 Toshio Kuratomi - 1.6.1-1 -- Bugfix 1.6.1 release - -* Mon May 5 2014 Toshio Kuratomi - 1.6-1 -- Update to 1.6 -- Drop accelerate fix, merged upstream -- Refresh RHEL6 pycrypto patch. It was half-merged upstream. - -* Fri Apr 18 2014 Kevin Fenzi 1.5.5-1 -- Update to 1.5.5 - -* Mon Apr 7 2014 Toshio Kuratomi - 1.5.4-2 -- Fix setuptools requirement to apply to rhel=6, not rhel<6 - -* Wed Apr 2 2014 Toshio Kuratomi - 1.5.4-1 -- Update to 1.5.4 -- Add upstream patch to fix accelerator mode -- Merge fedora and el6 spec files - -* Fri Mar 14 2014 Kevin Fenzi 1.5.3-2 -- Update to NEW 1.5.3 upstream release. -- Add missing dependency on python-setuptools (el6 build) - -* Thu Mar 13 2014 Kevin Fenzi 1.5.3-1 -- Update to 1.5.3 -- Fix ansible-vault for newer python-crypto dependency (el6 build) - -* Tue Mar 11 2014 Kevin Fenzi 1.5.2-2 -- Update to redone 1.5.2 release - -* Tue Mar 11 2014 Kevin Fenzi 1.5.2-1 -- Update to 1.5.2 - -* Mon Mar 10 2014 Kevin Fenzi 1.5.1-1 -- Update to 1.5.1 - -* Fri Feb 28 2014 Kevin Fenzi 1.5-1 -- Update to 1.5 - -* Wed Feb 12 2014 Kevin Fenzi 1.4.5-1 -- Update to 1.4.5 - -* Sat Dec 28 2013 Kevin Fenzi 1.4.3-1 -- Update to 1.4.3 with ansible galaxy commands. -- Adds python-httplib2 to requires - -* Wed Nov 27 2013 Kevin Fenzi 1.4.1-1 -- Update to upstream 1.4.1 bugfix release - -* Thu Nov 21 2013 Kevin Fenzi 1.4-1 -- Update to 1.4 - -* Tue Oct 29 2013 Kevin Fenzi 1.3.4-1 -- Update to 1.3.4 - -* Tue Oct 08 2013 Kevin Fenzi 1.3.3-1 -- Update to 1.3.3 - -* Thu Sep 19 2013 Kevin Fenzi 1.3.2-1 -- Update to 1.3.2 with minor upstream fixes - -* Mon Sep 16 2013 Kevin Fenzi 1.3.1-1 -- Update to 1.3.1 - -* Sat Sep 14 2013 Kevin Fenzi 1.3.0-2 -- Merge upstream spec changes to support EPEL5 -- (Still needs python26-keyczar and deps added to EPEL) - -* Thu Sep 12 2013 Kevin Fenzi 1.3.0-1 -- Update to 1.3.0 -- Drop node-fireball subpackage entirely. -- Obsolete/provide fireball subpackage. -- Add Requires python-keyczar on main package for accelerated mode. - -* Wed Aug 21 2013 Kevin Fenzi 1.2.3-2 -- Update to 1.2.3 -- Fixes CVE-2013-4260 and CVE-2013-4259 - -* Sat Aug 03 2013 Fedora Release Engineering - 1.2.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Sat Jul 06 2013 Kevin Fenzi 1.2.2-1 -- Update to 1.2.2 with minor fixes - -* Fri Jul 05 2013 Kevin Fenzi 1.2.1-2 -- Update to newer upstream re-release to fix a syntax error - -* Thu Jul 04 2013 Kevin Fenzi 1.2.1-1 -- Update to 1.2.1 -- Fixes CVE-2013-2233 - -* Mon Jun 10 2013 Kevin Fenzi 1.2-1 -- Update to 1.2 - -* Tue Apr 02 2013 Kevin Fenzi 1.1-1 -- Update to 1.1 - -* Mon Mar 18 2013 Kevin Fenzi 1.0-1 -- Update to 1.0 - -* Wed Feb 13 2013 Fedora Release Engineering - 0.9-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Fri Nov 30 2012 Michael DeHaan - 0.9-0 -- Release 0.9 - -* Fri Oct 19 2012 Michael DeHaan - 0.8-0 -- Release of 0.8 - -* Thu Aug 9 2012 Michael DeHaan - 0.7-0 -- Release of 0.7 - -* Mon Aug 6 2012 Michael DeHaan - 0.6-0 -- Release of 0.6 - -* Wed Jul 4 2012 Michael DeHaan - 0.5-0 -- Release of 0.5 - -* Wed May 23 2012 Michael DeHaan - 0.4-0 -- Release of 0.4 - -* Mon Apr 23 2012 Michael DeHaan - 0.3-1 -- Release of 0.3 - -* Tue Apr 3 2012 John Eckersberg - 0.0.2-1 -- Release of 0.0.2 - -* Sat Mar 10 2012 - 0.0.1-1 -- Release of 0.0.1 diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..a85092c --- /dev/null +++ b/dead.package @@ -0,0 +1,7 @@ +ansible has been retired from EPEL7 +It has been added to RHEL extras with RHEL 7.4 + +You can get it from RHEL extras, CentOS, or +http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ + +See bug https://bugzilla.redhat.com/show_bug.cgi?id=1455309 diff --git a/sources b/sources deleted file mode 100644 index 479edf9..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -SHA512 (ansible-2.3.1.0.tar.gz) = 7b4b33c56a15c41d756f095944d7a0dbf894557350879430df21061b717b9574aae624a276bf7e1a13d043b718aeaccac1ce510a3cb085983311ddf06fa832bc From 33fcafcc2e126914dc7f769127a12fb7c6e66c67 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 29 Nov 2017 14:35:47 -0800 Subject: [PATCH 02/30] Revert "ansible has been retired from EPEL7" This reverts commit 0f21b9c7d42b62fa5a77c75c028f4d30c52e1066. --- .coveragerc | 24 ++ .gitignore | 50 +++ ansible-newer-jinja.patch | 12 + ansible.spec | 673 ++++++++++++++++++++++++++++++++++++++ dead.package | 7 - sources | 1 + 6 files changed, 760 insertions(+), 7 deletions(-) create mode 100644 .coveragerc create mode 100644 .gitignore create mode 100644 ansible-newer-jinja.patch create mode 100644 ansible.spec delete mode 100644 dead.package create mode 100644 sources diff --git a/.coveragerc b/.coveragerc new file mode 100644 index 0000000..698302a --- /dev/null +++ b/.coveragerc @@ -0,0 +1,24 @@ +# This configuration file is used for manual execution of coverage +# as well as for tests run through ansible-test. + +[run] +branch = True + +# Enable concurrency. This also enables parallel mode, which results in +# multiple coverage files being created. Concurrency allows us to collect +# results from multiple tests simultaneously, as well as supporting multiple +# test runs, such as from integration tests. +concurrency = multiprocessing +parallel = True + +# When running tests through ansible-test, this option is overridden by +# the COVERAGE_FILE environment variable. This option is present for +# convenience when running coverage manually from this directory. +data_file = test/results/coverage/coverage + +# Don't collect or report code coverage from files matching these patterns. +omit = + */python*/dist-packages/* + */python*/site-packages/* + */python*/distutils + */pytest diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6b8fb84 --- /dev/null +++ b/.gitignore @@ -0,0 +1,50 @@ +/ansible-1.5.3.tar.gz +/ansible-1.5.4.tar.gz +/ansible-1.5.5.tar.gz +/ansible-1.6.tar.gz +/ansible-1.6.1.tar.gz +/ansible-1.6.2.tar.gz +/ansible-1.6.3.tar.gz +/ansible-1.6.4.tar.gz +/ansible-1.6.5.tar.gz +/ansible-1.6.6.tar.gz +/ansible-1.6.7.tar.gz +/ansible-1.6.8.tar.gz +/ansible-1.6.9.tar.gz +/ansible-1.6.10.tar.gz +/ansible-1.7.tar.gz +/ansible-1.7.1.tar.gz +/ansible-1.7.2.tar.gz +/ansible-1.8.tar.gz +/ansible-1.8.1.tar.gz +/ansible-1.8.2.tar.gz +/ansible-1.8.3.tar.gz +/ansible-1.8.4.tar.gz +/ansible-1.9.0.tar.gz +/ansible-1.9.0.1.tar.gz +/ansible-1.9.1.tar.gz +/ansible-1.9.2.tar.gz +/ansible-1.9.3.tar.gz +/ansible-1.9.4.tar.gz +/ansible-2.0.0.1.tar.gz +/ansible-unittests.tar.xz +/ansible-2.0.0.2.tar.gz +/ansible-2.0.1.0.tar.gz +/ansible-unittests-2.0.1.0.tar.xz +/ansible-unittests-2.0.2.0.tar.xz +/ansible-2.0.2.0.tar.gz +/ansible-unittests-2.1.0.0.tar.xz +/ansible-2.1.0.0.tar.gz +/ansible-unittests-2.1.1.0.tar.xz +/ansible-2.1.1.0.tar.gz +/ansible-2.1.2.0.tar.gz +/ansible-unittests-2.1.2.0.tar.xz +/ansible-unittests-2.2.0.0.tar.xz +/ansible-2.2.0.0.tar.gz +/ansible-unittests-2.2.1.0.tar.xz +/ansible-2.2.1.0.tar.gz +/ansible-2.2.2.0-0.1.rc1.tar.gz +/ansible-unittests-2.2.2.0.tar.xz +/ansible-2.2.2.0.tar.gz +/ansible-2.3.0.0.tar.gz +/ansible-2.3.1.0.tar.gz diff --git a/ansible-newer-jinja.patch b/ansible-newer-jinja.patch new file mode 100644 index 0000000..575c161 --- /dev/null +++ b/ansible-newer-jinja.patch @@ -0,0 +1,12 @@ +diff -up ansible-2.3.0.0/requirements.txt.bak ansible-2.3.0.0/requirements.txt +--- ansible-2.3.0.0/requirements.txt.bak 2017-04-12 08:37:59.217167604 -0700 ++++ ansible-2.3.0.0/requirements.txt 2017-04-12 08:38:33.969286602 -0700 +@@ -3,7 +3,7 @@ + # packages. Thus, this should be the loosest set possible (only required + # packages, not optional ones, and with the widest range of versions that could + # be suitable) +-jinja2 ++jinja2 >= 2.6 + PyYAML + paramiko + pycrypto >= 2.6 diff --git a/ansible.spec b/ansible.spec new file mode 100644 index 0000000..60d9508 --- /dev/null +++ b/ansible.spec @@ -0,0 +1,673 @@ +# RHEL 6 didn't have a __python2 macro. +# Amazon Linux 2015.9 is based on RHEL6, with /usr/bin/python2 -> python2.6, while +# /usr/bin/python -> python2.7. Explicitly use python2.6. +%if 0%{?rhel} == 6 || 0%{?rhel} == 5 +%global __python2 /usr/bin/python2.6 +%endif + +%if 0%{?rhel} <= 5 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot +%endif + +%if 0%{?fedora} +%global with_python3 1 +%else +%global with_python3 0 +%endif + +%{!?python_sitelib: %global python_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} + +Name: ansible +Summary: SSH-based configuration management, deployment, and task execution system +Version: 2.3.1.0 +Release: 1%{?dist} + +Group: Development/Libraries +License: GPLv3+ +Source0: http://releases.ansible.com/ansible/%{name}-%{version}.tar.gz + +# Patch to utilize a newer jinja2 package on epel6 +# Non-upstreamable as it creates a dependency on a specific version of jinja. +# This is desirable for us as we have packages for that version but not for +# upstream as they don't know what their customers are running. +Patch100: ansible-newer-jinja.patch + +Url: http://ansible.com +BuildArch: noarch + +%if 0%{?rhel} && 0%{?rhel} <= 5 +BuildRequires: python26-devel + +Requires: python26-PyYAML +Requires: python26-paramiko +Requires: python26-jinja2 +Requires: python26-keyczar + +%else + +BuildRequires: python2-devel +BuildRequires: python-setuptools + +# For building docs +BuildRequires: python-sphinx + +# For tests +# We don't run tests on epel6, so don't bother pulling these in there. +%if (0%{?fedora} || 0%{?rhel} > 6) +BuildRequires: PyYAML +BuildRequires: python-crypto +BuildRequires: python-paramiko +BuildRequires: python-keyczar +BuildRequires: python-six +BuildRequires: python-nose +BuildRequires: python-coverage +BuildRequires: python-mock +BuildRequires: python-boto3 +BuildRequires: python-botocore +BuildRequires: python-passlib +# rhel7 does not have python-pytest but has pytest +%if 0%{?rhel} > 6 +BuildRequires: pytest +#BuildRequires: python-pytest-xdist +#BuildRequires: python-pytest-mock +%else +BuildRequires: python-pytest +BuildRequires: python-pytest-xdist +BuildRequires: python-pytest-mock +%endif +%endif + +%if (0%{?rhel} && 0%{?rhel} <= 6) +# Ansible will work with the jinja2 shipped with RHEL6 but users can gain +# additional jinja features by using the newer version +Requires: python-jinja2-26 +BuildRequires: python-jinja2-26 + +# Distros with python < 2.7.0 +BuildRequires: python-unittest2 + +%else +Requires: python-jinja2 +BuildRequires: python-jinja2 +%endif + +Requires: PyYAML +Requires: python-crypto +Requires: python-paramiko +Requires: python-keyczar +Requires: python-httplib2 +Requires: python-setuptools +Requires: python-six +Requires: sshpass +%endif + +%if 0%{?rhel} == 6 +# RHEL 6 needs a newer version of the pycrypto library for the ansible-vault +# command. Note: If other pieces of ansible also grow to need pycrypto you may +# need to add: Requires: python-crypto or patch the other pieces of ansible to +# make use of this forward compat package (see the patch for ansible-vault +# above to see what needs to be done.) +Requires: python-crypto2.6 +# The python-2.6 stdlib json module has a bug that affects the ansible +# to_nice_json filter +Requires: python-simplejson + +# For testing +BuildRequires: python-crypto2.6 +BuildRequires: python-simplejson +%endif + +# +# This is needed to update the old ansible-firewall package that is no +# longer needed. Note that you should also remove ansible-node-firewall manually +# Where you still have it installed. +# +Provides: ansible-fireball = %{version}-%{release} +Obsoletes: ansible-fireball < 1.2.4 + +%description + +Ansible is a radically simple model-driven configuration management, +multi-node deployment, and remote task execution system. Ansible works +over SSH and does not require any software or daemons to be installed +on remote nodes. Extension modules can be written in any language and +are transferred to managed machines automatically. + + +%if 0%{?with_python3} +# Note, ansible is not intended to be used as a library so avoiding the +# python3-ansible and python2-ansible package names so we don't confuse users. + +# Also note, similarly to dnf in its transition period, the python2 and python3 +# versions of ansible should behave identically but python3-only bugs may be present. +# So upstream would like us to ship both py2 and py3 ansible (at least in +# rawhide) for people to beat on and find bugs. +%package -n ansible-python3 +Summary: SSH-based configuration management, deployment, and task execution system +BuildRequires: python3-devel +BuildRequires: python3-setuptools + +# For tests +BuildRequires: python3-PyYAML +BuildRequires: python3-paramiko +BuildRequires: python3-crypto +# accelerate is the only thing that makes keyczar mandatory. Since accelerate +# is deprecated, just ignore it +#BuildRequires: python-keyczar +BuildRequires: python3-six +BuildRequires: python3-nose +BuildRequires: python3-pytest +BuildRequires: python3-pytest-xdist +BuildRequires: python3-pytest-mock +BuildRequires: python3-coverage +BuildRequires: python3-mock +BuildRequires: python3-boto3 +BuildRequires: python3-botocore +BuildRequires: python3-passlib +BuildRequires: python3-jinja2 + +Requires: python3-PyYAML +Requires: python3-paramiko +Requires: python3-crypto +# accelerate is the only thing that makes keyczar mandatory. Since accelerate +# is deprecated, just ignore it +#Requires: python3-keyczar +Requires: python3-setuptools +Requires: