packages/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:430bc2e006e95d6efc36a0af27751298892c7891
Branches Tags
packages:main
...
compare: packages:96b6eb62de093492c9164c429b455fff79a88852
Branches Tags
packages:main

10 Commits
430bc2e006 ... 96b6eb62de

Author SHA1 Message Date
openeuler-ci-bot
96b6eb62de
!67 [sync] PR-64: Fix CVE-2024-0690 
From: @openeuler-sync-bot 
Reviewed-by: @wk333 
Signed-off-by: @wk333
 2024-02-06 03:00:03 +00:00
wk333
e18a775b86 Fix CVE-2024-0690 
(cherry picked from commit 3886a3aa963e299ee7e61f14df6ae9d62512bd04)
 2024-02-06 09:16:57 +08:00
openeuler-ci-bot
f14d2414a6
!54 Remove with_python3 macros and python3-nose buildRequire 
From: @lyn1001 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
 2023-04-20 00:53:54 +00:00
openeuler-ci-bot
1a631cbd8e Remove with_python3 macros and python3-nose buildRequire 2023-04-19 17:38:59 +08:00
openeuler-ci-bot
3311c760c9
!46 Remove require python-keyczar and modify require crypto to cryptography 
From: @huangtianhua 
Reviewed-by: @overweight 
Signed-off-by: @overweight
 2022-03-21 01:59:34 +00:00
huangtianhua
c64c934540 Remove require python-keyczar and modify require crypto to cryptography 
ansible removed keyczar after 2.3 and migrated to use
cryptography instead of crypto.
 2022-03-18 17:26:03 +08:00
openeuler-ci-bot
7a7ca787ce
!45 Hostname module support openEuler 
From: @wk333 
Reviewed-by: @overweight 
Signed-off-by: @overweight
 2022-03-01 03:31:03 +00:00
wk333
996e927172 Hostname module support openEuler 2022-03-01 09:39:38 +08:00
openeuler-ci-bot
42172d7ee0
!38 ansible升级至2.9.27 
Merge pull request !38 from 吴磊磊/openEuler-22.03-LTS-Next
 2022-01-13 06:41:25 +00:00
wu-leilei
fd47138b5a package update 2022-01-12 16:55:08 +08:00
4 changed files with 158 additions and 27 deletions
Show Stats Expand all files Collapse all files

