|
|
|
|
Changelog for ansible-2.9.27-5.8.noarch.rpm :
* Tue Dec 14 2021 Pablo Suárez Hernández - Require python macros for building * Mon Oct 11 2021 Michael Ströder - update to 2.9.27 (jsc#SLE-23631) (jsc#SLE-24133) * bsc#1187725 CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) * bsc#1188061 CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) * bsc#1176460 gh#ansible/ansible#72094 ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) * Tue Sep 14 2021 Michael Ströder - update to 2.9.26 * Tue Aug 17 2021 Michael Ströder - Update to 2.9.25 * Tue Jul 20 2021 Michael Ströder - update to 2.9.24 maintenance release containing numerous bugfixes * Mon Jul 12 2021 Steve Kowalik - If building with Python 3, change the shebang of the test scripts shipped in ansible-test to be /usr/bin/python3. * Thu Jun 24 2021 Michael Ströder - recommend installation of python-selinux (boo#1187531) * Tue Jun 22 2021 Michael Ströder - Update to 2.9.23, bug-fix release with security fix: * templating engine fix for not preserving unsafe status when trying to preserve newlines. CVE-2021-3583 * Wed Jun 02 2021 Stefan Seyfried - update to 2.9.22 * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values * Tue May 04 2021 Michael Ströder - update to 2.9.21 * Fri Apr 16 2021 Alexander Graul - Drop python-coverage run-time requirement from openSUSE/SLE * Fri Apr 16 2021 Alexander Graul - Switch to python3-cryptography in openSUSE/SLE * Tue Apr 13 2021 Michael Ströder - update to version 2.9.20 maintenance release containing numerous bugfixes * Tue Mar 16 2021 Michael Ströder - update to version 2.9.19 with minor changes and a few bug fixes * Fri Feb 19 2021 Michael Ströder - update to version 2.9.18 * CVE-2021-20228 where default and fallback values for no_log parameters to modules were not previously masked. * CVE-2021-20178 where several parameters to the snmp_facts module were logged and displayed despite containing sensitive information. * CVE-2021-20180 where several parameters to the bitbucket_pipeline_variable were logged and displayed despite containing sensitive information. * CVE-2021-20191 which addresses a number of modules whose parameters were logged and displayed despite containing sensitive information. For the full list of affected modules, refer to the changelog linked below. * Tue Jan 19 2021 Michael Ströder - update to version 2.9.17 with minor changes and a few bug fixes * Tue Dec 15 2020 Michael Ströder - update to version 2.9.16 with minor changes and many bug fixes * Tue Nov 03 2020 Michael Ströder - update to version 2.9.15 with following breaking change: * ansible-galaxy login command has been removed * Tue Oct 06 2020 Michael Ströder - update to version 2.9.14 with many small improvements and bug fixes, most notably: * kubectl - connection plugin now redact kubectl_token and kubectl_password in console log (CVE-2020-1753).- avoid trailing comments after %endif * Tue Sep 01 2020 Michael Ströder - update to version 2.9.13 with many bug fixes, most notably: * A security issue was addressed in the \"dnf\" module, which previously did not check GPG signatures of packages. * A bug in the \"cron\" module was fixed. In some cases prior to this fix, the module would inadvertently remove cron entries.- removed obsolete fix-cron-regression-71207.patch * Wed Aug 12 2020 Michael Ströder - added fix-cron-regression-71207.patch * Tue Aug 11 2020 Michael Ströder - update to version 2.9.12 with many bug fixes, most notably the following security fixes: * security issue - copy - Redact the value of the no_log \'content\' parameter in the result\'s invocation.module_args in check mode. Previously when used with check mode and with \'-vvv\', the module would not censor the content if a change would be made to the destination path. (CVE-2020-14332) * security issue atomic_move - change default permissions when creating temporary files so they are not world readable (https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736) * Fix warning for default permission change when no mode is specified. Follow up to https://github.com/ansible/ansible/issues/67794. (CVE-2020-1736) * Sanitize no_log values from any response keys that might be returned from the uri module (CVE-2020-14330). * reset logging level to INFO due to CVE-2019-14846. * Tue Jul 21 2020 Michael Ströder - update to version 2.9.11 with many bug fixes- removed ansible_bugfix_640.diff obsoleted by upstream update * Mon Jul 13 2020 Andrey Karepin - added ansible_bugfix_640.diff to fix gh#ansible-collections/community.general#640 * Mon Jun 22 2020 Michael Ströder - update to version 2.9.10 with many bug fixes.