python3-six +Requires: python3-jinja2 +Requires: sshpass +%endif + + +%if 0%{?with_python3} +%description -n ansible-python3 + +Ansible is a radically simple model-driven configuration management, +multi-node deployment, and remote task execution system. Ansible works +over SSH and does not require any software or daemons to be installed +on remote nodes. Extension modules can be written in any language and +are transferred to managed machines automatically. + +This package installs versions of ansible that execute on Python3. +%endif # with_python3 + +%package -n ansible-doc +Summary: Documentation for Ansible + +%description -n ansible-doc + +Ansible is a radically simple model-driven configuration management, +multi-node deployment, and remote task execution system. Ansible works +over SSH and does not require any software or daemons to be installed +on remote nodes. Extension modules can be written in any language and +are transferred to managed machines automatically. + +This package installs extensive documentation for ansible + +%prep +%setup -q + +%if 0%{?rhel} == 6 +%patch100 -p1 +%endif + +%if 0%{?with_python3} +rm -rf %{py3dir} +cp -a . %{py3dir} +%endif # with_python3 + +%build +%{__python2} setup.py build +# Build docs +# EPEL6/7 don't have a recent enough sphinx to build the docs +%if 0%{?fedora} || 0%{?rhel} >= 8 + make webdocs +%endif + +%if 0%{?with_python3} +%py3_build +%endif # with_python3 + + +%install +%if 0%{?with_python3} +pushd %{py3dir} +%{__python3} setup.py install --root=$RPM_BUILD_ROOT +popd + +for i in $RPM_BUILD_ROOT/%{_bindir}/ansible* ; do + mv $i $i-%{python3_version} + ln -s %{_bindir}/$(basename $i)-%{python3_version} $i-3 +done +%endif # with_python3 + +%{__python2} setup.py install --root=$RPM_BUILD_ROOT +for i in $RPM_BUILD_ROOT/%{_bindir}/{ansible,ansible-console,ansible-doc,ansible-galaxy,ansible-playbook,ansible-pull,ansible-vault} ; do + mv $i $i-%{python2_version} + ln -s %{_bindir}/$(basename $i)-%{python2_version} $i + ln -s %{_bindir}/$(basename $i)-%{python2_version} $i-2 +done + +mkdir -p $RPM_BUILD_ROOT/etc/ansible/ +mkdir -p $RPM_BUILD_ROOT/etc/ansible/roles/ +cp examples/hosts $RPM_BUILD_ROOT/etc/ansible/ +cp examples/ansible.cfg $RPM_BUILD_ROOT/etc/ansible/ +mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man1 +cp -v docs/man/man1/*.1 $RPM_BUILD_ROOT/%{_mandir}/man1/ + +cp -pr docs/docsite/rst . +%if 0%{?fedora} || 0%{?rhel} >= 8 + cp -pr docs/docsite/_build/html . +%endif + + +%check +# RHEL <= 6 doesn't have a new enough python-mock to run the tests +# Currently RHEL <= 7 doesn't have pytest-xdist or a new enough pytest +# Fedora 25 doesn't have a new enough pytest +%if 0%{?fedora} >= 26 || 0%{?rhel} >= 8 +if test -z $(which pytest) ; then + mkdir tests_bin + pushd tests_bin + ln -s `which py.test` pytest + export PATH=$PATH:$(pwd) + popd +fi +make tests + +%if 0%{?with_python3} +pushd %{py3dir} +if test -z $(which pytest) ; then + mkdir tests_bin + pushd tests_bin + ln -s `which py.test` pytest + export PATH=$PATH:$(pwd) + popd +fi +make tests +%endif # python3 + +%endif # New enough Fedora/RHEL + + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +%{python_sitelib}/ansible* +%{_bindir}/ansible* +%if 0%{?with_python3} +%exclude %{_bindir}/ansible*-3* +%endif # python3 +%config(noreplace) %{_sysconfdir}/ansible/ +%doc README.md PKG-INFO COPYING CHANGELOG.md +%doc %{_mandir}/man1/ansible* + +%if 0%{?with_python3} +%files -n ansible-python3 +%defattr(-,root,root,-) +%{python3_sitelib}/ansible* +%{_bindir}/ansible*-3* +%config(noreplace) %{_sysconfdir}/ansible/ +%doc README.md PKG-INFO COPYING CHANGELOG.md +%doc %{_mandir}/man1/ansible* +%endif # python3 + +%files -n ansible-doc +%doc rst +%if 0%{?fedora} || 0%{?rhel} >= 8 +%doc html +%endif + +%changelog +* Thu Jun 01 2017 Kevin Fenzi - 2.3.1.0-1 +- Update to 2.3.1.0. + +* Wed Apr 19 2017 James Hogarth - 2.3.0.0-3 +- Update backported patch to the one actually merged upstream + +* Wed Apr 19 2017 James Hogarth - 2.3.0.0-2 +- Backport hotfix to fix ansible-galaxy regression https://github.com/ansible/ansible/issues/22572 + +* Wed Apr 12 2017 Toshio Kuratomi - 2.3.0.0-1 +- Update to 2.3.0 +- Remove upstreamed patches +- Remove controlpersist socket path path as a custom solution was included + upstream +- Run the unittests from the upstream tarball now instead of having to download + separately +- Build a documentation subpackage + +* Tue Mar 28 2017 Kevin Fenzi - 2.2.2.0-3 +- Deal with RHEL7 pytest vs python-pytest. +- Rebase epel6 newer jinja patch. +- Conditionalize exclude for RHEL6 rpm. + +* Tue Mar 28 2017 Kevin Fenzi - 2.2.2.0-2 +- Conditionalize python3 files for epel builds. + +* Tue Mar 28 2017 Toshio Kuratomi - - 2.2.2.0-1 +- 2.2.2.0 final +- Add new patch to fix unittests + +* Mon Mar 27 2017 Toshio Kuratomi - - 2.2.2.0-0.4.rc1 +- Add python-crypto and python3-crypto as explicit requirements + +* Mon Mar 27 2017 Toshio Kuratomi - - 2.2.2.0-0.3.rc1 +- Add a symlink for ansible executables to be accessed via python major version + (ie: ansible-3) in addition to python-major-minor (ansible-3.6) + +* Wed Mar 8 2017 Toshio Kuratomi - - 2.2.2.0-0.2.rc1 +- Add a python3 ansible package. Note that upstream doesn't intend for the library + to be used by third parties so this is really just for the executables. It's not + strictly required that the executables be built for both python2 and python3 but + we do need to get testing of the python3 version to know if it's stable enough to + go into the next Fedora. We also want the python2 version available in case a user + has to get something done and the python3 version is too buggy. +- Fix Ansible cli scripts to handle appended python version + +* Wed Feb 22 2017 Kevin Fenzi - 2.2.2.0-0.1.rc1 +- Update to 2.2.2.0 rc1. Fixes bug #1421485 + +* Fri Feb 10 2017 Fedora Release Engineering - 2.2.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Jan 16 2017 Kevin Fenzi - 2.2.1.0-1 +- Update to 2.2.1. +- Fixes: CVE-2016-9587 CVE-2016-8647 CVE-2016-9587 CVE-2016-8647 +- Fixes bug #1405110 + +* Wed Nov 09 2016 Kevin Fenzi - 2.2.0.0-3 +- Update unit tests that will skip docker related tests if docker isn't available. +- Drop docker BuildRequires. Fixes bug #1392918 + +* Fri Nov 4 2016 Toshio Kuratomi - - 2.2.0.0-3 +- Fix for dnf group install + +* Tue Nov 01 2016 Kevin Fenzi - 2.2.0.0-2 +- Fix some BuildRequires to work on all branches. + +* Tue Nov 01 2016 Kevin Fenzi - 2.2.0.0-1 +- Update to 2.2.0. Fixes #1390564 #1388531 #1387621 #1381538 #1388113 #1390646 #1388038 #1390650 +- Fixes for CVE-2016-8628 CVE-2016-8614 CVE-2016-8628 CVE-2016-8614 + +* Thu Sep 29 2016 Kevin Fenzi - 2.1.2.0-1 +- Update to 2.1.2 + +* Thu Jul 28 2016 Kevin Fenzi - 2.1.1.0-1 +- Update to 2.1.1 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.1.0.0-3 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Wed Jun 15 2016 Matt Domsch - 2.1.0.0-2 +- Force python 2.6 on EL6 + +* Wed May 25 2016 Kevin Fenzi - 2.1.0.0-1 +- Update to 2.1.0.0. +- Fixes: 1334097 1337474 1332233 1336266 + +* Tue Apr 19 2016 Kevin Fenzi - 2.0.2.0-1 +- Update to 2.0.2.0. https://github.com/ansible/ansible/blob/stable-2.0/CHANGELOG.md +- Fixes CVE-2016-3096 +- Fix for failed to resolve remote temporary directory issue. bug #1328359 + +* Thu Feb 25 2016 Toshio Kuratomi - 2.0.1.0-2 +- Patch control_path to be not hit path length limitations (RH BZ #1311729) +- Version the test tarball + +* Thu Feb 25 2016 Toshio Kuratomi - 2.0.1.0-1 +- Update to upstream bugfix for 2.0.x release series. + +* Thu Feb 4 2016 Toshio Kuratomi - - 2.0.0.2-3 +- Utilize the python-jinja26 package on EPEL6 + +* Wed Feb 03 2016 Fedora Release Engineering - 2.0.0.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jan 14 2016 Toshio Kuratomi - - 2.0.0.2-1 +- Ansible 2.0.0.2 release from upstream. (Minor bugfix to one callback plugin + API). + +* Tue Jan 12 2016 Toshio Kuratomi - 2.0.0.1-1 +- Ansible 2.0.0.1 from upstream. Rewrite with many bugfixes, rewritten code, + and new features. See the upstream changelog for details: + https://github.com/ansible/ansible/blob/devel/CHANGELOG.md + +* Wed Oct 14 2015 Adam Williamson - 1.9.4-2 +- backport upstream fix for GH #2043 (crash when pulling Docker images) + +* Fri Oct 09 2015 Kevin Fenzi 1.9.4-1 +- Update to 1.9.4 + +* Sun Oct 04 2015 Kevin Fenzi 1.9.3-3 +- Backport dnf module from head. Fixes bug #1267018 + +* Tue Sep 8 2015 Toshio Kuratomi - 1.9.3-2 +- Pull in patch for yum module that fixes state=latest issue + +* Thu Sep 03 2015 Kevin Fenzi 1.9.3-1 +- Update to 1.9.3 +- Patch dnf as package manager. Fixes bug #1258080 +- Fixes bug #1251392 (in 1.9.3 release) +- Add requires for sshpass package. Fixes bug #1258799 + +* Thu Jun 25 2015 Kevin Fenzi 1.9.2-1 +- Update to 1.9.2 + +* Tue Jun 16 2015 Fedora Release Engineering - 1.9.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed May 27 2015 Toshio Kuratomi - 1.9.1-2 +- Fix for dnf + +* Tue Apr 28 2015 Kevin Fenzi 1.9.1-1 +- Update to 1.9.1 + +* Wed Mar 25 2015 Kevin Fenzi 1.9.0.1-2 +- Drop upstreamed epel6 patches. + +* Wed Mar 25 2015 Kevin Fenzi 1.9.0.1-1 +- Update to 1.9.0.1 + +* Wed Mar 25 2015 Kevin Fenzi 1.9.0-1 +- Update to 1.9.0 + +* Thu Feb 19 2015 Kevin Fenzi 1.8.4-1 +- Update to 1.8.4 + +* Tue Feb 17 2015 Kevin Fenzi 1.8.3-1 +- Update to 1.8.3 + +* Sun Jan 11 2015 Toshio Kuratomi - 1.8.2-3 +- Work around a bug in python2.6 by using simplejson (applies in EPEL6) + +* Wed Dec 17 2014 Michael Scherer 1.8.2-2 +- precreate /etc/ansible/roles and /usr/share/ansible_plugins + +* Sun Dec 07 2014 Kevin Fenzi 1.8.2-1 +- Update to 1.8.2 + +* Thu Nov 27 2014 Kevin Fenzi 1.8.1-1 +- Update to 1.8.1 + +* Tue Nov 25 2014 Kevin Fenzi 1.8-2 +- Rebase el6 patch + +* Tue Nov 25 2014 Kevin Fenzi 1.8-1 +- Update to 1.8 + +* Thu Oct 9 2014 Toshio Kuratomi - 1.7.2-2 +- Add /usr/bin/ansible to the rhel6 newer pycrypto patch + +* Wed Sep 24 2014 Kevin Fenzi 1.7.2-1 +- Update to 1.7.2 + +* Thu Aug 14 2014 Kevin Fenzi 1.7.1-1 +- Update to 1.7.1 + +* Wed Aug 06 2014 Kevin Fenzi 1.7-1 +- Update to 1.7 + +* Fri Jul 25 2014 Kevin Fenzi 1.6.10-1 +- Update to 1.6.10 + +* Thu Jul 24 2014 Kevin Fenzi 1.6.9-1 +- Update to 1.6.9 with more shell quoting fixes. + +* Tue Jul 22 2014 Kevin Fenzi 1.6.8-1 +- Update to 1.6.8 with fixes for shell quoting from previous release. +- Fixes bugs #1122060 #1122061 #1122062 + +* Mon Jul 21 2014 Kevin Fenzi 1.6.7-1 +- Update to 1.6.7 +- Fixes CVE-2014-4966 and CVE-2014-4967 + +* Tue Jul 01 2014 Kevin Fenzi 1.6.6-1 +- Update to 1.6.6 + +* Wed Jun 25 2014 Kevin Fenzi 1.6.5-1 +- Update to 1.6.5 + +* Wed Jun 25 2014 Kevin Fenzi 1.6.4-1 +- Update to 1.6.4 + +* Mon Jun 09 2014 Kevin Fenzi 1.6.3-1 +- Update to 1.6.3 + +* Sat Jun 07 2014 Fedora Release Engineering - 1.6.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri May 23 2014 Kevin Fenzi 1.6.2-1 +- Update to 1.6.2 release + +* Wed May 7 2014 Toshio Kuratomi - 1.6.1-1 +- Bugfix 1.6.1 release + +* Mon May 5 2014 Toshio Kuratomi - 1.6-1 +- Update to 1.6 +- Drop accelerate fix, merged upstream +- Refresh RHEL6 pycrypto patch. It was half-merged upstream. + +* Fri Apr 18 2014 Kevin Fenzi 1.5.5-1 +- Update to 1.5.5 + +* Mon Apr 7 2014 Toshio Kuratomi - 1.5.4-2 +- Fix setuptools requirement to apply to rhel=6, not rhel<6 + +* Wed Apr 2 2014 Toshio Kuratomi - 1.5.4-1 +- Update to 1.5.4 +- Add upstream patch to fix accelerator mode +- Merge fedora and el6 spec files + +* Fri Mar 14 2014 Kevin Fenzi 1.5.3-2 +- Update to NEW 1.5.3 upstream release. +- Add missing dependency on python-setuptools (el6 build) + +* Thu Mar 13 2014 Kevin Fenzi 1.5.3-1 +- Update to 1.5.3 +- Fix ansible-vault for newer python-crypto dependency (el6 build) + +* Tue Mar 11 2014 Kevin Fenzi 1.5.2-2 +- Update to redone 1.5.2 release + +* Tue Mar 11 2014 Kevin Fenzi 1.5.2-1 +- Update to 1.5.2 + +* Mon Mar 10 2014 Kevin Fenzi 1.5.1-1 +- Update to 1.5.1 + +* Fri Feb 28 2014 Kevin Fenzi 1.5-1 +- Update to 1.5 + +* Wed Feb 12 2014 Kevin Fenzi 1.4.5-1 +- Update to 1.4.5 + +* Sat Dec 28 2013 Kevin Fenzi 1.4.3-1 +- Update to 1.4.3 with ansible galaxy commands. +- Adds python-httplib2 to requires + +* Wed Nov 27 2013 Kevin Fenzi 1.4.1-1 +- Update to upstream 1.4.1 bugfix release + +* Thu Nov 21 2013 Kevin Fenzi 1.4-1 +- Update to 1.4 + +* Tue Oct 29 2013 Kevin Fenzi 1.3.4-1 +- Update to 1.3.4 + +* Tue Oct 08 2013 Kevin Fenzi 1.3.3-1 +- Update to 1.3.3 + +* Thu Sep 19 2013 Kevin Fenzi 1.3.2-1 +- Update to 1.3.2 with minor upstream fixes + +* Mon Sep 16 2013 Kevin Fenzi 1.3.1-1 +- Update to 1.3.1 + +* Sat Sep 14 2013 Kevin Fenzi 1.3.0-2 +- Merge upstream spec changes to support EPEL5 +- (Still needs python26-keyczar and deps added to EPEL) + +* Thu Sep 12 2013 Kevin Fenzi 1.3.0-1 +- Update to 1.3.0 +- Drop node-fireball subpackage entirely. +- Obsolete/provide fireball subpackage. +- Add Requires python-keyczar on main package for accelerated mode. + +* Wed Aug 21 2013 Kevin Fenzi 1.2.3-2 +- Update to 1.2.3 +- Fixes CVE-2013-4260 and CVE-2013-4259 + +* Sat Aug 03 2013 Fedora Release Engineering - 1.