91
CVE-2024-0690.patch Normal file
View File

@ -0,0 +1,91 @@
From beb04bc2642c208447c5a936f94310528a1946b1 Mon Sep 17 00:00:00 2001
From: Matt Martz <matt@sivel.net>
Date: Thu, 18 Jan 2024 17:17:23 -0600
Subject: [PATCH] [stable-2.14] Ensure ANSIBLE_NO_LOG is respected
(CVE-2024-0690) (#82565) (#82568)
Origin: https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1
(cherry picked from commit 6935c8e)
---
changelogs/fragments/cve-2024-0690.yml | 2 ++
lib/ansible/playbook/base.py | 2 +-
lib/ansible/playbook/play_context.py | 4 ----
test/integration/targets/no_log/no_log_config.yml | 13 +++++++++++++
test/integration/targets/no_log/runme.sh | 5 +++++
5 files changed, 21 insertions(+), 5 deletions(-)
create mode 100644 changelogs/fragments/cve-2024-0690.yml
create mode 100644 test/integration/targets/no_log/no_log_config.yml
diff --git a/changelogs/fragments/cve-2024-0690.yml b/changelogs/fragments/cve-2024-0690.yml
new file mode 100644
index 00000000..0e030d88
--- /dev/null
+++ b/changelogs/fragments/cve-2024-0690.yml
@@ -0,0 +1,2 @@
+security_fixes:
+- ANSIBLE_NO_LOG - Address issue where ANSIBLE_NO_LOG was ignored (CVE-2024-0690)
diff --git a/lib/ansible/playbook/base.py b/lib/ansible/playbook/base.py
index 0f4dc4e4..172963a2 100644
--- a/lib/ansible/playbook/base.py
+++ b/lib/ansible/playbook/base.py
@@ -613,7 +613,7 @@ class Base(FieldAttributeBase):
# flags and misc. settings
_environment = FieldAttribute(isa='list', extend=True, prepend=True)
- _no_log = FieldAttribute(isa='bool')
+ _no_log = FieldAttribute(isa='bool', default=C.DEFAULT_NO_LOG)
_run_once = FieldAttribute(isa='bool')
_ignore_errors = FieldAttribute(isa='bool')
_ignore_unreachable = FieldAttribute(isa='bool')
diff --git a/lib/ansible/playbook/play_context.py b/lib/ansible/playbook/play_context.py
index 10dd57aa..5b8b2852 100644
--- a/lib/ansible/playbook/play_context.py
+++ b/lib/ansible/playbook/play_context.py
@@ -318,10 +318,6 @@ class PlayContext(Base):
if not new_info.connection_user:
new_info.connection_user = new_info.remote_user
- # set no_log to default if it was not previously set
- if new_info.no_log is None:
- new_info.no_log = C.DEFAULT_NO_LOG
-
if task.check_mode is not None:
new_info.check_mode = task.check_mode
diff --git a/test/integration/targets/no_log/no_log_config.yml b/test/integration/targets/no_log/no_log_config.yml
new file mode 100644
index 00000000..8a508805
--- /dev/null
+++ b/test/integration/targets/no_log/no_log_config.yml
@@ -0,0 +1,13 @@
+- hosts: testhost
+ gather_facts: false
+ tasks:
+ - debug:
+ no_log: true
+
+ - debug:
+ no_log: false
+
+ - debug:
+
+ - debug:
+ loop: '{{ range(3) }}'
diff --git a/test/integration/targets/no_log/runme.sh b/test/integration/targets/no_log/runme.sh
index bb5c048f..8bfe019b 100755
--- a/test/integration/targets/no_log/runme.sh
+++ b/test/integration/targets/no_log/runme.sh
@@ -19,3 +19,8 @@ set -eux
# test invalid data passed to a suboption
[ "$(ansible-playbook no_log_suboptions_invalid.yml -i ../../inventory -vvvvv "$@" | grep -Ec '(SUPREME|IDIOM|MOCKUP|EDUCATED|FOOTREST|CRAFTY|FELINE|CRYSTAL|EXPECTANT|AGROUND|GOLIATH|FREEFALL)')" = "0" ]
+
+# test variations on ANSIBLE_NO_LOG
+[ "$(ansible-playbook no_log_config.yml -i ../../inventory -vvvvv "$@" | grep -Ec 'the output has been hidden')" = "1" ]
+[ "$(ANSIBLE_NO_LOG=0 ansible-playbook no_log_config.yml -i ../../inventory -vvvvv "$@" | grep -Ec 'the output has been hidden')" = "1" ]
+[ "$(ANSIBLE_NO_LOG=1 ansible-playbook no_log_config.yml -i ../../inventory -vvvvv "$@" | grep -Ec 'the output has been hidden')" = "6" ]
--
2.33.0

BIN
ansible-2.9.24.tar.gz → ansible-2.9.27.tar.gz
View File

Binary file not shown.