- removed CVE-2020-1744_avoid_mkdir_p.patch obsoleted by upstream update * Thu May 28 2020 Matej Cepl - Correct ID of CVE and rename the patch to CVE-2020-1744_avoid_mkdir_p.patch * Tue May 26 2020 Matej Cepl - Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140)- Add metadata information to this file to mark which SUSE bugzilla have been already fixed. * Tue May 12 2020 Michael Ströder - update to version 2.9.9 * fix for a regression introduced in 2.9.8 * Tue May 12 2020 Michael Ströder - update to version 2.9.8 maintenance release containing numerous bugfixes * Fri Apr 17 2020 Michael Ströder - update to version 2.9.7 with many bug fixes, especially for these security issues: - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - bsc#1167532 CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] * Mon Apr 06 2020 larsAATTlinux-schulserver.de - 2.9.6- create missing (empty) template and files directories for \'ansible-galaxy init\' during package build (fixes boo#1137479)- require python-xml on python 2 systems (boo#1142542) * Thu Mar 05 2020 Michael Ströder - update to version 2.9.6 (maintenance release) including these security issues: - bsc#1171162 CVE-2020-10729 two random password lookups in same task return same value * Thu Feb 13 2020 Michael Ströder - update to version 2.9.5 (maintenance release) * Tue Jan 28 2020 Michael Ströder - update to version 2.9.4 (maintenance release) - fix in yum module - security fixes: - bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone module via crafted solaris zone - bsc#1157969 CVE-2019-14905 malicious code could craft filename in nxos_file_copy module * Thu Jan 16 2020 Michael Ströder - update to version 2.9.3 (maintenance release) * security fixes - CVE-2019-14904 (solaris_zone module) (boo#1157968) - CVE-2019-14905 (nxos_file_copy module) (boo#1157969) * various bugfixes * Sun Dec 29 2019 Lars Vogdt - sync with upstream spec file (especially for RHEL & Fedora builds)- ran spec-cleaner- remove old SUSE targets (SLE-11, Leap 42.3 and below) This simplifies the spec file and makes building easier- Additional required packages for building: + python-boto3 and python-botocore for Amazon EC2 + python-jmespath for json queries + python-memcached for cloud modules and local caching of JSON formatted, per host records + python-redis for cloud modules and local caching of JSON formatted, per host records + python-requests for many web-based modules (cloud, network, netapp) => as the need for those packages depends on the usage of the tool, they are just recommended on openSUSE/SUSE machines- made dependencies for gitlab, vmware and winrm modules configurable, as most of their dependencies are not (yet) available on current openSUSE/SUSE distributions- exclude /usr/bin/pwsh from the automatic dependency generation, as the Windows Power Shell is not available (yet) on openSUSE/SUSE- build additional docs and split up ansible-doc package; moving changelogs, contrib and example directories there- prepare for building HTML documentation, but disable this per default for the moment, as not all package dependencies are available in openSUSE/SUSE (yet)- package some test scripts with executable permissions * Thu Dec 05 2019 Michael Ströder - update to version 2.9.2 maintenance release containing numerous bugfixes * Thu Nov 21 2019 Lars Vogdt - Create system directories that Ansible defines as default locations in ansible/config/base.yml- rephrase the summary line- Disable shebang munging for specific paths. These files are data files. ansible-test munges the shebangs itself. * Tue Nov 19 2019 Lars Vogdt - split out ansible-test package for module developers * Fri Nov 15 2019 larsAATTlinux-schulserver.de - 2.9.1- update to version 2.9.1 Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/ and also available online at https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst + CVE-2019-14864: fixed Splunk and Sumologic callback plugins leak sensitive data in logs (boo#1154830)- replace all #!/usr/bin/env lines to use #!/usr/bin/$1 directly * Sun Nov 03 2019 Johannes Kastl - added file \'/usr/bin/ansible-test\' to spec file * Fri Nov 01 2019 Johannes Kastl - Update to version 2.9.0: Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/ and also available online at https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst- Fixed among other this security bug: - bsc#1112959 CVE-2018-16837 Information leak in \"user\" module patch added * Sun Oct 27 2019 larsAATTlinux-schulserver.de- include the sha checksum file in the source, which allows to verify the original sources * Wed Oct 23 2019 - Update to version 2.8.6: Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/ and also available online at https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst Included security fixes: * CVE-2019-14846: Fixed secrets disclosure on logs due to display is hardcoded to DEBUG level (bsc#1153452) * CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (bsc#1154232) * CVE-2019-14858: Fixed data in the sub parameter fields that will not be masked and will be displayed when run with increased verbosity (bsc#1154231) * Fri Sep 13 2019 Lars Vogdt - Update to version 2.8.5: Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/ and also available online at https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst- removed patches fixed upstream: + CVE-2019-10206-data-disclosure.patch + CVE-2019-10217-gcp-modules-sensitive-fields.patch * Wed Aug 07 2019 Matej Cepl - Update to version 2.8.3: Full changelog is packaged, but also at https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst - (bsc#1137528) CVE-2019-10156: ansible: templating causing an unexpected key file to be set on remote node- (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing CVE-2019-10206: ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.