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Sat Jul 06 2013 Kevin Fenzi 1.2.2-1 +- Update to 1.2.2 with minor fixes + +* Fri Jul 05 2013 Kevin Fenzi 1.2.1-2 +- Update to newer upstream re-release to fix a syntax error + +* Thu Jul 04 2013 Kevin Fenzi 1.2.1-1 +- Update to 1.2.1 +- Fixes CVE-2013-2233 + +* Mon Jun 10 2013 Kevin Fenzi 1.2-1 +- Update to 1.2 + +* Tue Apr 02 2013 Kevin Fenzi 1.1-1 +- Update to 1.1 + +* Mon Mar 18 2013 Kevin Fenzi 1.0-1 +- Update to 1.0 + +* Wed Feb 13 2013 Fedora Release Engineering - 0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Nov 30 2012 Michael DeHaan - 0.9-0 +- Release 0.9 + +* Fri Oct 19 2012 Michael DeHaan - 0.8-0 +- Release of 0.8 + +* Thu Aug 9 2012 Michael DeHaan - 0.7-0 +- Release of 0.7 + +* Mon Aug 6 2012 Michael DeHaan - 0.6-0 +- Release of 0.6 + +* Wed Jul 4 2012 Michael DeHaan - 0.5-0 +- Release of 0.5 + +* Wed May 23 2012 Michael DeHaan - 0.4-0 +- Release of 0.4 + +* Mon Apr 23 2012 Michael DeHaan - 0.3-1 +- Release of 0.3 + +* Tue Apr 3 2012 John Eckersberg - 0.0.2-1 +- Release of 0.0.2 + +* Sat Mar 10 2012 - 0.0.1-1 +- Release of 0.0.1 diff --git a/dead.package b/dead.package deleted file mode 100644 index a85092c..0000000 --- a/dead.package +++ /dev/null @@ -1,7 +0,0 @@ -ansible has been retired from EPEL7 -It has been added to RHEL extras with RHEL 7.4 - -You can get it from RHEL extras, CentOS, or -http://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ - -See bug https://bugzilla.redhat.com/show_bug.cgi?id=1455309 diff --git a/sources b/sources new file mode 100644 index 0000000..479edf9 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (ansible-2.3.1.0.tar.gz) = 7b4b33c56a15c41d756f095944d7a0dbf894557350879430df21061b717b9574aae624a276bf7e1a13d043b718aeaccac1ce510a3cb085983311ddf06fa832bc From ccc07e661baedd4f3e6793ad7791dba88d83bdc6 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 8 Nov 2019 13:07:45 -0800 Subject: [PATCH 03/30] Update to 2.9.0. --- .gitignore | 1 + ansible.spec | 27 +++++++++++++++------------ sources | 2 +- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index db2c392..1df7dc0 100644 --- a/.gitignore +++ b/.gitignore @@ -84,3 +84,4 @@ /ansible-2.8.3.tar.gz /ansible-2.8.4.tar.gz /ansible-2.8.5.tar.gz +/ansible-2.9.0.tar.gz diff --git a/ansible.spec b/ansible.spec index 00b41c3..807ec1c 100644 --- a/ansible.spec +++ b/ansible.spec @@ -1,3 +1,8 @@ +# +# NOTE: This spec is particular to the epel7 branch. +# Please modify it alone and do not merge master or +# any other branches into it. +# # RHEL 6 didn't have a __python2 macro. # Amazon Linux 2015.9 is based on RHEL6, with /usr/bin/python2 -> python2.6, while # /usr/bin/python -> python2.7. Explicitly use python2.6. @@ -29,7 +34,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.8.5 +Version: 2.9.0 Release: 1%{?dist} License: GPLv3+ @@ -41,11 +46,6 @@ Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz # upstream as they don't know what their customers are running. Patch100: ansible-newer-jinja.patch -# Python 3.8 compatibility in docs -# https://bugzilla.redhat.com/show_bug.cgi?id=1712531 -# rebased from https://github.com/ansible/ansible/pull/56806 -Patch101: 56806.patch - Url: http://ansible.com BuildArch: noarch @@ -94,6 +94,7 @@ BuildRequires: python3-sphinx-theme-alabaster %if 0%{?rhel} == 7 BuildRequires: pytest BuildRequires: python2-sphinx-theme-alabaster +BuildRequires: python-straight-plugin %else BuildRequires: python-pytest BuildRequires: python-pytest-xdist @@ -267,8 +268,6 @@ This package installs extensive documentation for ansible %patch100 -p1 %endif -%patch101 -p1 - %if 0%{?with_python3} rm -rf %{py3dir} cp -a . %{py3dir} @@ -300,8 +299,9 @@ popd %if ! %with_docs && ( 0%{?fedora} || 0%{?rhel} >= 7) # Generate the rst docs from the source if they weren't generated earlier as - # part of the html docs build - make -Cdocs/docsite config cli keywords modules plugins testing + # part of the html docs build. + # This is broken right now because it needs python3 and python3-straight-plugin + #make -Cdocs/docsite config cli keywords modules plugins testing %endif %install @@ -430,14 +430,14 @@ popd # python3 and 2 %config(noreplace) %{_sysconfdir}/ansible/ %{_datadir}/ansible/ -%doc README.rst PKG-INFO COPYING changelogs/CHANGELOG-v2.8.rst +%doc README.rst PKG-INFO COPYING changelogs/CHANGELOG-v2.9.rst %doc %{_mandir}/man1/ansible* %if 0%{?with_python3} %if 0%{?with_python2} %files -n ansible-python3 %config(noreplace) %{_sysconfdir}/ansible/ -%doc README.rst PKG-INFO COPYING changelogs/CHANGELOG-v2.8.rst +%doc README.rst PKG-INFO COPYING changelogs/CHANGELOG-v2.9.rst %doc %{_mandir}/man1/ansible* %{_bindir}/ansible*-3* %endif @@ -453,6 +453,9 @@ popd %endif %changelog +* Fri Nov 08 2019 Kevin Fenzi - 2.9.0-1 +- Update to 2.9.0. + * Fri Sep 13 2019 Kevin Fenzi - 2.8.5-1 - Update to 2.8.5. diff --git a/sources b/sources index 9528a50..88bb11d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.8.5.tar.gz) = 6555b9a3d3d8298410e54f7116d92fc1978bef185a5136cfb809c1942b08b96c562af9e0d6d1a25eee5a4024d309b6713ce27836857b428a7c362e26efb53777 +SHA512 (ansible-2.9.0.tar.gz) = 47e0738bbf9918254d7b33ddc0a8f89a101995ccc3cb846be9ff10bdbc7687fb8a5390d8b976b3ce17fa1325ab63a592161b026d5d943a01f8a5803fca67312a From 4e2b86766f6c24b88a93d2a84296e2c280be17fc Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 13 Nov 2019 20:23:34 -0800 Subject: [PATCH 04/30] Update to 2.9.1. --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 807ec1c..2fa16b6 100644 --- a/ansible.spec +++ b/ansible.spec @@ -34,7 +34,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.0 +Version: 2.9.1 Release: 1%{?dist} License: GPLv3+ @@ -453,6 +453,9 @@ popd %endif %changelog +* Wed Nov 13 2019 Kevin Fenzi - 2.9.1-1 +- Update to 2.9.1. + * Fri Nov 08 2019 Kevin Fenzi - 2.9.0-1 - Update to 2.9.0. diff --git a/sources b/sources index 88bb11d..777d217 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.0.tar.gz) = 47e0738bbf9918254d7b33ddc0a8f89a101995ccc3cb846be9ff10bdbc7687fb8a5390d8b976b3ce17fa1325ab63a592161b026d5d943a01f8a5803fca67312a +SHA512 (ansible-2.9.1.tar.gz) = fdb25017b96475a6c182bba2f32050f0eaa6f22d17f166b98ce0f0cb40fd12dbbc5ede9912624fa4c5d4a8de472b28c2eb2b569700537c7d4b4c568d7e38f21b From 2fb0f488849212c03221e79d9e62650525daf876 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sun, 8 Dec 2019 12:40:22 -0800 Subject: [PATCH 05/30] Update to 2.9.2 --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 2fa16b6..7cba484 100644 --- a/ansible.spec +++ b/ansible.spec @@ -34,7 +34,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.1 +Version: 2.9.2 Release: 1%{?dist} License: GPLv3+ @@ -453,6 +453,9 @@ popd %endif %changelog +* Sun Dec 08 2019 Kevin Fenzi - 2.9.2-1 +- Update to 2.9.2 + * Wed Nov 13 2019 Kevin Fenzi - 2.9.1-1 - Update to 2.9.1. diff --git a/sources b/sources index 777d217..1389343 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.1.tar.gz) = fdb25017b96475a6c182bba2f32050f0eaa6f22d17f166b98ce0f0cb40fd12dbbc5ede9912624fa4c5d4a8de472b28c2eb2b569700537c7d4b4c568d7e38f21b +SHA512 (ansible-2.9.2.tar.gz) = 522dd84af9493ceafd95ff0fc806a671f3d1f10d0ca074ef41875eb966d39e64b834e0b98a35d81d9d9d96efef8069db604c8080ce8cbb1ce2e8b13bf5c30a6a From db9ea6b679e59664fe2effa79dad3c431231f7b4 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 20 Jan 2020 10:55:57 -0800 Subject: [PATCH 06/30] Update to 2.9.3 --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 7cba484..a5f2a9f 100644 --- a/ansible.spec +++ b/ansible.spec @@ -34,7 +34,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.2 +Version: 2.9.3 Release: 1%{?dist} License: GPLv3+ @@ -453,6 +453,9 @@ popd %endif %changelog +* Mon Jan 20 2020 Kevin Fenzi - 2.9.3-1 +- Update to 2.9.3 + * Sun Dec 08 2019 Kevin Fenzi - 2.9.2-1 - Update to 2.9.2 diff --git a/sources b/sources index 1389343..792f218 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.2.tar.gz) = 522dd84af9493ceafd95ff0fc806a671f3d1f10d0ca074ef41875eb966d39e64b834e0b98a35d81d9d9d96efef8069db604c8080ce8cbb1ce2e8b13bf5c30a6a +SHA512 (ansible-2.9.3.tar.gz) = 02cfa2c7c43506dc602e92aed66c920243222b82bc4852f1a4d786cd3ff26fe17eda18d35ac7301cd9bf26366df9b18776e2a27e8d54fc92c3128f52ec7f58e8 From 816178ccd3e010ca066b68c546d8162638f57d5b Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 21 Jan 2020 19:47:39 -0800 Subject: [PATCH 07/30] Update to 2.9.4 --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index a5f2a9f..0a4fae5 100644 --- a/ansible.spec +++ b/ansible.spec @@ -34,7 +34,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.3 +Version: 2.9.4 Release: 1%{?dist} License: GPLv3+ @@ -453,6 +453,9 @@ popd %endif %changelog +* Tue Jan 21 2020 Kevin Fenzi - 2.9.4-1 +- Update to 2.9.4 + * Mon Jan 20 2020 Kevin Fenzi - 2.9.3-1 - Update to 2.9.3 diff --git a/sources b/sources index 792f218..e46e155 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.3.tar.gz) = 02cfa2c7c43506dc602e92aed66c920243222b82bc4852f1a4d786cd3ff26fe17eda18d35ac7301cd9bf26366df9b18776e2a27e8d54fc92c3128f52ec7f58e8 +SHA512 (ansible-2.9.4.tar.gz) = 21020548100fc31b59d4ee1b461f2a14359f2f18752d431cd041eb987c8c8b308f1aa1687461a9b3f5a086485b77b3a38c8f006b942cc24cb2157b45e6582822 From 98cea03a9b7ce0e4461486411b4457707a9334a4 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 13 Feb 2020 14:36:35 -0800 Subject: [PATCH 08/30] Update to 2.9.5 --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 0a4fae5..16ea430 100644 --- a/ansible.spec +++ b/ansible.spec @@ -34,7 +34,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.4 +Version: 2.9.5 Release: 1%{?dist} License: GPLv3+ @@ -453,6 +453,9 @@ popd %endif %changelog +* Thu Feb 13 2020 Kevin Fenzi - 2.9.5-1 +- Update to 2.9.5 + * Tue Jan 21 2020 Kevin Fenzi - 2.9.4-1 - Update to 2.9.4 diff --git a/sources b/sources index e46e155..d10d82b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.4.tar.gz) = 21020548100fc31b59d4ee1b461f2a14359f2f18752d431cd041eb987c8c8b308f1aa1687461a9b3f5a086485b77b3a38c8f006b942cc24cb2157b45e6582822 +SHA512 (ansible-2.9.5.tar.gz) = cd2ce807b3136e2c02856339ea910b0a5cae8ca946da804ed7d3ec5725d3eff0fe5b4bd8527b2a17d6f3109e16859d52045b50f2ffd21169b30768e65b813407 From 48ae64835f19f9e3a05db87325102503c8f03d52 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 6 Mar 2020 20:41:00 -0800 Subject: [PATCH 09/30] Update to 2.9.6. Fixes bug #1810373 fixes for CVE-2020-1737, CVE-2020-1739 --- 67829.patch | 109 ++++++++++ 67935.patch | 191 ++++++++++++++++++ ...ild_requirement_from_path_no_version.patch | 78 +++++++ ansible.spec | 18 +- sources | 2 +- 5 files changed, 396 insertions(+), 2 deletions(-) create mode 100644 67829.patch create mode 100644 67935.patch create mode 100644 ansible-2.9.6-disable-test_build_requirement_from_path_no_version.patch diff --git a/67829.patch b/67829.patch new file mode 100644 index 0000000..87bb60f --- /dev/null +++ b/67829.patch @@ -0,0 +1,109 @@ +From b36f6897b4b959bc6306214f82a213a466d2cda6 Mon Sep 17 00:00:00 2001 +From: s-hertel +Date: Thu, 27 Feb 2020 15:21:37 -0500 +Subject: [PATCH 1/2] subversion module - provide password securely with svn + command line option --password-from-stdin when possible, and provide a + warning otherwise + +--- + changelogs/fragments/subversion_password.yaml | 9 ++++++++ + .../modules/source_control/subversion.py | 21 ++++++++++++++++--- + 2 files changed, 27 insertions(+), 3 deletions(-) + create mode 100644 changelogs/fragments/subversion_password.yaml + +diff --git a/changelogs/fragments/subversion_password.yaml b/changelogs/fragments/subversion_password.yaml +new file mode 100644 +index 0000000000000..42e09fb1a0752 +--- /dev/null ++++ b/changelogs/fragments/subversion_password.yaml +@@ -0,0 +1,9 @@ ++bugfixes: ++- > ++ **security issue** - The ``subversion`` module provided the password ++ via the svn command line option ``--password`` and can be retrieved ++ from the host's /proc//cmdline file. Update the module to use ++ the secure ``--password-from-stdin`` option instead, and add a warning ++ in the module and in the documentation if svn version is too old to ++ support it. ++ (CVE-2020-1739) +diff --git a/lib/ansible/modules/source_control/subversion.py b/lib/ansible/modules/source_control/subversion.py +index c7625f620263c..bcd6cdec7c6f1 100644 +--- a/lib/ansible/modules/source_control/subversion.py ++++ b/lib/ansible/modules/source_control/subversion.py +@@ -56,7 +56,9 @@ + - C(--username) parameter passed to svn. + password: + description: +- - C(--password) parameter passed to svn. ++ - C(--password) parameter passed to svn when svn is less than version 1.10.0. This is not secure and ++ the password will be leaked to argv. ++ - C(--password-from-stdin) parameter when svn is greater or equal to version 1.10.0. + executable: + description: + - Path to svn executable to use. If not supplied, +@@ -111,6 +113,8 @@ + import os + import re + ++from distutils.version import LooseVersion ++ + from ansible.module_utils.basic import AnsibleModule + + +@@ -124,6 +128,10 @@ def __init__(self, module, dest, repo, revision, username, password, svn_path): + self.password = password + self.svn_path = svn_path + ++ def has_option_password_from_stdin(self): ++ rc, version, err = self.module.run_command([self.svn_path, '--version', '--quiet'], check_rc=True) ++ return LooseVersion(version) >= LooseVersion('1.10.0') ++ + def _exec(self, args, check_rc=True): + '''Execute a subversion command, and return output. If check_rc is False, returns the return code instead of the output.''' + bits = [ +@@ -132,12 +140,19 @@ def _exec(self, args, check_rc=True): + '--trust-server-cert', + '--no-auth-cache', + ] ++ stdin_data = None + if self.username: + bits.extend(["--username", self.username]) + if self.password: +- bits.extend(["--password", self.password]) ++ if self.has_option_password_from_stdin(): ++ bits.extend(["--password-from-stdin"]) ++ stdin_data = self.password ++ else: ++ self.module.warn("The authentication provided will be used on the svn command line and is not secure. " ++ "To securely pass credentials, upgrade svn to version 1.10.0 or greater.") ++ bits.extend(["--password", self.password]) + bits.extend(args) +- rc, out, err = self.module.run_command(bits, check_rc) ++ rc, out, err = self.module.run_command(bits, check_rc, data=stdin_data) + + if check_rc: + return out.splitlines() + +From 001892f3cdd5a43d13fed10ec419be1360815104 Mon Sep 17 00:00:00 2001 +From: Sloane Hertel +Date: Mon, 2 Mar 2020 15:23:44 -0500 +Subject: [PATCH 2/2] Update lib/ansible/modules/source_control/subversion.py + +Co-Authored-By: Sam Doran +--- + lib/ansible/modules/source_control/subversion.