54
ansible.spec
View File

@ -1,5 +1,4 @@
%global with_docs 0 %global with_docs 0
%global with_python3 1
%global common_desc \ %global common_desc \
Ansible is a radically simple model-driven configuration management,\ Ansible is a radically simple model-driven configuration management,\
multi-node deployment, and remote task execution system. Ansible works \ multi-node deployment, and remote task execution system. Ansible works \
@ -10,41 +9,35 @@
Name: ansible Name: ansible
Summary: SSH-based configuration management, deployment, and task execution system Summary: SSH-based configuration management, deployment, and task execution system
Version: 2.9.24 Version: 2.9.27
Release: 3 Release: 4
License: Python-2.0 and MIT and GPL+ License: Python-2.0 and MIT and GPL+
Url: http://ansible.com Url: http://ansible.com
Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz
Patch0: hostname-module-support-openEuler.patch
Patch1: CVE-2024-0690.patch
BuildArch: noarch BuildArch: noarch
Provides: ansible-fireball = %{version}-%{release} Provides: ansible-fireball = %{version}-%{release}
Obsoletes: ansible-fireball < 1.2.4 Obsoletes: ansible-fireball < 1.2.4
BuildRequires: python3-jinja2 python3-devel python3-packaging python3-pyyaml BuildRequires: python3-jinja2 python3-devel python3-packaging python3-pyyaml python3-setuptools
Requires: python3-PyYAML python3-crypto python3-paramiko python3-keyczar BuildRequires: python3-PyYAML python3-paramiko python3-cryptography
BuildRequires: python3-pexpect python3-pywinrm git-core
BuildRequires: python3-six python3-pytest python3-pytest-xdist
BuildRequires: python3-pytest-mock python3-requests python3-coverage python3-mock
BuildRequires: python3-boto3 python3-botocore python3-passlib
Requires: python3-PyYAML python3-cryptography python3-paramiko
Requires: python3-setuptools python3-six sshpass python3-httplib2 Requires: python3-setuptools python3-six sshpass python3-httplib2
Requires: python3-jmespath python3-jinja2 Requires: python3-jmespath python3-jinja2
Recommends: %{name}-help = %{version}-%{release} Recommends: %{name}-help = %{version}-%{release}
%description
%{common_desc}
%if 0%{?with_python3}
Provides: ansible-python3 = %{version}-%{release} Provides: ansible-python3 = %{version}-%{release}
Obsoletes: ansible-python3 < %{version}-%{release} Obsoletes: ansible-python3 < %{version}-%{release}
BuildRequires: python3-devel python3-setuptools
BuildRequires: python3-PyYAML python3-paramiko python3-crypto python3-packaging
BuildRequires: python3-pexpect python3-winrm
BuildRequires: git-core
%if %with_docs %if %with_docs
BuildRequires: python3-sphinx python3-sphinx-theme-alabaster asciidoc BuildRequires: python3-sphinx python3-sphinx-theme-alabaster asciidoc
%endif %endif
BuildRequires: python3-six python3-nose python3-pytest python3-pytest-xdist
BuildRequires: python3-pytest-mock python3-requests python3-coverage python3-mock
BuildRequires: python3-boto3 python3-botocore python3-passlib python3-jinja2
Requires: python3-PyYAML python3-paramiko python3-crypto python3-setuptools python3-six
Requires: python3-jinja2 sshpass python3-jmespath
%description %description
%{common_desc} %{common_desc}
%endif
%package -n ansible-help %package -n ansible-help
Summary: Documentation for Ansible Summary: Documentation for Ansible
@ -54,14 +47,11 @@ Obsoletes: %{name}-doc < %{name}-%{release}
%{common_desc} %{common_desc}
%prep %prep
%setup -q %autosetup -p1
%if 0%{?with_python3}
rm -rf %{py3dir} rm -rf %{py3dir}
cp -a . %{py3dir} cp -a . %{py3dir}
%endif
%build %build
%if 0%{?with_python3}
pushd %{py3dir} pushd %{py3dir}
%py3_build %py3_build
%if %with_docs %if %with_docs
@ -69,10 +59,8 @@ pushd %{py3dir}
make PYTHON=/usr/bin/python3 SPHINXBUILD=sphinx-build-3 webdocs make PYTHON=/usr/bin/python3 SPHINXBUILD=sphinx-build-3 webdocs
%endif %endif
popd popd
%endif
%install %install
%if 0%{?with_python3}
pushd %{py3dir} pushd %{py3dir}
%{__python3} setup.py install --root=$RPM_BUILD_ROOT %{__python3} setup.py install --root=$RPM_BUILD_ROOT
popd popd
@ -82,7 +70,6 @@ for i in $RPM_BUILD_ROOT/%{_bindir}/ansible* ; do
ln -s %{_bindir}/$(basename $i)-%{python3_version} $i-3 ln -s %{_bindir}/$(basename $i)-%{python3_version} $i-3
fi fi
done done
%endif
mkdir -p $RPM_BUILD_ROOT/etc/ansible/ mkdir -p $RPM_BUILD_ROOT/etc/ansible/
mkdir -p $RPM_BUILD_ROOT/etc/ansible/roles/ mkdir -p $RPM_BUILD_ROOT/etc/ansible/roles/
cp examples/hosts $RPM_BUILD_ROOT/etc/ansible/ cp examples/hosts $RPM_BUILD_ROOT/etc/ansible/
@ -103,9 +90,7 @@ cp -pr docs/docsite/rst .
%{_bindir}/ansible* %{_bindir}/ansible*
%config(noreplace) %{_sysconfdir}/ansible/ %config(noreplace) %{_sysconfdir}/ansible/
%doc %{_mandir}/man1/ansible* %doc %{_mandir}/man1/ansible*
%if 0%{?with_python3}
%{python3_sitelib}/ansible* %{python3_sitelib}/ansible*
%endif
%files -n ansible-help %files -n ansible-help
%doc rst %doc rst
@ -114,6 +99,21 @@ cp -pr docs/docsite/rst .
%endif %endif
%changelog %changelog
* Mon Feb 05 2024 wangkai <13474090681@163.com> - 2.9.27-4
- Fix CVE-2024-0690
* Wed Apr 19 2023 liyanan <thistleslyn@163.com> - 2.9.27-3
- Remove with_python3 macros and python3-nose buildRequire
* Fri Mar 18 2022 huangtianhua <huangtianhua@huawei.com> - 2.9.27-2
- Remove require python-keyczar and modify require crypto to cryptography
* Tue Mar 01 2022 wangkai <wangkai385@huawei.com> - 2.9.27-1
- Hostname module support openEuler
* Wed Jan 12 2022 wulei <wulei80@huawei.com> - 2.9.27-0
- Package update
* Thu Oct 28 2021 liwu <liwu13@huawei.com> - 2.9.24-3 * Thu Oct 28 2021 liwu <liwu13@huawei.com> - 2.9.24-3
- The upstream community rolls back the patch - The upstream community rolls back the patch