- (bsc#1144453) Adds CVE-2019-10217-gcp-modules-sensitive-fields.patch CVE-2019-10217: Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks. * Sat Jun 08 2019 Lars Vogdt - Update to version 2.8.1 Full changelog is at /usr/share/doc/packages/ansible/changelogs/ Bugfixes - ------- - ACI - DO not encode query_string - ACI modules - Fix non-signature authentication - Add missing directory provided via ``--playbook-dir`` to adjacent collection loading - Fix \"Interface not found\" errors when using eos_l2_interface with nonexistant interfaces configured - Fix cannot get credential when `source_auth` set to `credential_file`. - Fix netconf_config backup string issue - Fix privilege escalation support for the docker connection plugin when credentials need to be supplied (e.g. sudo with password). - Fix vyos cli prompt inspection - Fixed loading namespaced documentation fragments from collections. - Fixing bug came up after running cnos_vrf module against coverity. - Properly handle data importer failures on PVC creation, instead of timing out. - To fix the ios static route TC failure in CI - To fix the nios member module params - To fix the nios_zone module idempotency failure - add terminal initial prompt for initial connection - allow include_role to work with ansible command - allow python_requirements_facts to report on dependencies containing dashes - asa_config fix - azure_rm_roledefinition - fix a small error in build scope. - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual network peering. - cgroup_perf_recap - When not using file_per_task, make sure we don\'t prematurely close the perf files - display underlying error when reporting an invalid ``tasks:`` block. - dnf - fix wildcard matching for state: absent - docker connection plugin - accept version ``dev`` as \'newest version\' and print warning. - docker_container - ``oom_killer`` and ``oom_score_adj`` options are available since docker-py 1.8.0, not 2.0.0 as assumed by the version check. - docker_container - fix network creation when ``networks_cli_compatible`` is enabled. - docker_container - use docker API\'s ``restart`` instead of ``stop``/``start`` to restart a container. - docker_image - if ``build`` was not specified, the wrong default for ``build.rm`` is used. - docker_image - if ``nocache`` set to ``yes`` but not ``build.nocache``, the module failed. - docker_image - module failed when ``source: build`` was set but ``build.path`` options not specified. - docker_network module - fix idempotency when using ``aux_addresses`` in ``ipam_config``. - ec2_instance - make Name tag idempotent - eos: don\'t fail modules without become set, instead show message and continue - eos_config: check for session support when asked to \'diff_against: session\' - eos_eapi: fix idempotency issues when vrf was unspecified. - fix bugs for ce - more info see - fix incorrect uses of to_native that should be to_text instead. - hcloud_volume - Fix idempotency when attaching a server to a volume. - ibm_storage - Added a check for null fields in ibm_storage utils module. - include_tasks - whitelist ``listen`` as a valid keyword - k8s - resource updates applied with force work correctly now - keep results subset also when not no_log. - meraki_switchport - improve reliability with native VLAN functionality. - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and clearing functionality - netapp_e_volumes - fix workload profileId indexing when no previous workload tags exist on the storage array. - nxos_acl some platforms/versions raise when no ACLs are present - nxos_facts fix - nxos_file_copy fix passwordless workflow - nxos_interface Fix admin_state check for n6k - nxos_snmp_traps fix group all for N35 platforms - nxos_snmp_user fix platform fixes for get_snmp_user - nxos_vlan mode idempotence bug - nxos_vlan vlan names containing regex ctl chars should be escaped - nxos_vtp_ * modules fix n6k issues - openssl_certificate - fix private key passphrase handling for ``cryptography`` backend. - openssl_pkcs12 - fixes crash when private key has a passphrase and the module is run a second time. - os_stack - Apply tags conditionally so that the module does not throw up an error when using an older distro of openstacksdk - pass correct loading context to persistent connections other than local - pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux - postgresql - added initial SSL related tests - postgresql - added missing_required_libs, removed excess param mapping - postgresql - move connect_to_db and get_pg_version into module_utils/postgres.py (https://github.com/ansible/ansible/pull/55514) - postgresql_db - add note to the documentation about state dump and the incorrect rc (https://github.com/ansible/ansible/pull/57297) - postgresql_db - fix for postgresql_db fails if stderr contains output - postgresql_ping - fixed a typo in the module documentation - preserve actual ssh error when we cannot connect. - route53_facts - the module did not advertise check mode support, causing it not to be run in check mode. - sysctl: the module now also checks the output of STDERR to report if values are correctly set (https://github.com/ansible/ansible/pull/55695) - ufw - correctly check status when logging is off - uri - always return a value for status even during failure - urls - Handle redirects properly