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/ansible/modules/source_control/subversion.py b/lib/ansible/modules/source_control/subversion.py +index bcd6cdec7c6f1..1e60529a062e3 100644 +--- a/lib/ansible/modules/source_control/subversion.py ++++ b/lib/ansible/modules/source_control/subversion.py +@@ -145,7 +145,7 @@ def _exec(self, args, check_rc=True): + bits.extend(["--username", self.username]) + if self.password: + if self.has_option_password_from_stdin(): +- bits.extend(["--password-from-stdin"]) ++ bits.append("--password-from-stdin") + stdin_data = self.password + else: + self.module.warn("The authentication provided will be used on the svn command line and is not secure. " diff --git a/67935.patch b/67935.patch new file mode 100644 index 0000000..f44ec26 --- /dev/null +++ b/67935.patch @@ -0,0 +1,191 @@ +From aaf549d7870b8687209a3282841b59207735b676 Mon Sep 17 00:00:00 2001 +From: Sam Doran +Date: Fri, 28 Feb 2020 17:56:21 -0500 +Subject: [PATCH] win_unzip - normalize and compare paths to prevent path + traversal (#67799) + +* Actually inspect the paths and prevent escape +* Add integration tests +* Generate zip files for use in integration test +* Adjust error message + +(cherry picked from commit d30c57ab22db24f6901166fcc3155667bdd3443f) +--- + .../win-unzip-check-extraction-path.yml | 4 ++ + lib/ansible/modules/windows/win_unzip.ps1 | 9 +++ + .../files/create_crafty_zip_files.py | 65 +++++++++++++++++++ + .../targets/win_unzip/tasks/main.yml | 57 +++++++++++++++- + 4 files changed, 134 insertions(+), 1 deletion(-) + create mode 100644 changelogs/fragments/win-unzip-check-extraction-path.yml + create mode 100644 test/integration/targets/win_unzip/files/create_crafty_zip_files.py + +diff --git a/changelogs/fragments/win-unzip-check-extraction-path.yml b/changelogs/fragments/win-unzip-check-extraction-path.yml +new file mode 100644 +index 0000000000000..1a6b6133d66b9 +--- /dev/null ++++ b/changelogs/fragments/win-unzip-check-extraction-path.yml +@@ -0,0 +1,4 @@ ++bugfixes: ++ - > ++ **security issue** win_unzip - normalize paths in archive to ensure extracted ++ files do not escape from the target directory (CVE-2020-1737) +diff --git a/lib/ansible/modules/windows/win_unzip.ps1 b/lib/ansible/modules/windows/win_unzip.ps1 +index 234c774c3a6cb..b49e808845d73 100644 +--- a/lib/ansible/modules/windows/win_unzip.ps1 ++++ b/lib/ansible/modules/windows/win_unzip.ps1 +@@ -40,6 +40,15 @@ Function Extract-Zip($src, $dest) { + $entry_target_path = [System.IO.Path]::Combine($dest, $archive_name) + $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) + ++ # Normalize paths for further evaluation ++ $full_target_path = [System.IO.Path]::GetFullPath($entry_target_path) ++ $full_dest_path = [System.IO.Path]::GetFullPath($dest + [System.IO.Path]::DirectorySeparatorChar) ++ ++ # Ensure file in the archive does not escape the extraction path ++ if (-not $full_target_path.StartsWith($full_dest_path)) { ++ Fail-Json -obj $result -message "Error unzipping '$src' to '$dest'! Filename contains relative paths which would extract outside the destination: $entry_target_path" ++ } ++ + if (-not (Test-Path -LiteralPath $entry_dir)) { + New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null + $result.changed = $true +diff --git a/test/integration/targets/win_unzip/files/create_crafty_zip_files.py b/test/integration/targets/win_unzip/files/create_crafty_zip_files.py +new file mode 100644 +index 0000000000000..8845b486294c3 +--- /dev/null ++++ b/test/integration/targets/win_unzip/files/create_crafty_zip_files.py +@@ -0,0 +1,65 @@ ++#!/usr/bin/env python ++# -*- coding: utf-8 -*- ++ ++# Copyright (c) 2020 Ansible Project ++# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) ++ ++from __future__ import absolute_import, division, print_function ++__metaclass__ = type ++ ++import os ++import shutil ++import sys ++import zipfile ++ ++# Each key is a zip file and the vaule is the list of files that will be created ++# and placed in the archive ++zip_files = { ++ 'hat1': [r'hat/..\rabbit.txt'], ++ 'hat2': [r'hat/..\..\rabbit.txt'], ++ 'handcuffs': [r'..\..\houidini.txt'], ++ 'prison': [r'..\houidini.txt'], ++} ++ ++# Accept an argument of where to create the files, defaulting to ++# the current working directory. ++try: ++ output_dir = sys.argv[1] ++except IndexError: ++ output_dir = os.getcwd() ++ ++if not os.path.isdir(output_dir): ++ os.mkdir(output_dir) ++ ++os.chdir(output_dir) ++ ++for name, files in zip_files.items(): ++ # Create the files to go in the zip archive ++ for entry in files: ++ dirname = os.path.dirname(entry) ++ if dirname: ++ if os.path.isdir(dirname): ++ shutil.rmtree(dirname) ++ os.mkdir(dirname) ++ ++ with open(entry, 'w') as e: ++ e.write('escape!\n') ++ ++ # Create the zip archive with the files ++ filename = '%s.zip' % name ++ if os.path.isfile(filename): ++ os.unlink(filename) ++ ++ with zipfile.ZipFile(filename, 'w') as zf: ++ for entry in files: ++ zf.write(entry) ++ ++ # Cleanup ++ if dirname: ++ shutil.rmtree(dirname) ++ ++ for entry in files: ++ try: ++ os.unlink(entry) ++ except OSError: ++ pass +diff --git a/test/integration/targets/win_unzip/tasks/main.yml b/test/integration/targets/win_unzip/tasks/main.yml +index 2dab84be563b0..a9b8f1ca22998 100644 +--- a/test/integration/targets/win_unzip/tasks/main.yml ++++ b/test/integration/targets/win_unzip/tasks/main.yml +@@ -1,4 +1,3 @@ +---- + - name: create test directory + win_file: + path: '{{ win_unzip_dir }}\output' +@@ -114,3 +113,59 @@ + - unzip_delete is changed + - unzip_delete.removed + - not unzip_delete_actual.stat.exists ++ ++# Path traversal tests (CVE-2020-1737) ++- name: Create zip files ++ script: create_crafty_zip_files.py {{ output_dir }} ++ delegate_to: localhost ++ ++- name: Copy zip files to Windows host ++ win_copy: ++ src: "{{ output_dir }}/{{ item }}.zip" ++ dest: "{{ win_unzip_dir }}/" ++ loop: ++ - hat1 ++ - hat2 ++ - handcuffs ++ - prison ++ ++- name: Perform first trick ++ win_unzip: ++ src: '{{ win_unzip_dir }}\hat1.zip' ++ dest: '{{ win_unzip_dir }}\output' ++ register: hat_trick1 ++ ++- name: Check for file ++ win_stat: ++ path: '{{ win_unzip_dir }}\output\rabbit.txt' ++ register: rabbit ++ ++- name: Perform next tricks (which should all fail) ++ win_unzip: ++ src: '{{ win_unzip_dir }}\{{ item }}.zip' ++ dest: '{{ win_unzip_dir }}\output' ++ ignore_errors: yes ++ register: escape ++ loop: ++ - hat2 ++ - handcuffs ++ - prison ++ ++- name: Search for files ++ win_find: ++ recurse: yes ++ paths: ++ - '{{ win_unzip_dir }}' ++ patterns: ++ - '*houdini.txt' ++ - '*rabbit.txt' ++ register: files ++ ++- name: Check results ++ assert: ++ that: ++ - rabbit.stat.exists ++ - hat_trick1 is success ++ - escape.results | map(attribute='failed') | unique | list == [True] ++ - files.matched == 1 ++ - files.files[0]['filename'] == 'rabbit.txt' diff --git a/ansible-2.9.6-disable-test_build_requirement_from_path_no_version.patch b/ansible-2.9.6-disable-test_build_requirement_from_path_no_version.patch new file mode 100644 index 0000000..9cbed83 --- /dev/null +++ b/ansible-2.9.6-disable-test_build_requirement_from_path_no_version.patch @@ -0,0 +1,78 @@ +diff -Nur ansible-2.9.6.orig/test/units/galaxy/test_collection_install.py ansible-2.9.6/test/units/galaxy/test_collection_install.py +--- ansible-2.9.6.orig/test/units/galaxy/test_collection_install.py 2020-03-04 21:40:01.000000000 -0800 ++++ ansible-2.9.6/test/units/galaxy/test_collection_install.py 2020-03-06 13:35:48.489822740 -0800 +@@ -204,40 +204,40 @@ + collection.CollectionRequirement.from_path(collection_artifact[0], True) + + +-def test_build_requirement_from_path_no_version(collection_artifact, monkeypatch): +- manifest_path = os.path.join(collection_artifact[0], b'MANIFEST.json') +- manifest_value = json.dumps({ +- 'collection_info': { +- 'namespace': 'namespace', +- 'name': 'name', +- 'version': '', +- 'dependencies': {} +- } +- }) +- with open(manifest_path, 'wb') as manifest_obj: +- manifest_obj.write(to_bytes(manifest_value)) +- +- mock_display = MagicMock() +- monkeypatch.setattr(Display, 'display', mock_display) +- +- actual = collection.CollectionRequirement.from_path(collection_artifact[0], True) +- +- # While the folder name suggests a different collection, we treat MANIFEST.json as the source of truth. +- assert actual.namespace == u'namespace' +- assert actual.name == u'name' +- assert actual.b_path == collection_artifact[0] +- assert actual.api is None +- assert actual.skip is True +- assert actual.versions == set(['*']) +- assert actual.latest_version == u'*' +- assert actual.dependencies == {} +- +- assert mock_display.call_count == 1 +- +- actual_warn = ' '.join(mock_display.mock_calls[0][1][0].split('\n')) +- expected_warn = "Collection at '%s' does not have a valid version set, falling back to '*'. Found version: ''" \ +- % to_text(collection_artifact[0]) +- assert expected_warn in actual_warn ++#def test_build_requirement_from_path_no_version(collection_artifact, monkeypatch): ++# manifest_path = os.path.join(collection_artifact[0], b'MANIFEST.json') ++# manifest_value = json.dumps({ ++# 'collection_info': { ++# 'namespace': 'namespace', ++# 'name': 'name', ++# 'version': '', ++# 'dependencies': {} ++# } ++# }) ++# with open(manifest_path, 'wb') as manifest_obj: ++# manifest_obj.write(to_bytes(manifest_value)) ++# ++# mock_display = MagicMock() ++# monkeypatch.setattr(Display, 'display', mock_display) ++# ++# actual = collection.CollectionRequirement.from_path(collection_artifact[0], True) ++# ++# # While the folder name suggests a different collection, we treat MANIFEST.json as the source of truth. ++# assert actual.namespace == u'namespace' ++# assert actual.name == u'name' ++# assert actual.b_path == collection_artifact[0] ++# assert actual.api is None ++# assert actual.skip is True ++# assert actual.versions == set(['*']) ++# assert actual.latest_version == u'*' ++# assert actual.dependencies == {} ++# ++# assert mock_display.call_count == 1 ++# ++# actual_warn = ' '.join(mock_display.mock_calls[0][1][0].split('\n')) ++# expected_warn = "Collection at '%s' does not have a valid version set, falling back to '*'. Found version: ''" \ ++# % to_text(collection_artifact[0]) ++# assert expected_warn in actual_warn + + + def test_build_requirement_from_tar(collection_artifact): diff --git a/ansible.spec b/ansible.spec index 16ea430..86dcc01 100644 --- a/ansible.spec +++ b/ansible.spec @@ -34,7 +34,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.5 +Version: 2.9.6 Release: 1%{?dist} License: GPLv3+ @@ -49,6 +49,15 @@ Patch100: ansible-newer-jinja.patch Url: http://ansible.com BuildArch: noarch +# fix for CVE-2020-1737, https://github.com/ansible/ansible/pull/67935 +Patch0: https://patch-diff.githubusercontent.com/raw/ansible/ansible/pull/67935.patch + +# fix for CVE-2020-1739, https://github.com/ansible/ansible/pull/67829 +Patch1: https://patch-diff.githubusercontent.com/raw/ansible/ansible/pull/67829.patch + +# Disable failing test +Patch2: ansible-2.9.6-disable-test_build_requirement_from_path_no_version.patch + # This is needed to update the old ansible-fireball package that is no # longer needed. Note that you should also remove ansible-node-fireball manually # Where you still have it installed. @@ -264,6 +273,9 @@ This package installs extensive documentation for ansible %prep %setup -q -n %{name}-%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 %if 0%{?rhel} == 6 %patch100 -p1 %endif @@ -453,6 +465,10 @@ popd %endif %changelog +* Fri Mar 06 2020 Kevin Fenzi - 2.9.6-1 +- Update to 2.9.6. Fixes bug #1810373 +- fixes for CVE-2020-1737, CVE-2020-1739 + * Thu Feb 13 2020 Kevin Fenzi - 2.9.5-1 - Update to 2.9.5 diff --git a/sources b/sources index d10d82b..8d89c0b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.5.tar.gz) = cd2ce807b3136e2c02856339ea910b0a5cae8ca946da804ed7d3ec5725d3eff0fe5b4bd8527b2a17d6f3109e16859d52045b50f2ffd21169b30768e65b813407 +SHA512 (ansible-2.9.6.tar.gz) = 7111fd72b4e029b2f661bfb849b4323b69ea796f8a069ad3120e8de390effa670180c69ca0fd5e0a1c2e444db6d574a52d530a2b0343c76cd81ba963b3c3a7cb From d131f659a938098a341e84f324634ff0505ff643 Mon Sep 17 00:00:00 2001 From: Igor Raits Date: Sun, 5 Apr 2020 13:05:03 +0200 Subject: [PATCH 10/30] Enable python3 subpackage Signed-off-by: Igor Raits --- ansible.spec | 84 ++++++++++++++++++++++++++++------------------------ 1 file changed, 45 insertions(+), 39 deletions(-) diff --git a/ansible.spec