40
hostname-module-support-openEuler.patch Normal file
View File

@ -0,0 +1,40 @@
From ae7a72600932ba4a1c1a3c85115f9b609afb7bd5 Mon Sep 17 00:00:00 2001
Date: Mon, 28 Feb 2022 20:02:47 +0800
Subject: [PATCH 1/1] hostname module support openEuler
---
lib/ansible/module_utils/facts/system/distribution.py | 2 +-
lib/ansible/modules/system/hostname.py | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/ansible/module_utils/facts/system/distribution.py b/lib/ansible/module_utils/facts/system/distribution.py
index 09b5a5fd..9046a34a 100644
--- a/lib/ansible/module_utils/facts/system/distribution.py
+++ b/lib/ansible/module_utils/facts/system/distribution.py
@@ -467,7 +467,7 @@ class Distribution(object):
OS_FAMILY_MAP = {'RedHat': ['RedHat', 'Fedora', 'CentOS', 'Scientific', 'SLC',
'Ascendos', 'CloudLinux', 'PSBM', 'OracleLinux', 'OVS',
'OEL', 'Amazon', 'Virtuozzo', 'XenServer', 'Alibaba',
- 'AlmaLinux'],
+ 'AlmaLinux', 'openEuler'],
'Debian': ['Debian', 'Ubuntu', 'Raspbian', 'Neon', 'KDE neon',
'Linux Mint', 'SteamOS', 'Devuan', 'Kali', 'Cumulus Linux'],
'Suse': ['SuSE', 'SLES', 'SLED', 'openSUSE', 'openSUSE Tumbleweed',
diff --git a/lib/ansible/modules/system/hostname.py b/lib/ansible/modules/system/hostname.py
index bfc24b35..f10739c5 100644
--- a/lib/ansible/modules/system/hostname.py
+++ b/lib/ansible/modules/system/hostname.py
@@ -782,6 +782,10 @@ class NeonHostname(Hostname):
distribution = 'Neon'
strategy_class = DebianStrategy
+class OpenEulerHostname(Hostname):
+ platform = 'Linux'
+ distribution = 'Openeuler'
+ strategy_class = SystemdStrategy
def main():
module = AnsibleModule(
--
2.27.0