for IPv6 address by not splitting on ``:`` and rely on already parsed hostname and port values - vmware_vm_facts - fix the support with regular ESXi - vyos_interface fix - we don\'t really need to template vars on definition as we do this on demand in templating. - win_acl - Fix qualifier parser when using UNC paths - - win_hostname - Fix non netbios compliant name handling - winrm - Fix issue when attempting to parse CLIXML on send input failure - xenserver_guest - fixed an issue where VM whould be powered off even though check mode is used if reconfiguration requires VM to be powered off. - xenserver_guest - proper error message is shown when maximum number of network interfaces is reached and multiple network interfaces are added at once. - yum - Fix false error message about autoremove not being supported - yum - fix failure when using ``update_cache`` standalone - yum - handle special \"_none_\" value for proxy in yum.conf and .repo files * Wed May 22 2019 Marcel Kuehlhorn - Update to version 2.8.0 Major changes: * Experimental support for Ansible Collections and content namespacing - Ansible content can now be packaged in a collection and addressed via namespaces. This allows for easier sharing, distribution, and installation of bundled modules/roles/plugins, and consistent rules for accessing specific content via namespaces. * Python interpreter discovery - The first time a Python module runs on a target, Ansible will attempt to discover the proper default Python interpreter to use for the target platform/version (instead of immediately defaulting to /usr/bin/python). You can override this behavior by setting ansible_python_interpreter or via config. (see https://github.com/ansible/ansible/pull/50163) * become - The deprecated CLI arguments for --sudo, --sudo-user, - -ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed, in favor of the more generic --become, --become-user, --become-method, and - -ask-become-pass. * become - become functionality has been migrated to a plugin architecture, to allow customization of become functionality and 3rd party become methods (https://github.com/ansible/ansible/pull/50991)- addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837 For the full changelog see /usr/share/doc/packages/ansible/changelogs or online: https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst * Thu Apr 04 2019 Michael Ströder - Update to version 2.7.10 Minor Changes- Catch all connection timeout related exceptions and raise AnsibleConnectionError instead- openssl_pkcs12, openssl_privatekey, openssl_publickey - These modules no longer delete the output file before starting to regenerate the output, or when generating the output failed. Bugfixes- Backport of https://github.com/ansible/ansible/pull/54105, pamd - fix idempotence issue when removing rules- Use custom JSON encoder in conneciton.py so that ansible objects (AnsibleVaultEncryptedUnicode, for example) can be sent to the persistent connection process- allow \'dict()\' jinja2 global to function the same even though it has changed in jinja2 versions- azure_rm inventory plugin - fix missing hostvars properties (https://github.com/ansible/ansible/pull/53046)- azure_rm inventory plugin - fix no nic type in vmss nic. (https://github.com/ansible/ansible/pull/53496)- deprecate {Get/Set}ManagerAttributes commands (https://github.com/ansible/ansible/issues/47590)- flatpak_remote - Handle empty output in remote_exists, fixes https://github.com/ansible/ansible/issues/51481- foreman - fix Foreman returning host parameters- get_url - Fix issue with checksum validation when using a file to ensure we skip lines in the file that do not contain exactly 2 parts. Also restrict exception handling to the minimum number of necessary lines (https://github.com/ansible/ansible/issues/48790)- grafana_datasource - Fixed an issue when running Python3 and using basic auth (https://github.com/ansible/ansible/issues/49147)- include_tasks - Fixed an unexpected exception if no file was given to include.- openssl_certificate - fix ``state=absent``.- openssl_certificate, openssl_csr, openssl_pkcs12, openssl_privatekey, openssl_publickey - The modules are now able to overwrite write-protected files (https://github.com/ansible/ansible/issues/48656).- openssl_dhparam - fix ``state=absent`` idempotency and ``changed`` flag.- openssl_pkcs12, openssl_privatekey - These modules now accept the output file mode in symbolic form or as a octal string (https://github.com/ansible/ansible/issues/53476).- openssl_publickey - fixed crash on Python 3 when OpenSSH private keys were used with passphrases.- openstack inventory plugin: allow \"constructed\" functionality (``compose``, ``groups``, and ``keyed_groups``) to work as documented.