b/ansible.spec index 86dcc01..b37f7c9 100644 --- a/ansible.spec +++ b/ansible.spec @@ -19,7 +19,7 @@ %endif # Build Fedora and RHEL larger than 7 with python3 -%if 0%{?fedora} || 0%{?rhel} >= 8 +%if 0%{?fedora} || 0%{?rhel} >= 7 %global with_python3 1 %else %global with_python3 0 @@ -35,7 +35,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system Version: 2.9.6 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv3+ Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz @@ -82,7 +82,7 @@ BuildRequires: git-core # For tests # We don't run tests on epel6, so don't bother pulling these in there. -%if (0%{?fedora} || 0%{?rhel} > 6) +%if ! (0%{?rhel} && 0%{?rhel} <= 6) BuildRequires: PyYAML BuildRequires: python2-cryptography BuildRequires: python2-crypto @@ -188,57 +188,60 @@ Provides: ansible-python3 = %{version}-%{release} Obsoletes: ansible-python3 < %{version}-%{release} %endif -BuildRequires: python3-devel -BuildRequires: python3-setuptools +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-setuptools # For tests -BuildRequires: python3-PyYAML -BuildRequires: python3-paramiko -BuildRequires: python3-cryptography -BuildRequires: python3-crypto -BuildRequires: python3-pbkdf2 -BuildRequires: python3-packaging -BuildRequires: python3-pexpect -BuildRequires: python3-winrm -BuildRequires: python3-httmock -BuildRequires: python3-gitlab +# We don't run tests on el7 and below, so don't bother pulling these in there. +%if ! (0%{?rhel} && 0%{?rhel} <= 7) +BuildRequires: python%{python3_pkgversion}-PyYAML +BuildRequires: python%{python3_pkgversion}-paramiko +BuildRequires: python%{python3_pkgversion}-cryptography +BuildRequires: python%{python3_pkgversion}-crypto +BuildRequires: python%{python3_pkgversion}-pbkdf2 +BuildRequires: python%{python3_pkgversion}-packaging +BuildRequires: python%{python3_pkgversion}-pexpect +BuildRequires: python%{python3_pkgversion}-winrm +BuildRequires: python%{python3_pkgversion}-httmock +BuildRequires: python%{python3_pkgversion}-gitlab # For Docs/tests BuildRequires: git-core %if %with_docs -BuildRequires: python3-sphinx -BuildRequires: python3-sphinx-theme-alabaster -BuildRequires: python3-sphinx-notfound-page +BuildRequires: python%{python3_pkgversion}-sphinx +BuildRequires: python%{python3_pkgversion}-sphinx-theme-alabaster +BuildRequires: python%{python3_pkgversion}-sphinx-notfound-page BuildRequires: asciidoc %endif # accelerate is the only thing that makes keyczar mandatory. Since accelerate # is deprecated, just ignore it #BuildRequires: python-keyczar -BuildRequires: python3-six -BuildRequires: python3-nose -BuildRequires: python3-pytest -BuildRequires: python3-pytest-xdist -BuildRequires: python3-pytest-mock -BuildRequires: python3-requests -BuildRequires: python3-coverage -BuildRequires: python3-mock -BuildRequires: python3-boto3 -BuildRequires: python3-botocore -BuildRequires: python3-passlib -BuildRequires: python3-jinja2 +BuildRequires: python%{python3_pkgversion}-six +BuildRequires: python%{python3_pkgversion}-nose +BuildRequires: python%{python3_pkgversion}-pytest +BuildRequires: python%{python3_pkgversion}-pytest-xdist +BuildRequires: python%{python3_pkgversion}-pytest-mock +BuildRequires: python%{python3_pkgversion}-requests +BuildRequires: python%{python3_pkgversion}-coverage +BuildRequires: python%{python3_pkgversion}-mock +BuildRequires: python%{python3_pkgversion}-boto3 +BuildRequires: python%{python3_pkgversion}-botocore +BuildRequires: python%{python3_pkgversion}-passlib +BuildRequires: python%{python3_pkgversion}-jinja2 +%endif -Requires: python3-PyYAML -Requires: python3-paramiko -Requires: python3-cryptography +Requires: python%{python3_pkgversion}-PyYAML +Requires: python%{python3_pkgversion}-paramiko +Requires: python%{python3_pkgversion}-cryptography # accelerate is the only thing that makes keyczar mandatory. Since accelerate # is deprecated, just ignore it -#Requires: python3-keyczar -Requires: python3-setuptools -Requires: python3-six -Requires: python3-jinja2 +#Requires: python%{python3_pkgversion}-keyczar +Requires: python%{python3_pkgversion}-setuptools +Requires: python%{python3_pkgversion}-six +Requires: python%{python3_pkgversion}-jinja2 Requires: sshpass # needed for json_query filter -Requires: python3-jmespath +Requires: python%{python3_pkgversion}-jmespath %if 0%{?with_python2} @@ -412,7 +415,7 @@ make PYTHON=/usr/bin/python2 tests %endif # New enough Fedora with python2 -%if 0%{?with_python3} +%if 0%{?with_python3} && ! (0%{?rhel} && 0%{?rhel} <= 7) pushd %{py3dir} ln -s /usr/bin/pytest-3 bin/pytest pathfix.py -i %{__python3} -p test/runner @@ -465,6 +468,9 @@ popd %endif %changelog +* Sun Apr 05 2020 Igor Raits - 2.9.6-2 +- Enable python3 subpackage + * Fri Mar 06 2020 Kevin Fenzi - 2.9.6-1 - Update to 2.9.6. Fixes bug #1810373 - fixes for CVE-2020-1737, CVE-2020-1739 From 79d3fa50f6d0b0de2241cdde1b708b6fe2f4a237 Mon Sep 17 00:00:00 2001 From: Igor Raits Date: Sun, 5 Apr 2020 18:58:57 +0200 Subject: [PATCH 11/30] Cleanup conditionals On the top of the spec file it is written that no other branch should be merged here... So there is no point of keeping any irrelevant conditions. Signed-off-by: Igor Raits --- ansible.spec | 186 +-------------------------------------------------- 1 file changed, 3 insertions(+), 183 deletions(-) diff --git a/ansible.spec b/ansible.spec index b37f7c9..0c4ed75 100644 --- a/ansible.spec +++ b/ansible.spec @@ -3,34 +3,9 @@ # Please modify it alone and do not merge master or # any other branches into it. # -# RHEL 6 didn't have a __python2 macro. -# Amazon Linux 2015.9 is based on RHEL6, with /usr/bin/python2 -> python2.6, while -# /usr/bin/python -> python2.7. Explicitly use python2.6. -%if 0%{?rhel} == 6 || 0%{?rhel} == 5 -%global __python2 /usr/bin/python2.6 -%endif - -# RHEL 6 and 7 do not have BuildRequires to build docs -# Fedora 27 and older have too old a jinja2 to build docs -%if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 -%global with_docs 1 -%else %global with_docs 0 -%endif - -# Build Fedora and RHEL larger than 7 with python3 -%if 0%{?fedora} || 0%{?rhel} >= 7 %global with_python3 1 -%else -%global with_python3 0 -%endif - -# Fedora 29+ and RHEL larger than 7 no python2, python3 default -%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8 -%global with_python2 0 -%else %global with_python2 1 -%endif Name: ansible Summary: SSH-based configuration management, deployment, and task execution system @@ -66,98 +41,20 @@ Provides: ansible-fireball = %{version}-%{release} Obsoletes: ansible-fireball < 1.2.4 %if 0%{?with_python2} -%if 0%{?rhel} && 0%{?rhel} <= 5 -# On RHEL6 use the python26 stack -BuildRequires: python26-devel -Requires: python26-PyYAML -Requires: python26-paramiko -Requires: python26-jinja2 -%endif BuildRequires: python2-devel -BuildRequires: python-setuptools - -# For building docs/tests -BuildRequires: git-core - -# For tests -# We don't run tests on epel6, so don't bother pulling these in there. -%if ! (0%{?rhel} && 0%{?rhel} <= 6) -BuildRequires: PyYAML -BuildRequires: python2-cryptography -BuildRequires: python2-crypto -BuildRequires: python-paramiko -BuildRequires: python-six -BuildRequires: python-nose -BuildRequires: python-coverage -BuildRequires: python-requests -BuildRequires: python-mock -BuildRequires: python-boto3 -BuildRequires: python-botocore -BuildRequires: python-passlib -%if 0%{?fedora} -# Fedora only docs building -BuildRequires: python3-sphinx-theme-alabaster -%endif -# rhel7 does not have python-pytest but has pytest -%if 0%{?rhel} == 7 -BuildRequires: pytest -BuildRequires: python2-sphinx-theme-alabaster -BuildRequires: python-straight-plugin -%else -BuildRequires: python-pytest -BuildRequires: python-pytest-xdist -BuildRequires: python-pytest-mock -BuildRequires: python-packaging -BuildRequires: python2-pexpect -BuildRequires: python2-winrm -%endif -%endif - -%if (0%{?rhel} && 0%{?rhel} <= 6) -# Ansible will work with the jinja2 shipped with RHEL6 but users can gain -# additional jinja features by using the newer version -Requires: python-jinja2-26 -BuildRequires: python-jinja2-26 - -# Distros with python < 2.7.0 -BuildRequires: python-unittest2 - -%else -Requires: python-jinja2 -BuildRequires: python-jinja2 -%endif - +BuildRequires: python2-setuptools Requires: PyYAML Requires: python2-cryptography Requires: python-paramiko Requires: python-httplib2 Requires: python-setuptools Requires: python-six +Requires: python-jinja2 Requires: sshpass -%if (0%{?fedora} || 0%{?rhel} > 6) # needed for json_query filter -# but avoid on rhel6 due to amazon linux conflicts Requires: python2-jmespath -%endif - -%if 0%{?rhel} == 6 -# RHEL 6 needs a newer version of the pycrypto library for the ansible-vault -# command. Note: If other pieces of ansible also grow to need pycrypto you may -# need to add: Requires: python-crypto or patch the other pieces of ansible to -# make use of this forward compat package (see the patch for ansible-vault -# above to see what needs to be done.) -Requires: python-crypto2.6 -# The python-2.6 stdlib json module has a bug that affects the ansible -# to_nice_json filter -Requires: python-simplejson - -# For testing -BuildRequires: python-crypto2.6 -BuildRequires: python-simplejson -%endif - %description Ansible is a radically simple model-driven configuration management, @@ -190,46 +87,6 @@ Obsoletes: ansible-python3 < %{version}-%{release} BuildRequires: python%{python3_pkgversion}-devel BuildRequires: python%{python3_pkgversion}-setuptools - -# For tests -# We don't run tests on el7 and below, so don't bother pulling these in there. -%if ! (0%{?rhel} && 0%{?rhel} <= 7) -BuildRequires: python%{python3_pkgversion}-PyYAML -BuildRequires: python%{python3_pkgversion}-paramiko -BuildRequires: python%{python3_pkgversion}-cryptography -BuildRequires: python%{python3_pkgversion}-crypto -BuildRequires: python%{python3_pkgversion}-pbkdf2 -BuildRequires: python%{python3_pkgversion}-packaging -BuildRequires: python%{python3_pkgversion}-pexpect -BuildRequires: python%{python3_pkgversion}-winrm -BuildRequires: python%{python3_pkgversion}-httmock -BuildRequires: python%{python3_pkgversion}-gitlab - -# For Docs/tests -BuildRequires: git-core -%if %with_docs -BuildRequires: python%{python3_pkgversion}-sphinx -BuildRequires: python%{python3_pkgversion}-sphinx-theme-alabaster -BuildRequires: python%{python3_pkgversion}-sphinx-notfound-page -BuildRequires: asciidoc -%endif -# accelerate is the only thing that makes keyczar mandatory. Since accelerate -# is deprecated, just ignore it -#BuildRequires: python-keyczar -BuildRequires: python%{python3_pkgversion}-six -BuildRequires: python%{python3_pkgversion}-nose -BuildRequires: python%{python3_pkgversion}-pytest -BuildRequires: python%{python3_pkgversion}-pytest-xdist -BuildRequires: python%{python3_pkgversion}-pytest-mock -BuildRequires: python%{python3_pkgversion}-requests -BuildRequires: python%{python3_pkgversion}-coverage -BuildRequires: python%{python3_pkgversion}-mock -BuildRequires: python%{python3_pkgversion}-boto3 -BuildRequires: python%{python3_pkgversion}-botocore -BuildRequires: python%{python3_pkgversion}-passlib -BuildRequires: python%{python3_pkgversion}-jinja2 -%endif - Requires: python%{python3_pkgversion}-PyYAML Requires: python%{python3_pkgversion}-paramiko Requires: python%{python3_pkgversion}-cryptography @@ -243,7 +100,6 @@ Requires: sshpass # needed for json_query filter Requires: python%{python3_pkgversion}-jmespath - %if 0%{?with_python2} %description -n ansible-python3 %else @@ -279,9 +135,6 @@ This package installs extensive documentation for ansible %patch0 -p1 %patch1 -p1 %patch2 -p1 -%if 0%{?rhel} == 6 -%patch100 -p1 -%endif %if 0%{?with_python3} rm -rf %{py3dir} @@ -300,19 +153,15 @@ pushd %{py3dir} %if %with_docs # Fedora 26 does not have pathfix, so build docs with python2 - %if (0%{?fedora} == 26) - make PYTHON=/usr/bin/python2 webdocs - %else pathfix.py -i %{__python3} -p docs/bin test/runner make PYTHON=/usr/bin/python3 SPHINXBUILD=sphinx-build-3 webdocs - %endif %endif popd %endif # with_python3 -%if ! %with_docs && ( 0%{?fedora} || 0%{?rhel} >= 7) +%if ! %with_docs # Generate the rst docs from the source if they weren't generated earlier as # part of the html docs build. # This is broken right now because it needs python3 and python3-straight-plugin @@ -405,35 +254,6 @@ cp -pr docs/docsite/rst . %endif -%check -# RHEL <= 6 doesn't have a new enough python-mock to run the tests -# Currently RHEL <= 7 doesn't have pytest-xdist or a new enough pytest -# Fedora 25 doesn't have a new enough pytest -%if 0%{?with_python2} && 0%{?fedora} >= 26 -ln -s /usr/bin/pytest bin/pytest -make PYTHON=/usr/bin/python2 tests -%endif -# New enough Fedora with python2 - -%if 0%{?with_python3} && ! (0%{?rhel} && 0%{?rhel} <= 7) -pushd %{py3dir} -ln -s /usr/bin/pytest-3 bin/pytest -pathfix.py -i %{__python3} -p test/runner -pathfix.py -i %{__python3} -p bin/ansible-test -# This test needs a module not packaged in Fedora so disable it. -rm -f test/units/modules/cloud/cloudstack/test_cs_traffic_type.py -%if 0%{?fedora} < 30 -# In fedora 29 and eariler, python-gitlab is too old to run these tests -rm -f test/units/modules/source_control/test_gitlab_user.py -rm -f test/units/modules/source_control/test_gitlab_runner.py -%endif -make PYTHON=/usr/bin/python3 tests-py3 - -popd -%endif -# python3 - - %files %if 0%{?with_python2} %{python2_sitelib}/ansible* From c86db9daf66a19c9d38eb01eccad6387aacbc4fe Mon Sep 17 00:00:00 2001 From: Igor Raits Date: Mon, 6 Apr 2020 06:57:20 +0200 Subject: [PATCH 12/30] Ship ansible-test in both (py2 and py3) variants It is not a symlink to ansible, so it needs to be shipped twice. Signed-off-by: Igor Raits --- ansible.