- random_mac - generate a proper MAC address when the provided vendor prefix is two or four characters (https://github.com/ansible/ansible/issues/50838)- replace - fix behavior when ``before`` and ``after`` are used together (https://github.com/ansible/ansible/issues/31354)- report correct CPU information on ARM systems (https://github.com/ansible/ansible/pull/52884)- slurp - Fix issues when using paths on Windows with glob like characters, e.g. ``[``, ``]``- ssh - Check the return code of the ssh process before raising AnsibleConnectionFailure, as the error message for the ssh process will likely contain more useful information. This will improve the missing interpreter messaging when using modules such as setup which have a larger payload to transfer when combined with pipelining. (https://github.com/ansible/ansible/issues/53487)- tower_settings - \'name\' and \'value\' parameters are always required, module can not be used in order to get a setting- win_acl - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``- win_acl_inheritance - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``- win_certificate_store - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``- win_chocolatey - Fix incompatibilities with the latest release of Chocolatey ``v0.10.12+``- win_copy - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``- win_file - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``- win_find - Ensure found files are sorted alphabetically by the path instead of it being random- win_find - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``- win_owner - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``- win_psexec - Support executables with a space in the path- win_reboot - Fix reboot command validation failure when running under the psrp connection plugin- win_tempfile - Always return the full NTFS absolute path and not a DOS 8.3 path.- win_user_right - Fix output containing non json data - https://github.com/ansible/ansible/issues/54413- windows - Fixed various module utils that did not work with path that had glob like chars- yum - fix disable_excludes on systems with yum rhn plugin enabled (https://github.com/ansible/ansible/issues/53134) * Sun Mar 17 2019 Michael Ströder - Update to version 2.7.9 Minor Changes * Add missing import for ConnectionError in edge and routeros module_utils. * ``to_yaml`` filter updated to maintain formatting consistency when used with ``pyyaml`` versions 5.1 and later (https://github.com/ansible/ansible/pull/53772) * docker_image * set ``changed`` to ``false`` when using ``force: yes`` to tag or push an image that ends up being identical to one already present on the Docker host or Docker registry. * jenkins_plugin * Set new default value for the update_url parameter (https://github.com/ansible/ansible/issues/52086) Bugfixes * Fix bug where some inventory parsing tracebacks were missing or reported under the wrong plugin. * Fix rabbitmq_plugin idempotence due to information message in new version of rabbitmq (https://github.com/ansible/ansible/pull/52166) * Fixed KeyError issue in vmware_host_config_manager when a supported option isn\'t already set (https://github.com/ansible/ansible/issues/44561). * Fixed issue related to --yaml flag in vmware_vm_inventory. Also fixed caching issue in vmware_vm_inventory (https://github.com/ansible/ansible/issues/52381). * If large integers are passed as options to modules under Python 2, module argument parsing will reject them as they are of type ``long`` and not of type ``int``. * allow nice error to work when auto plugin reads file w/o `plugin` field * ansible-doc * Fix traceback on providing arguemnt --all to ansible-doc command * azure_rm_virtualmachine_facts * fixed crash related to attached managed disks (https://github.com/ansible/ansible/issues/52181) * basic * modify the correct variable when determining available hashing algorithms to avoid errors when md5 is not available (https://github.com/ansible/ansible/issues/51355) * cloudscale * Fix compatibilty with Python3 in version 3.5 and lower. * convert input into text to ensure valid comparisons in nmap inventory plugin * dict2items * Allow dict2items to work with hostvars * dnsimple * fixed a KeyError exception related to record types handling. * docker_container * now returns warnings from docker daemon on container creation and updating. * docker_swarm * Fixed node_id parameter not working for node removal (https://github.com/ansible/ansible/issues/53501) * docker_swarm * do not crash with older docker daemons (https://github.com/ansible/ansible/issues/51175). * docker_swarm * fixes idempotency for the ``ca_force_rotate`` option. * docker_swarm * improve Swarm detection. * docker_swarm * improve idempotency checking; ``rotate_worker_token`` and ``rotate_manager_token`` are now also used when all other parameters have not changed. * docker_swarm * now supports docker-py 1.10.0 and newer for most operations, instead only docker 2.6.0 and newer. * docker_swarm * properly implement check mode (it did apply changes). * docker_swarm * the ``force`` option was ignored when ``state: present``. * docker_swarm_service * do basic validation of ``publish`` option if specified (must be list of dicts). * docker_swarm_service * don\'t crash when ``publish`` is not specified. * docker_swarm_service * fix problem with docker daemons which do not return ``UpdateConfig`` in the swarm service spec. * docker_swarm_service * the return value was documented as ``ansible_swarm_service``, but the module actually returned ``ansible_docker_service``. Documentation and code have been updated so that the variable is now called ``swarm_service``. In Ansible 2.7.x, the old name ``ansible_docker_service`` can still be used to access the result. * ec2 * if the private_ip has been