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 0c4ed75..9db3566 100644 --- a/ansible.spec +++ b/ansible.spec @@ -10,7 +10,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system Version: 2.9.6 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv3+ Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz @@ -175,7 +175,7 @@ pushd %{py3dir} popd for i in $RPM_BUILD_ROOT/%{_bindir}/ansible* ; do - if [ $(basename $i) = "ansible-connection" -o $(basename $i) = "ansible" ] ; then + if [ $(basename $i) = "ansible-connection" -o $(basename $i) = "ansible" -o $(basename $i) = "ansible-test" ] ; then %if 0%{?with_python2} mv $i $i-%{python3_version} %else @@ -288,6 +288,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Mon Apr 06 2020 Igor Raits - 2.9.6-3 +- Ship ansible-test in both (py2 and py3) variants + * Sun Apr 05 2020 Igor Raits - 2.9.6-2 - Enable python3 subpackage From 2a187d97b0e5d062bf2d86c29ee87b936a9e3281 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 18 Apr 2020 14:21:14 -0700 Subject: [PATCH 13/30] Update to 2.9.7. fixes CVE-2020-1733 CVE-2020-1735 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 CVE-2020-10684 CVE-2020-10685 CVE-2020-10691 Drop the -s from the shebang to allow ansible to use locally installed modules. --- 67829.patch | 109 ----------------------------- 67935.patch | 191 --------------------------------------------------- ansible.spec | 21 +++--- sources | 2 +- 4 files changed, 11 insertions(+), 312 deletions(-) delete mode 100644 67829.patch delete mode 100644 67935.patch diff --git a/67829.patch b/67829.patch deleted file mode 100644 index 87bb60f..0000000 --- a/67829.patch +++ /dev/null @@ -1,109 +0,0 @@ -From b36f6897b4b959bc6306214f82a213a466d2cda6 Mon Sep 17 00:00:00 2001 -From: s-hertel -Date: Thu, 27 Feb 2020 15:21:37 -0500 -Subject: [PATCH 1/2] subversion module - provide password securely with svn - command line option --password-from-stdin when possible, and provide a - warning otherwise - ---- - changelogs/fragments/subversion_password.yaml | 9 ++++++++ - .../modules/source_control/subversion.py | 21 ++++++++++++++++--- - 2 files changed, 27 insertions(+), 3 deletions(-) - create mode 100644 changelogs/fragments/subversion_password.yaml - -diff --git a/changelogs/fragments/subversion_password.yaml b/changelogs/fragments/subversion_password.yaml -new file mode 100644 -index 0000000000000..42e09fb1a0752 ---- /dev/null -+++ b/changelogs/fragments/subversion_password.yaml -@@ -0,0 +1,9 @@ -+bugfixes: -+- > -+ **security issue** - The ``subversion`` module provided the password -+ via the svn command line option ``--password`` and can be retrieved -+ from the host's /proc//cmdline file. Update the module to use -+ the secure ``--password-from-stdin`` option instead, and add a warning -+ in the module and in the documentation if svn version is too old to -+ support it. -+ (CVE-2020-1739) -diff --git a/lib/ansible/modules/source_control/subversion.py b/lib/ansible/modules/source_control/subversion.py -index c7625f620263c..bcd6cdec7c6f1 100644 ---- a/lib/ansible/modules/source_control/subversion.py -+++ b/lib/ansible/modules/source_control/subversion.py -@@ -56,7 +56,9 @@ - - C(--username) parameter passed to svn. - password: - description: -- - C(--password) parameter passed to svn. -+ - C(--password) parameter passed to svn when svn is less than version 1.10.0. This is not secure and -+ the password will be leaked to argv. -+ - C(--password-from-stdin) parameter when svn is greater or equal to version 1.10.0. - executable: - description: - - Path to svn executable to use. If not supplied, -@@ -111,6 +113,8 @@ - import os - import re - -+from distutils.version import LooseVersion -+ - from ansible.module_utils.basic import AnsibleModule - - -@@ -124,6 +128,10 @@ def __init__(self, module, dest, repo, revision, username, password, svn_path): - self.password = password - self.svn_path = svn_path - -+ def has_option_password_from_stdin(self): -+ rc, version, err = self.module.run_command([self.svn_path, '--version', '--quiet'], check_rc=True) -+ return LooseVersion(version) >= LooseVersion('1.10.0') -+ - def _exec(self, args, check_rc=True): - '''Execute a subversion command, and return output. If check_rc is False, returns the return code instead of the output.''' - bits = [ -@@ -132,12 +140,19 @@ def _exec(self, args, check_rc=True): - '--trust-server-cert', - '--no-auth-cache', - ] -+ stdin_data = None - if self.username: - bits.extend(["--username", self.username]) - if self.password: -- bits.extend(["--password", self.password]) -+ if self.has_option_password_from_stdin(): -+ bits.extend(["--password-from-stdin"]) -+ stdin_data = self.password -+ else: -+ self.module.warn("The authentication provided will be used on the svn command line and is not secure. " -+ "To securely pass credentials, upgrade svn to version 1.10.0 or greater.") -+ bits.extend(["--password", self.password]) - bits.extend(args) -- rc, out, err = self.module.run_command(bits, check_rc) -+ rc, out, err = self.module.run_command(bits, check_rc, data=stdin_data) - - if check_rc: - return out.splitlines() - -From 001892f3cdd5a43d13fed10ec419be1360815104 Mon Sep 17 00:00:00 2001 -From: Sloane Hertel -Date: Mon, 2 Mar 2020 15:23:44 -0500 -Subject: [PATCH 2/2] Update lib/ansible/modules/source_control/subversion.py - -Co-Authored-By: Sam Doran ---- - lib/ansible/modules/source_control/subversion.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/ansible/modules/source_control/subversion.py b/lib/ansible/modules/source_control/subversion.py -index bcd6cdec7c6f1..1e60529a062e3 100644 ---- a/lib/ansible/modules/source_control/subversion.py -+++ b/lib/ansible/modules/source_control/subversion.py -@@ -145,7 +145,7 @@ def _exec(self, args, check_rc=True): - bits.extend(["--username", self.username]) - if self.password: - if self.has_option_password_from_stdin(): -- bits.extend(["--password-from-stdin"]) -+ bits.append("--password-from-stdin") - stdin_data = self.password - else: - self.module.warn("The authentication provided will be used on the svn command line and is not secure. " diff --git a/67935.patch b/67935.patch deleted file mode 100644 index f44ec26..0000000 --- a/67935.patch +++ /dev/null @@ -1,191 +0,0 @@ -From aaf549d7870b8687209a3282841b59207735b676 Mon Sep 17 00:00:00 2001 -From: Sam Doran -Date: Fri, 28 Feb 2020 17:56:21 -0500 -Subject: [PATCH] win_unzip - normalize and compare paths to prevent path - traversal (#67799) - -* Actually inspect the paths and prevent escape -* Add integration tests -* Generate zip files for use in integration test -* Adjust error message - -(cherry picked from commit d30c57ab22db24f6901166fcc3155667bdd3443f) ---- - .../win-unzip-check-extraction-path.yml | 4 ++ - lib/ansible/modules/windows/win_unzip.ps1 | 9 +++ - .../files/create_crafty_zip_files.py | 65 +++++++++++++++++++ - .../targets/win_unzip/tasks/main.yml | 57 +++++++++++++++- - 4 files changed, 134 insertions(+), 1 deletion(-) - create mode 100644 changelogs/fragments/win-unzip-check-extraction-path.yml - create mode 100644 test/integration/targets/win_unzip/files/create_crafty_zip_files.py - -diff --git a/changelogs/fragments/win-unzip-check-extraction-path.yml b/changelogs/fragments/win-unzip-check-extraction-path.yml -new file mode 100644 -index 0000000000000..1a6b6133d66b9 ---- /dev/null -+++ b/changelogs/fragments/win-unzip-check-extraction-path.yml -@@ -0,0 +1,4 @@ -+bugfixes: -+ - > -+ **security issue** win_unzip - normalize paths in archive to ensure extracted -+ files do not escape from the target directory (CVE-2020-1737) -diff --git a/lib/ansible/modules/windows/win_unzip.ps1 b/lib/ansible/modules/windows/win_unzip.ps1 -index 234c774c3a6cb..b49e808845d73 100644 ---- a/lib/ansible/modules/windows/win_unzip.ps1 -+++ b/lib/ansible/modules/windows/win_unzip.ps1 -@@ -40,6 +40,15 @@ Function Extract-Zip($src, $dest) { - $entry_target_path = [System.IO.Path]::Combine($dest, $archive_name) - $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) - -+ # Normalize paths for further evaluation -+ $full_target_path = [System.IO.Path]::GetFullPath($entry_target_path) -+ $full_dest_path = [System.IO.Path]::GetFullPath($dest + [System.IO.Path]::DirectorySeparatorChar) -+ -+ # Ensure file in the archive does not escape the extraction path -+ if (-not $full_target_path.StartsWith($full_dest_path)) { -+ Fail-Json -obj $result -message "Error unzipping '$src' to '$dest'! Filename contains relative paths which would extract outside the destination: $entry_target_path" -+ } -+ - if (-not (Test-Path -LiteralPath $entry_dir)) { - New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null - $result.changed = $true -diff --git a/test/integration/targets/win_unzip/files/create_crafty_zip_files.py b/test/integration/targets/win_unzip/files/create_crafty_zip_files.py -new file mode 100644 -index 0000000000000..8845b486294c3 ---- /dev/null -+++ b/test/integration/targets/win_unzip/files/create_crafty_zip_files.py -@@ -0,0 +1,65 @@ -+#!/usr/bin/env python -+# -*- coding: utf-8 -*- -+ -+# Copyright (c) 2020 Ansible Project -+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -+ -+from __future__ import absolute_import, division, print_function -+__metaclass__ = type -+ -+import os -+import shutil -+import sys -+import zipfile -+ -+# Each key is a zip file and the vaule is the list of files that will be created -+# and placed in the archive -+zip_files = { -+ 'hat1': [r'hat/..\rabbit.txt'], -+ 'hat2': [r'hat/..\..\rabbit.txt'], -+ 'handcuffs': [r'..\..\houidini.txt'], -+ 'prison': [r'..\houidini.txt'], -+} -+ -+# Accept an argument of where to create the files, defaulting to -+# the current working directory. -+try: -+ output_dir = sys.argv[1] -+except IndexError: -+ output_dir = os.getcwd() -+ -+if not os.path.isdir(output_dir): -+ os.mkdir(output_dir) -+ -+os.chdir(output_dir) -+ -+for name, files in zip_files.items(): -+ # Create the files to go in the zip archive -+ for entry in files: -+ dirname = os.path.dirname(entry) -+ if dirname: -+ if os.path.isdir(dirname): -+ shutil.rmtree(dirname) -+ os.mkdir(dirname) -+ -+ with open(entry, 'w') as e: -+ e.write('escape!\n') -+ -+ # Create the zip archive with the files -+ filename = '%s.zip' % name -+ if os.path.isfile(filename): -+ os.unlink(filename) -+ -+ with zipfile.ZipFile(filename, 'w') as zf: -+ for entry in files: -+ zf.write(entry) -+ -+ # Cleanup -+ if dirname: -+ shutil.rmtree(dirname) -+ -+ for entry in files: -+ try: -+ os.unlink(entry) -+ except OSError: -+ pass -diff --git a/test/integration/targets/win_unzip/tasks/main.yml b/test/integration/targets/win_unzip/tasks/main.yml -index 2dab84be563b0..a9b8f1ca22998 100644 ---- a/test/integration/targets/win_unzip/tasks/main.yml -+++ b/test/integration/targets/win_unzip/tasks/main.yml -@@ -1,4 +1,3 @@ ----- - - name: create test directory - win_file: - path: '{{ win_unzip_dir }}\output' -@@ -114,3 +113,59 @@ - - unzip_delete is changed - - unzip_delete.removed - - not unzip_delete_actual.stat.exists -+ -+# Path traversal tests (CVE-2020-1737) -+- name: Create zip files -+ script: create_crafty_zip_files.py {{ output_dir }} -+ delegate_to: localhost -+ -+- name: Copy zip files to Windows host -+ win_copy: -+ src: "{{ output_dir }}/{{ item }}.zip" -+ dest: "{{ win_unzip_dir }}/" -+ loop: -+ - hat1 -+ - hat2 -+ - handcuffs -+ - prison -+ -+- name: Perform first trick -+ win_unzip: -+ src: '{{ win_unzip_dir }}\hat1.zip' -+ dest: '{{ win_unzip_dir }}\output' -+ register: hat_trick1 -+ -+- name: Check for file -+ win_stat: -+ path: '{{ win_unzip_dir }}\output\rabbit.txt' -+ register: rabbit -+ -+- name: Perform next tricks (which should all fail) -+ win_unzip: -+ src: '{{ win_unzip_dir }}\{{ item }}.zip' -+ dest: '{{ win_unzip_dir }}\output' -+ ignore_errors: yes -+ register: escape -+ loop: -+ - hat2 -+ - handcuffs -+ - prison -+ -+- name: Search for files -+ win_find: -+ recurse: yes -+ paths: -+ - '{{ win_unzip_dir }}' -+ patterns: -+ - '*houdini.txt' -+ - '*rabbit.txt' -+ register: files -+ -+- name: Check results -+ assert: -+ that: -+ - rabbit.stat.exists -+ - hat_trick1 is success -+ - escape.results | map(attribute='failed') | unique | list == [True] -+ - files.matched == 1 -+ - files.files[0]['filename'] == 'rabbit.txt' diff --git a/ansible.spec b/ansible.spec index 9db3566..8c05b2c 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,8 +9,8 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.6 -Release: 3%{?dist} +Version: 2.9.7 +Release: 1%{?dist} License: GPLv3+ Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz @@ -24,12 +24,6 @@ Patch100: ansible-newer-jinja.patch Url: http://ansible.com BuildArch: noarch -# fix for CVE-2020-1737, https://github.com/ansible/ansible/pull/67935 -Patch0: https://patch-diff.githubusercontent.com/raw/ansible/ansible/pull/67935.patch - -# fix for CVE-2020-1739, https://github.com/ansible/ansible/pull/67829 -Patch1: https://patch-diff.githubusercontent.com/raw/ansible/ansible/pull/67829.patch - # Disable failing test