provided for the new network interface it shouldn\'t also be added to top level parameters for run_instances() * fix DNSimple to ensure check works even when the number of records is larger than 100 * get_url * return no change in check mode when checksum matches * inventory plugins * Fix creating groups from composed variables by getting the latest host variables * inventory_aws_ec2 * fix no_log indentation so AWS temporary credentials aren\'t displayed in tests * jenkins_plugin * Prevent plugin to be reinstalled when state=present (https://github.com/ansible/ansible/issues/43728) * lvol * fixed ValueError when using float size (https://github.com/ansible/ansible/issues/32886, https://github.com/ansible/ansible/issues/29429) * mysql * MySQLdb doesn\'t import the cursors module for its own purposes so it has to be imported in MySQL module utilities before it can be used in dependent modules like the proxysql module family. * mysql * fixing unexpected keyword argument \'cursorclass\' issue after migration from MySQLdb to PyMySQL. * mysql_user: match backticks, single and double quotes when checking user privileges. * onepassword_facts * Fixes issues which prevented this module working with 1Password CLI version 0.5.5 (or greater). Older versions of the CLI were deprecated by 1Password and will no longer function. * openssl_certificate * ``has_expired`` correctly checks if the certificate is expired or not * openssl_certificate * fix Python 3 string/bytes problems for `notBefore`/`notAfter` for self-signed and ownCA providers. * openssl_certificate * make sure that extensions are actually present when their values should be checked. * openssl_csr * improve ``subject`` validation. * openssl_csr * improve error messages for invalid SANs. * play order is now applied under all circumstances, fixes * remote_management foreman * Fixed issue where it was impossible to createdelete a product because product was missing in dict choices ( https://github.com/ansible/ansible/issues/48594 ) * rhsm_repository * handle systems without any repos * skip invalid plugin after warning in loader * urpmi module * fixed issue * win_certificate_store * Fix exception handling typo * win_chocolatey * Fix issue when parsing a beta Chocolatey install * https://github.com/ansible/ansible/issues/52331 * win_chocolatey_source * fix bug where a Chocolatey source could not be disabled unless ``source`` was also set * https://github.com/ansible/ansible/issues/50133 * win_domain * Do not fail if DC is already promoted but a reboot is required, return ``reboot_required: True`` * win_domain * Fix when running without credential delegated authentication * https://github.com/ansible/ansible/issues/53182 * win_file * Fix issue when managing hidden files and directories * https://github.com/ansible/ansible/issues/42466 * winrm * attempt to recover from a WinRM send input failure if possible * zabbix_hostmacro: fixes truncation of macro contexts that contain colons (see https://github.com/ansible/ansible/pull/51853) New Plugins * vmware_vm_inventory * VMware Guest inventory source * Sat Mar 16 2019 Lars Vogdt - update URL (use SSL version of the URL)- prepare update for multiple releases (bsc#1102126, bsc#1109957) * Sun Feb 24 2019 Michael Ströder - Update to version 2.7.8 Minor Changes: * Raise AnsibleConnectionError on winrm connnection errors Bugfixes: * Backport of https://github.com/ansible/ansible/pull/46478 , fixes name collision in haproxy module * Fix aws_ec2 inventory plugin code to automatically populate regions when missing as documentation states, also leverage config system vs self default/type validation * Fix unexpected error when using Jinja2 native types with non-strict constructed keyed_groups (https://github.com/ansible/ansible/issues/52158). * If an ios module uses a section filter on a device which does not support it, retry the command without the filter. * acme_challenge_cert_helper * the module no longer crashes when the required ``cryptography`` library cannot be found. * azure_rm_managed_disk_facts * added missing implementation of listing managed disks by resource group * azure_rm_mysqlserver * fixed issues with passing parameters while updating existing server instance * azure_rm_postgresqldatabase * fix force_update bug (https://github.com/ansible/ansible/issues/50978). * azure_rm_postgresqldatabase * fix force_update bug. * azure_rm_postgresqlserver * fixed issues with passing parameters while updating existing server instance * azure_rm_sqlserver * fix for tags support * azure_rm_virtualmachine * fixed several crashes in module * azure_rm_virtualmachine_facts * fix crash when vm created from custom image * azure_rm_virtualmachine_facts * fixed crash related to VM with managed disk attached * ec2 * Correctly sets the end date of the Spot Instance request. Sets `ValidUntil` value in proper way so it will be auto-canceled through `spot_wait_timeout` interval. * openssl_csr * fixes idempotence problem with PyOpenSSL backend when no Subject Alternative Names were specified. * openstack inventory plugin * send logs from sdk to stderr so they do not combine with output * psrp * do not display bootstrap wrapper for each module exec run * redfish_utils * get standard properties for firmware entries (https://github.com/ansible/ansible/issues/49832) * remote home directory * Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828, bsc#1126503) (https://github.com/ansible/ansible/pull/52133) * ufw * when using ``state: reset`` in check mode, ``ufw --dry-run reset`` was executed, which causes a loss of firewall rules. The ``ufw`` module was adjusted to no longer run ``ufw --dry-run reset`` to prevent this from happening. * ufw: make sure that only valid values for ``direction`` are passed on. * update GetBiosBootOrder to use standard Redfish resources (https://github.com/ansible/ansible/issues/47571) * win become * Fix some scenarios where become failed to create an elevated process * win_psmodule * the NuGet package provider will be updated, if needed, to avoid issue under adding a repository * yum * Remove incorrect disable_includes error message when using disable_excludes (https://github.com/ansible/ansible/issues/51697) * yum * properly handle a proxy config in yum.conf for an unauthenticated proxy * Sat Feb 09 2019 Matthias Eliasson - Update to version 2.7.7 Minor Changes: * Allow check_mode with supports_generate_diff capability in cli_config. (https://github.com/ansible/ansible/pull/51417) * Fixed typo in vmware documentation fragment. Changed \"supported added\" to \"support added\". Bugfixes: * All K8S_AUTH_ * environment variables are now properly loaded by the k8s lookup plugin * Change backup file globbing for network _config modules so backing up one host\'s config will not delete the backed up config of any host whose hostname is a subset of the first host\'s hostname (e.g., switch1 and switch11) * Fixes bug where nios_a_record wasn\'t getting deleted if an uppercase named a_record was being passed. (https://github.com/ansible/ansible/pull/51539) * aci_aaa_user - Fix setting user description (https://github.com/ansible/ansible/issues/51406) * apt_repository - fixed failure under Python 3.7 (https://github.com/ansible/ansible/pull/47219) * archive - Fix check if archive is created in path to be removed * azure_rm inventory plugin - fix azure batch request (https://github.com/ansible/ansible/pull/50006) * cnos_backup - fixed syntax error (https://github.com/ansible/ansible/pull/47219) * cnos_image - fixed syntax error (https://github.com/ansible/ansible/pull/47219) * consul_kv - minor error-handling bugfix under Python 3.7 (https://github.com/ansible/ansible/pull/47219) * copy - align invocation in return value between check and normal mode * delegate_facts - fix to work properly under block and include_role (https://github.com/ansible/ansible/pull/51553) * docker_swarm_service - fix endpoint_mode and publish idempotency. * ec2_instance - Correctly adds description when adding a single ENI to the instance * ensure we have a XDG_RUNTIME_DIR, as it is not handled correctly by some privilege escalation configurations * file - Allow state=touch on file the user does not own https://github.com/ansible/ansible/issues/50943 * fix ansible-pull hanlding of extra args, complex quoting is needed for inline JSON * fix ansible_connect_timeout variable in network_cli,netconf,httpapi and nxos_install_os timeout check * netapp_e_storagepool - fixed failure under Python 3.7 (https://github.com/ansible/ansible/pull/47219) * onepassword_facts - Fix an issue looking up some 1Password items which have a \'password\' attribute alongside the \'fields\' attribute, not inside it. * prevent import_role from inserting dupe into roles: execution when duplicate signature role already exists in the section. * reboot - Fix bug where the connection timeout was not reset in the same task after rebooting * ssh connection - do not retry with invalid credentials to prevent account lockout (https://github.com/ansible/ansible/issues/48422) * systemd - warn when exeuting in a chroot environment rather than failing (https://github.com/ansible/ansible/pull/43904) * win_chocolatey - Fix hang when used with proxy for the first time - https://github.com/ansible/ansible/issues/47669 * win_power_plan - Fix issue where win_power_plan failed on newer Windows 10 builds - https://github.com/ansible/ansible/issues/43827 * Sun Jan 20 2019 Matthias Eliasson - update to version 2.7.6 Minor Changes: * Added documentation about using VMware dynamic inventory plugin. * Fixed bug around populating host_ip in hostvars in vmware_vm_inventory. * Image reference change in Azure VMSS is detected and applied correctly. * docker_volume - reverted changed behavior of force, which was released in Ansible 2.7.1 to 2.7.5, and Ansible 2.6.8 to 2.6.11. Volumes are now only recreated if the parameters changed and force is set to true (instead of or). This is the behavior which has been described in the documentation all the time. * set ansible_os_family from name variable in os-release * yum and dnf can now handle installing packages from URIs that are proxy redirects and don\'t end in the .rpm file extension Bugfixes: * Added log message at -vvvv when using netconf connection listing connection details. * Changes how ansible-connection names socket lock files. They now use the same name as the socket itself, and as such do not lock other attempts on connections to the same host, or cause issues with overly-long hostnames. * Fix mandatory