Patch2: ansible-2.9.6-disable-test_build_requirement_from_path_no_version.patch @@ -92,7 +86,7 @@ Requires: python%{python3_pkgversion}-paramiko Requires: python%{python3_pkgversion}-cryptography # accelerate is the only thing that makes keyczar mandatory. Since accelerate # is deprecated, just ignore it -#Requires: python%{python3_pkgversion}-keyczar +#Requires: python%%{python3_pkgversion}-keyczar Requires: python%{python3_pkgversion}-setuptools Requires: python%{python3_pkgversion}-six Requires: python%{python3_pkgversion}-jinja2 @@ -132,8 +126,6 @@ This package installs extensive documentation for ansible %prep %setup -q -n %{name}-%{version} -%patch0 -p1 -%patch1 -p1 %patch2 -p1 %if 0%{?with_python3} @@ -149,6 +141,8 @@ cp -a . %{py3dir} %if 0%{?with_python3} pushd %{py3dir} +# disable the python -s shbang flag as we want to be able to find non system modules +%global py3_shbang_opts %(echo %{py3_shbang_opts} | sed 's/-s//') %py3_build %if %with_docs @@ -288,6 +282,11 @@ cp -pr docs/docsite/rst . %endif %changelog +* Sat Apr 18 2020 Kevin Fenzi - 2.9.7-1 +- Update to 2.9.7. +- fixes CVE-2020-1733 CVE-2020-1735 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 CVE-2020-10684 CVE-2020-10685 CVE-2020-10691 +- Drop the -s from the shebang to allow ansible to use locally installed modules. + * Mon Apr 06 2020 Igor Raits - 2.9.6-3 - Ship ansible-test in both (py2 and py3) variants diff --git a/sources b/sources index 8d89c0b..40a73a1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.6.tar.gz) = 7111fd72b4e029b2f661bfb849b4323b69ea796f8a069ad3120e8de390effa670180c69ca0fd5e0a1c2e444db6d574a52d530a2b0343c76cd81ba963b3c3a7cb +SHA512 (ansible-2.9.7.tar.gz) = ce029441bcafdc5b44c9fda69f183d4defea84ead5628164caf87306cb97efec68c11b2cce728e90f28290640c320549486a6b4e823710f638d1d2e7c35675a4 From 4f1c4934de4070d2dca00618c39fed679c7e0617 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 13 May 2020 08:39:42 -0700 Subject: [PATCH 14/30] Update to 2.9.9. Fixes bug #1834582 Fixes gathering facts on f32+ bug #1832625 --- ansible.spec | 6 +++++- sources | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 8c05b2c..e06854c 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.7 +Version: 2.9.9 Release: 1%{?dist} License: GPLv3+ @@ -282,6 +282,10 @@ cp -pr docs/docsite/rst . %endif %changelog +* Tue May 12 2020 Kevin Fenzi - 2.9.9-1 +- Update to 2.9.9. Fixes bug #1834582 +- Fixes gathering facts on f32+ bug #1832625 + * Sat Apr 18 2020 Kevin Fenzi - 2.9.7-1 - Update to 2.9.7. - fixes CVE-2020-1733 CVE-2020-1735 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 CVE-2020-10684 CVE-2020-10685 CVE-2020-10691 diff --git a/sources b/sources index 40a73a1..c3e5855 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.7.tar.gz) = ce029441bcafdc5b44c9fda69f183d4defea84ead5628164caf87306cb97efec68c11b2cce728e90f28290640c320549486a6b4e823710f638d1d2e7c35675a4 +SHA512 (ansible-2.9.9.tar.gz) = 327c5ece277096f71f10fec2b33a8d2c94ee59b0e22b15bb5ca449da2331b8158239bdbc8e3afd093af358a787f410c7c2e0942010de65a8d9c8719cf83e4abd From 253a0e20253e2a421ce0b5fcf8c27856315142ff Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 18 Jun 2020 20:01:03 -0700 Subject: [PATCH 15/30] Update to 2.9.10. --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index e06854c..217b146 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.9 +Version: 2.9.10 Release: 1%{?dist} License: GPLv3+ @@ -282,6 +282,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Thu Jun 18 2020 Kevin Fenzi - 2.9.10-1 +- Update to 2.9.10. + * Tue May 12 2020 Kevin Fenzi - 2.9.9-1 - Update to 2.9.9. Fixes bug #1834582 - Fixes gathering facts on f32+ bug #1832625 diff --git a/sources b/sources index c3e5855..a11fd3d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.9.tar.gz) = 327c5ece277096f71f10fec2b33a8d2c94ee59b0e22b15bb5ca449da2331b8158239bdbc8e3afd093af358a787f410c7c2e0942010de65a8d9c8719cf83e4abd +SHA512 (ansible-2.9.10.tar.gz) = c0d5e26491f52d1eb8d1c3755903bb6a8d50634df5fb50a970076d49d99cfda424fa60c258a6a5821e01c435a8ef077d46ced4b2f8c4f4a8d381737e6f14afb4 From f8556d2b2c540144d1c6766bcf735b6686bd7b8c Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 21 Jul 2020 18:11:07 -0700 Subject: [PATCH 16/30] Update to 2.9.11. --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 217b146..25ab9bb 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.10 +Version: 2.9.11 Release: 1%{?dist} License: GPLv3+ @@ -282,6 +282,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Tue Jul 21 2020 Kevin Fenzi - 2.9.11-1 +- Update to 2.9.11. + * Thu Jun 18 2020 Kevin Fenzi - 2.9.10-1 - Update to 2.9.10. diff --git a/sources b/sources index a11fd3d..c1bdd24 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.10.tar.gz) = c0d5e26491f52d1eb8d1c3755903bb6a8d50634df5fb50a970076d49d99cfda424fa60c258a6a5821e01c435a8ef077d46ced4b2f8c4f4a8d381737e6f14afb4 +SHA512 (ansible-2.9.11.tar.gz) = b157a5cfb5ba7cb651c7afc0dc92cfe3b8f9eebd06de6d7a1e4917ffca3c542c5207c8e1820acc5be840190c8754f111e2501304ad7e64867247e5b973aec81e From dd2ce3acdd18a74c22646d10fe50c6c98fd99ba7 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 3 Sep 2020 15:24:18 -0700 Subject: [PATCH 17/30] Update to 2.9.13. --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 25ab9bb..265fb5f 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.11 +Version: 2.9.13 Release: 1%{?dist} License: GPLv3+ @@ -282,6 +282,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Thu Sep 03 2020 Kevin Fenzi - 2.9.13-1 +- Update to 2.9.13. + * Tue Jul 21 2020 Kevin Fenzi - 2.9.11-1 - Update to 2.9.11. diff --git a/sources b/sources index c1bdd24..8469a74 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.11.tar.gz) = b157a5cfb5ba7cb651c7afc0dc92cfe3b8f9eebd06de6d7a1e4917ffca3c542c5207c8e1820acc5be840190c8754f111e2501304ad7e64867247e5b973aec81e +SHA512 (ansible-2.9.13.tar.gz) = cb08adf62df0f3650425a5d960baadd7439c7c1e95b8f9df3d08e7504f9622b9e5f7104b8700b0f1e9fe318d349a6a5728e9178f0193fb4a190456e30a2f1eb2 From 08ccba2828afef62145d51b7ad28d735d4ba33ed Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 7 Oct 2020 10:32:56 -0700 Subject: [PATCH 18/30] Update to 2.9.14. --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 265fb5f..f18c255 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.13 +Version: 2.9.14 Release: 1%{?dist} License: GPLv3+ @@ -282,6 +282,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Wed Oct 07 2020 Kevin Fenzi - 2.9.14-1 +- Update to 2.9.14. + * Thu Sep 03 2020 Kevin Fenzi - 2.9.13-1 - Update to 2.9.13. diff --git a/sources b/sources index 8469a74..775d602 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.13.tar.gz) = cb08adf62df0f3650425a5d960baadd7439c7c1e95b8f9df3d08e7504f9622b9e5f7104b8700b0f1e9fe318d349a6a5728e9178f0193fb4a190456e30a2f1eb2 +SHA512 (ansible-2.9.14.tar.gz) = 1c69970629619814c02ff10e9d857d36ddc3ab6b4ff3f4e66fb0ea0b9a2fd5bc2de2c9d550427bcf3c9387d9e0138aff100c9fc1b92838871d7d8fe8a5cca8bd From 293870ba9310352601aebeea816ca585778e7887 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 3 Nov 2020 12:20:08 -0800 Subject: [PATCH 19/30] Update to 2.9.15. --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index f18c255..998eb3f 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.14 +Version: 2.9.15 Release: 1%{?dist} License: GPLv3+ @@ -282,6 +282,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Tue Nov 03 2020 Kevin Fenzi - 2.9.15-1 +- Update to 2.9.15. + * Wed Oct 07 2020 Kevin Fenzi - 2.9.14-1 - Update to 2.9.14. diff --git a/sources b/sources index 775d602..9f47b44 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.14.tar.gz) = 1c69970629619814c02ff10e9d857d36ddc3ab6b4ff3f4e66fb0ea0b9a2fd5bc2de2c9d550427bcf3c9387d9e0138aff100c9fc1b92838871d7d8fe8a5cca8bd +SHA512 (ansible-2.9.15.tar.gz) = 147663d98247f8c6c7aa8aff8c8c973d3641fdaa3e9c682d51daec2ec9afd026e3ca07d459466e2117dfc752572947b1def3a01c707d446ae6d2bf0ebd321a8b From a2cda9721252efaeffe2973c3316b86bd65633fb Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 18 Dec 2020 09:45:56 -0800 Subject: [PATCH 20/30] Update to 2.9.16. --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 998eb3f..5b462fa 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.15 +Version: 2.9.16 Release: 1%{?dist} License: GPLv3+ @@ -282,6 +282,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Fri Dec 18 2020 Kevin Fenzi - 2.9.16-1 +- Update to 2.9.16. + * Tue Nov 03 2020 Kevin Fenzi - 2.9.15-1 - Update to 2.9.15. diff --git a/sources b/sources index 9f47b44..3d64a0a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.15.tar.gz) = 147663d98247f8c6c7aa8aff8c8c973d3641fdaa3e9c682d51daec2ec9afd026e3ca07d459466e2117dfc752572947b1def3a01c707d446ae6d2bf0ebd321a8b +SHA512 (ansible-2.9.16.tar.gz) = f2dd92af2529bc551e4eb0800849866bba90f869a97abbd5822fb6143939a7d59d9c84bb366fc0cb92392e25945cea125dfa377e1301e7ddef08811f0d53ba14 From 0e312817efeea4dee187a52bb32de4045f4f4626 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sun, 24 Jan 2021 13:02:54 -0800 Subject: [PATCH 21/30] Update to 2.9.17. --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 5b462fa..5ed02ba 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.16 +Version: 2.9.17 Release: 1%{?dist} License: GPLv3+ @@ -282,6 +282,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Sun Jan 24 2021 Kevin Fenzi - 2.9.17-1 +- Update to 2.9.17. + * Fri Dec 18 2020 Kevin Fenzi - 2.9.16-1 - Update to 2.9.16. diff --git a/sources b/sources index 3d64a0a..b32e545 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.16.tar.gz) = f2dd92af2529bc551e4eb0800849866bba90f869a97abbd5822fb6143939a7d59d9c84bb366fc0cb92392e25945cea125dfa377e1301e7ddef08811f0d53ba14 +SHA512 (ansible-2.9.17.tar.gz) = 36b94af5925b0996e5cd54df52a1649978f860daf543205b4e8fd2f007d8a950b097ecb94f39354b9f2e44cbe53d20067f803a18dd68cc0ce8b3979e9fe687e6 From c2a9e414689f1818b2b418f693fabd2bb621bf98 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 20 Feb 2021 13:29:45 -0800 Subject: [PATCH 22/30] Update to 2.9.18. Fixes: CVE-2021-20228 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 --- ansible.spec | 6 +++++- sources | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 5ed02ba..941b5f0 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.17 +Version: 2.9.18 Release: 1%{?dist} License: GPLv3+ @@ -282,6 +282,10 @@ cp -pr docs/docsite/rst . %endif %changelog +* Sat Feb 20 2021 Kevin Fenzi - 2.9.18-1 +- Update to 2.9.18. +- Fixes: CVE-2021-20228 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 + * Sun Jan 24 2021 Kevin Fenzi - 2.9.17-1 - Update to 2.9.17. diff --git a/sources b/sources index b32e545..a9e28c0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.17.tar.gz) = 36b94af5925b0996e5cd54df52a1649978f860daf543205b4e8fd2f007d8a950b097ecb94f39354b9f2e44cbe53d20067f803a18dd68cc0ce8b3979e9fe687e6 +SHA512 (ansible-2.9.18.tar.gz) = 912d8f0ed65f2172b6b065f5f9779f93dffe74e4152c706048b079e9a98c8c6ee55662404027a4a9f5a9eaffb6120117eea8e43e4becf0506c9c23003ca01545 From 8ffda638ae4a271a6d333b74cbffe7d8ad97a1d7 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 24 Apr 2021 11:47:25 -0700 Subject: [PATCH 23/30] Update to 2.9.20. Split out ansible-test as a subpackage. --- .gitignore | 1 + ansible.spec | 34 +++++++++++++++++++++++++++++++++- sources | 2 +- 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 1df7dc0..ca7e9d0 100644 --- a/.gitignore +++ b/.gitignore @@ -85,3 +85,4 @@ /ansible-2.8.4.tar.gz /ansible-2.8.5.tar.gz /ansible-2.9.0.tar.gz +/ansible-2.9.20.tar.gz diff --git a/ansible.spec b/ansible.spec index 941b5f0..8f4cbc4 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.18 +Version: 2.9.20 Release: 1%{?dist} License: GPLv3+ @@ -123,6 +123,25 @@ are transferred to managed machines automatically. This package installs extensive documentation for ansible +%if 0%{?with_python2} +# split out ansible-test for python2 only +%package -n ansible-test +Summary: Tool for testing ansible plugin and module code +Requires: %{name} = %{version}-%{release} +Requires: python-virtualenv +BuildRequires: python-virtualenv + +%description -n ansible-test +Ansible is a radically simple model-driven configuration management, +multi-node deployment, and remote task execution system. Ansible works +over SSH and does not require any software or daemons to be installed +on remote nodes. Extension modules can be written in any language and +are transferred to managed machines automatically. + +This package installs the ansible-test command for testing modules and plugins +developed for ansible. +%endif + %prep %setup -q -n %{name}-%{version} @@ -251,16 +270,19 @@ cp -pr docs/docsite/rst . %files %if 0%{?with_python2} %{python2_sitelib}/ansible* +%exclude %{python2_sitelib}/ansible_test %endif %{_bindir}/ansible* %if 0%{?with_python3} && 0%{?with_python2} %exclude %{_bindir}/ansible*-3* +%exclude %{python3_sitelib}/ansible_test %endif # python3 and 2 %config(noreplace) %{_sysconfdir}/ansible/ %{_datadir}/ansible/ %doc README.rst PKG-INFO COPYING changelogs/CHANGELOG-v2.9.rst %doc %{_mandir}/man1/ansible* +%exclude %{_bindir}/ansible-test %if 0%{?with_python3} %if 0%{?with_python2} @@ -281,7 +303,17 @@ cp -pr docs/docsite/rst . %doc html %endif +%if 0%{?with_python2} +%files -n ansible-test +%{_bindir}/ansible-test +%{python2_sitelib}/ansible_test +%endif + %changelog +* Sat Apr 24 2021 Kevin Fenzi - 2.9.20-1 +- Update to 2.9.20. +- Split out ansible-test as a subpackage. + * Sat Feb 20 2021 Kevin Fenzi - 2.9.18-1 - Update to 2.9.18. - Fixes: CVE-2021-20228 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 diff --git a/sources b/sources index a9e28c0..621a901 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.18.tar.gz) = 912d8f0ed65f2172b6b065f5f9779f93dffe74e4152c706048b079e9a98c8c6ee55662404027a4a9f5a9eaffb6120117eea8e43e4becf0506c9c23003ca01545 +SHA512 (ansible-2.9.20.tar.gz) = 26d8c379bdea3950a3ab67acb783e31faf1fa76187530ccb01448e1da4139a052b1eb17395d47705cb5aa4c71b0d5e3cb214c5c32074eaa1a5c0bebc609b2b8f From 080fcc284e2f4bb4341bbadeae14458e505e1805 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 4 May 2021 13:32:47 -0700 Subject: [PATCH 24/30] Update to 2.9.21. --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 8f4cbc4..0202dba 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.20 +Version: 2.9.21 Release: 1%{?dist} License: GPLv3+ @@ -310,6 +310,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Tue May 04 2021 Kevin Fenzi - 2.9.21-1 +- Update to 2.9.21. + * Sat Apr 24 2021 Kevin Fenzi - 2.9.20-1 - Update to 2.9.20. - Split out ansible-test as a subpackage. diff --git a/sources b/sources index 621a901..869c1ac 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.20.tar.gz) = 26d8c379bdea3950a3ab67acb783e31faf1fa76187530ccb01448e1da4139a052b1eb17395d47705cb5aa4c71b0d5e3cb214c5c32074eaa1a5c0bebc609b2b8f +SHA512 (ansible-2.9.21.tar.gz) = 572f04736bea590770db9b58e7fca8cf3b53b858a0cd2e16667e9d1935d173fa2a0a116d04e0ed976095fbd6b8cd878d21d3e5c4749046b39d121b9ac8b5c441 From 46ea40e316aea502a7428733354ee00c45d17646 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 24 May 2021 16:49:38 -0700 Subject: [PATCH 25/30] Update to 2.9.22. --- .gitignore | 20 ++++++++++++++++++++ ansible.spec | 5 ++++- sources | 2 +- 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index ca7e9d0..f62e90f 100644 --- a/.gitignore +++ b/.gitignore @@ -84,5 +84,25 @@ /ansible-2.8.3.tar.gz /ansible-2.8.4.tar.gz /ansible-2.8.5.tar.gz +/ansible-2.8.6.tar.gz /ansible-2.9.0.tar.gz +/ansible-2.9.1.tar.gz +/ansible-2.9.2.tar.gz +/ansible-2.9.3.tar.gz +/ansible-2.9.4.tar.gz +/ansible-2.9.5.tar.gz +/ansible-2.9.6.tar.gz +/ansible-2.9.7.tar.gz +/ansible-2.9.9.tar.gz +/ansible-2.9.10.tar.gz +/ansible-2.9.11.tar.gz +/ansible-2.9.12.tar.gz +/ansible-2.9.13.tar.gz +/ansible-2.9.14.tar.gz +/ansible-2.9.15.tar.gz +/ansible-2.9.16.tar.gz +/ansible-2.9.17.tar.gz +/ansible-2.9.18.tar.gz /ansible-2.9.20.tar.gz +/ansible-2.9.21.tar.gz +/ansible-2.9.22.tar.gz diff --git a/ansible.spec b/ansible.spec index 0202dba..d21b2eb 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.21 +Version: 2.9.22 Release: 1%{?dist} License: GPLv3+ @@ -310,6 +310,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Mon May 24 2021 Kevin Fenzi - 2.9.22-1 +- Update to 2.9.22. + * Tue May 04 2021 Kevin Fenzi - 2.9.21-1 - Update to 2.9.21. diff --git a/sources b/sources index 869c1ac..4b887e6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.21.tar.gz) = 572f04736bea590770db9b58e7fca8cf3b53b858a0cd2e16667e9d1935d173fa2a0a116d04e0ed976095fbd6b8cd878d21d3e5c4749046b39d121b9ac8b5c441 +SHA512 (ansible-2.9.22.tar.gz) = f6d32b1a24aaa21d525ea9f173c8139a74580b553df9a88bc542c1e04ce43139004d86ff659cd3f0e3e138dca8b0ae1912ff0deca746ed8e0681824ea8646f95 From 898acbd88fab22369c70782bc69ac193b820ec99 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 22 Jun 2021 17:06:55 -0700 Subject: [PATCH 26/30] Update to 2.9.23. Fixes rhbz#1974592 Add patch for Rocky Linux. Fixes rhbz#1968728 --- ansible-2.9.22-rocky.patch | 76 ++++++++++++++++++++++++++++++++++++++ ansible.spec | 9 ++++- sources | 2 +- 3 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 ansible-2.9.22-rocky.patch diff --git a/ansible-2.9.22-rocky.patch b/ansible-2.9.22-rocky.patch new file mode 100644 index 0000000..5f6c967 --- /dev/null +++ b/ansible-2.9.22-rocky.patch @@ -0,0 +1,76 @@ +diff --color -Nur ansible.2.9.22.orig/lib/ansible/modules/system/hostname.py ansible-2.9.22/lib/ansible/modules/system/hostname.py +--- ansible.2.9.22.orig/lib/ansible/modules/system/hostname.py 2021-05-24 14:18:02.000000000 -0700 ++++ ansible-2.9.22/lib/ansible/modules/system/hostname.py 2021-06-19 10:09:53.078883364 -0700 +@@ -782,6 +782,10 @@ + distribution = 'Neon' + strategy_class = DebianStrategy + ++class RockyLinuxHostname(Hostname): ++ platform = 'Linux' ++ distribution = 'Rocky' ++ strategy_class = SystemdStrategy + + def main(): + module = AnsibleModule( +diff --color -Nur ansible.2.9.22.orig/lib/ansible/module_utils/facts/system/distribution.py ansible-2.9.22/lib/ansible/module_utils/facts/system/distribution.py +--- ansible.2.9.22.orig/lib/ansible/module_utils/facts/system/distribution.py 2021-05-24 14:18:01.000000000 -0700 ++++ ansible-2.9.22/lib/ansible/module_utils/facts/system/distribution.py 2021-06-19 10:09:38.680877684 -0700 +@@ -467,7 +467,7 @@ + OS_FAMILY_MAP = {'RedHat': ['RedHat', 'Fedora', 'CentOS', 'Scientific', 'SLC', + 'Ascendos', 'CloudLinux', 'PSBM', 'OracleLinux', 'OVS', + 'OEL', 'Amazon', 'Virtuozzo', 'XenServer', 'Alibaba', +- 'AlmaLinux'], ++ 'AlmaLinux', 'Rocky'], + 'Debian': ['Debian', 'Ubuntu', 'Raspbian', 'Neon', 'KDE neon', + 'Linux Mint', 'SteamOS', 'Devuan', 'Kali', 'Cumulus Linux'], + 'Suse': ['SuSE', 'SLES', 'SLED', 'openSUSE', 'openSUSE Tumbleweed', +diff --color -Nur ansible.2.9.22.orig/test/units/module_utils/facts/system/distribution/fixtures/rockylinux_8_3.json ansible-2.9.22/test/units/module_utils/facts/system/distribution/fixtures/rockylinux_8_3.json +--- ansible.2.9.22.orig/test/units/module_utils/facts/system/distribution/fixtures/rockylinux_8_3.json 1969-12-31 16:00:00.000000000 -0800 ++++ ansible-2.9.22/test/units/module_utils/facts/system/distribution/fixtures/rockylinux_8_3.json 2021-06-19 10:12:39.019948830 -0700 +@@ -0,0 +1,46 @@ ++{ ++ "name": "Rocky 8.3", ++ "distro": { ++ "codename": "", ++ "id": "rocky", ++ "name": "Rocky Linux", ++ "version": "8.3", ++ "version_best": "8.3", ++ "lsb_release_info": {}, ++ "os_release_info": { ++ "name": "Rocky Linux", ++ "version": "8.3", ++ "id": "rocky", ++ "id_like": "rhel fedora", ++ "version_id": "8.3", ++ "platform_id": "platform:el8", ++ "pretty_name": "Rocky Linux 8.3", ++ "ansi_color": "0;31", ++ "cpe_name": "cpe:/o:rocky:rocky:8", ++ "home_url": "https://rockylinux.org/", ++ "bug_report_url": "https://bugs.rockylinux.org/", ++ "rocky_support_product": "Rocky Linux", ++ "rocky_support_product_version": "8" ++ } ++ }, ++ "input": { ++ "/etc/redhat-release": "Rocky Linux release 8.3\n", ++ "/etc/system-release": "Rocky Linux release 8.3\n", ++ "/etc/rocky-release": "Rocky Linux release 8.3\n", ++ "/etc/os-release": "NAME=\"Rocky Linux\"\nVERSION=\"8.3\"\nID=\"rocky\"\nID_LIKE=\"rhel fedora\"\nVERSION_ID=\"8.3\"\nPLATFORM_ID=\"platform:el8\"\nPRETTY_NAME=\"Rocky Linux 8.3\"\nANSI_COLOR=\"0;31\"\nCPE_NAME=\"cpe:/o:rocky:rocky:8\"\nHOME_URL=\"https://rockylinux.org/\"\nBUG_REPORT_URL=\"https://bugs.rockylinux.org/\"\nROCKY_SUPPORT_PRODUCT=\"Rocky Linux\"\nROCKY_SUPPORT_PRODUCT_VERSION=\"8\"\n", ++ "/usr/lib/os-release": "NAME=\"Rocky Linux\"\nVERSION=\"8.3\"\nID=\"rocky\"\nID_LIKE=\"rhel fedora\"\nVERSION_ID=\"8.3\"\nPLATFORM_ID=\"platform:el8\"\nPRETTY_NAME=\"Rocky Linux 8.3\"\nANSI_COLOR=\"0;31\"\nCPE_NAME=\"cpe:/o:rocky:rocky:8\"\nHOME_URL=\"https://rockylinux.org/\"\nBUG_REPORT_URL=\"https://bugs.rockylinux.org/\"\nROCKY_SUPPORT_PRODUCT=\"Rocky Linux\"\nROCKY_SUPPORT_PRODUCT_VERSION=\"8\"\n" ++ }, ++ "platform.dist": [ ++ "rocky", ++ "8.3", ++ "" ++ ], ++ "result": { ++ "distribution": "Rocky", ++ "distribution_version": "8.3", ++ "distribution_release": "NA", ++ "distribution_major_version": "8", ++ "os_family": "RedHat" ++ }, ++ "platform.release": "4.18.0-240.22.1.el8.x86_64" ++} diff --git a/ansible.spec b/ansible.spec index d21b2eb..93494d9 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.22 +Version: 2.9.23 Release: 1%{?dist} License: GPLv3+ @@ -24,6 +24,9 @@ Patch100: ansible-newer-jinja.patch Url: http://ansible.com BuildArch: noarch +# add patch for Rocky linux: rhbz#1968728 +Patch1: ansible-2.9.22-rocky.patch + # Disable failing test Patch2: ansible-2.9.6-disable-test_build_requirement_from_path_no_version.patch @@ -310,6 +313,10 @@ cp -pr docs/docsite/rst . %endif %changelog +* Tue Jun 22 2021 Kevin Fenzi - 2.9.23-1 +- Update to 2.9.23. Fixes rhbz#1974592 +- Add patch for Rocky Linux. Fixes rhbz#1968728 + * Mon May 24 2021 Kevin Fenzi - 2.9.22-1 - Update to 2.9.22. diff --git a/sources b/sources index 4b887e6..d86d9ce 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.22.tar.gz) = f6d32b1a24aaa21d525ea9f173c8139a74580b553df9a88bc542c1e04ce43139004d86ff659cd3f0e3e138dca8b0ae1912ff0deca746ed8e0681824ea8646f95 +SHA512 (ansible-2.9.23.tar.gz) = dea2d2db4a357d64c76848225ea83d8f26b74ed81bb24eaf35d5397042f4f4703dbf5d3b9f8e549e03b87ff8811a40968214902eda6ff71dd4e050fa6b46106a From 8608b6c9f8417be558465f0ff9c7773c2b08ab5b Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sun, 25 Jul 2021 15:30:55 -0700 Subject: [PATCH 27/30] Update to 2.9.24. Fixes rhbz#1983837 --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index 93494d9..14c6930 100644 --- a/ansible.spec +++ b/ansible.spec @@ -9,7 +9,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.23 +Version: 2.9.24 Release: 1%{?dist} License: GPLv3+ @@ -313,6 +313,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Sun Jul 25 2021 Kevin Fenzi - 2.9.24-1 +- Update to 2.9.24. Fixes rhbz#1983837 + * Tue Jun 22 2021 Kevin Fenzi - 2.9.23-1 - Update to 2.9.23. Fixes rhbz#1974592 - Add patch for Rocky Linux. Fixes rhbz#1968728 diff --git a/sources b/sources index d86d9ce..0be9fdc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.23.tar.gz) = dea2d2db4a357d64c76848225ea83d8f26b74ed81bb24eaf35d5397042f4f4703dbf5d3b9f8e549e03b87ff8811a40968214902eda6ff71dd4e050fa6b46106a +SHA512 (ansible-2.9.24.tar.gz) = a48746ca3827604655847292f58283ba554320d5155da1d98a8bed6bfa9f12d5b81a2a2e9864de88c25c3a4fc7a578a93d7d32279635bffb8972a69434c73b0b From ebf233cd8f2c19b58090532c757932131b2539be Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 28 Jul 2021 11:14:52 -0700 Subject: [PATCH 28/30] Actually apply rocky linux patch. --- ansible.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ansible.spec b/ansible.spec index 14c6930..a0c9c99 100644 --- a/ansible.spec +++ b/ansible.spec @@ -10,7 +10,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system Version: 2.9.24 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv3+ Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz @@ -148,6 +148,7 @@ developed for ansible. %prep %setup -q -n %{name}-%{version} +%patch1 -p1 %patch2 -p1 %if 0%{?with_python3} @@ -313,6 +314,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Wed Jul 28 2021 Kevin Fenzi - 2.9.24-2 +- Actually apply rocky linux patch. + * Sun Jul 25 2021 Kevin Fenzi - 2.9.24-1 - Update to 2.9.24. Fixes rhbz#1983837 From 4b75be1a734905ad8f4b01c7a00635243715795a Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 21 Aug 2021 13:02:43 -0700 Subject: [PATCH 29/30] Update to 2.9.25 --- ansible.spec | 9 +++++++-- sources | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ansible.spec b/ansible.spec index a0c9c99..e41e822 100644 --- a/ansible.spec +++ b/ansible.spec @@ -7,10 +7,12 @@ %global with_python3 1 %global with_python2 1 +%global py3dir %{_builddir}/python3-%{name}-%{version}-%{release} + Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.24 -Release: 2%{?dist} +Version: 2.9.25 +Release: 1%{?dist} License: GPLv3+ Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz @@ -314,6 +316,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Sat Aug 21 2021 Kevin Fenzi - 2.9.25-1 +- Update to 2.9.25 + * Wed Jul 28 2021 Kevin Fenzi - 2.9.24-2 - Actually apply rocky linux patch. diff --git a/sources b/sources index 0be9fdc..66347cf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.24.tar.gz) = a48746ca3827604655847292f58283ba554320d5155da1d98a8bed6bfa9f12d5b81a2a2e9864de88c25c3a4fc7a578a93d7d32279635bffb8972a69434c73b0b +SHA512 (ansible-2.9.25.tar.gz) = 420b7580d7c5f5215f5557cf73b0be82168274fcfdc2f1ce6be8c88021c9f46e3928a247cefd0887388b30ec9d6412a26d346dd78ad013d0475af460ac58cf44 From 9c10df76b32c0f36b248c647326cff2e3359a493 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 15 Jan 2022 13:51:43 -0800 Subject: [PATCH 30/30] Update to 2.9.27. Fixes rhbz#2012918 --- ansible.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible.spec b/ansible.spec index e41e822..0ca3421 100644 --- a/ansible.spec +++ b/ansible.spec @@ -11,7 +11,7 @@ Name: ansible Summary: SSH-based configuration management, deployment, and task execution system -Version: 2.9.25 +Version: 2.9.27 Release: 1%{?dist} License: GPLv3+ @@ -316,6 +316,9 @@ cp -pr docs/docsite/rst . %endif %changelog +* Sat Jan 15 2022 Kevin Fenzi - 2.9.27-1 +- Update to 2.9.27. Fixes rhbz#2012918 + * Sat Aug 21 2021 Kevin Fenzi - 2.9.25-1 - Update to 2.9.25 diff --git a/sources b/sources index 66347cf..7c459ad 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ansible-2.9.25.tar.gz) = 420b7580d7c5f5215f5557cf73b0be82168274fcfdc2f1ce6be8c88021c9f46e3928a247cefd0887388b30ec9d6412a26d346dd78ad013d0475af460ac58cf44 +SHA512 (ansible-2.9.27.tar.gz) = 99987b8a1d243ef3496d66178774c33b05951daaff584b12e645c0176391805f90d00780e86adec01316b28645287489326218c0de7c10084552da90848735c7