statement error for junos modules (https://github.com/ansible/ansible/pull/50138) * Moved error in netconf connection plugin from at import to on connection. * This reverts some changes from commit 723daf3. If a line is found in the file, exactly or via regexp matching, it must not be added again. insertafter/insertbefore options are used only when a line is to be inserted, to specify where it must be added. * allow using openstack inventory plugin w/o a cache * callbacks - Do not filter out exception, warnings, deprecations on failure when using debug (https://github.com/ansible/ansible/issues/47576) * certificate_complete_chain - fix behavior when invalid file is parsed while reading intermediate or root certificates. * copy - Ensure that the src file contents is converted to unicode in diff information so that it is properly wrapped by AnsibleUnsafeText to prevent unexpected templating of diff data in Python3 (https://github.com/ansible/ansible/issues/45717) * correct behaviour of verify_file for vmware inventory plugin, it was always returning True * dnf - fix issue where conf_file was not being loaded properly * dnf - fix update_cache combined with install operation to not cause dnf transaction failure * docker_container - fix network_mode idempotency if the container: form is used (as opposed to container:) (https://github.com/ansible/ansible/issues/49794) * docker_container - warning when non-string env values are found, avoiding YAML parsing issues. Will be made an error in Ansible 2.8. (https://github.com/ansible/ansible/issues/49802) * docker_swarm_service - Document labels and container_labels with correct type. * docker_swarm_service - Document limit_memory and reserve_memory correctly on how to specify sizes. * docker_swarm_service - Document minimal API version for configs and secrets. * docker_swarm_service - fix use of Docker API so that services are not detected as present if there is an existing service whose name is a substring of the desired service * docker_swarm_service - fixing falsely reporting update_order as changed when option is not used. * document old option that was initally missed * ec2_instance now respects check mode https://github.com/ansible/ansible/pull/46774 * fix for network_cli - ansible_command_timeout not working as expected (#49466) * fix handling of firewalld port if protocol is missing * fix lastpass lookup failure on python 3 (https://github.com/ansible/ansible/issues/42062) * flatpak - Fixed Python 2/3 compatibility * flatpak - Fixed issue where newer versions of flatpak failed on flatpak removal * flatpak_remote - Fixed Python 2/3 compatibility * gcp_compute_instance - fix crash when the instance metadata is not set * grafana_dashboard - Fix a pair of unicode string handling issues with version checking (https://github.com/ansible/ansible/pull/49194) * host execution order - Fix reverse_inventory not to change the order of the items before reversing on python2 and to not backtrace on python3 * icinga2_host - fixed the issue with not working use_proxy option of the module. * influxdb_user - An unspecified password now sets the password to blank, except on existing users. This previously caused an unhandled exception. * influxdb_user - Fixed unhandled exception when using invalid login credentials (https://github.com/ansible/ansible/issues/50131) * openssl_ * - fix error when path contains a file name without path. * openssl_csr - fix problem with idempotency of keyUsage option. * openssl_pkcs12 - now does proper path expansion for ca_certificates. * os_security_group_rule - os_security_group_rule doesn\'t exit properly when secgroup doesn\'t exist and state=absent (https://github.com/ansible/ansible/issues/50057) * paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent \"Authentication timeout\" errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596) * purefa_facts and purefb_facts now correctly adds facts into main ansible_fact dictionary (https://github.com/ansible/ansible/pull/50349) * reboot - add appropriate commands to make the plugin work with VMware ESXi (https://github.com/ansible/ansible/issues/48425) * reboot - add support for rebooting AIX (https://github.com/ansible/ansible/issues/49712) * reboot - gather distribution information in order to support Alpine and other distributions (https://github.com/ansible/ansible/issues/46723) * reboot - search common paths for the shutdown command and use the full path to the binary rather than depending on the PATH of the remote system (https://github.com/ansible/ansible/issues/47131) * reboot - use a common set of commands for older and newer Solaris and SunOS variants (https://github.com/ansible/ansible/pull/48986) * redfish_utils - fix reference to local variable \'systems_service\' * setup - fix the rounding of the ansible_memtotal_mb value on VMWare vm\'s (https://github.com/ansible/ansible/issues/49608) * vultr_server - fixed multiple ssh keys were not handled. * win_copy - Fix copy of a dir that contains an empty directory - https://github.com/ansible/ansible/issues/50077 * win_firewall_rule - Remove invalid \'bypass\' action * win_lineinfile - Fix issue where a malformed json block was returned causing an error * win_updates - Correctly report changes on success
|
|
|