| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Conflicts:
- pkgs/development/python-modules/sphinx-autobuild/default.nix
|
|
The nixpkgs-unstable channel's programs.sqlite was used to identify
packages producing exactly one binary, and these automatically added
to their package definitions wherever possible.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ansible-later: use poetry-dynamic-versioning like upstream
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is an application, not a library.
|
|
This is an application, not a library.
https://ansible-doctor.geekdocs.de/usage/getting-started/
|
|
This is an application, not a library.
https://ansible-lint.readthedocs.io/usage/
|
|
- Drop pkgs/tools/admin/ansible and move everything into top-level and
throws into central aliases.nix
- Drop the Ansible 2.8 throw
- Remove Ansible 2.9/2.10, both will be EOL before the 22.05 release
- Remove Ansible 2.11, it will go EOL during the 22.05 release
- Expose the collections as `python3Packages.ansible`
Closes: #157591
|
|
And add an override for ansible_2_11 at 2.11.6.
|
|
|
|
The version went end of life on 2021/01/21.
|
|
|
|
|
|
This version went EOL on 2020/06/18.
|
|
|
|
|
|
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst#v2-8-13
|
|
Went EOL 2019/11/06.
https://access.redhat.com/support/policy/updates/ansible-engine
|
|
Ansible 2.9 is the latest release and in full support since 2019/11/06.
https://access.redhat.com/support/policy/updates/ansible-engine
|
|
|
|
|
|
Fixes: CVE-2020-10684, CVE-2020-1733, CVE-2020-1735, CVE-2020-1739, CVE-2020-1740
|
|
Fixes: CVE-2020-10684, CVE-2020-1733, CVE-2020-1735, CVE-2020-1739, CVE-2020-1740
|
|
Fixes #83105.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
|
|
|
|
|
|
|
This addresses the following security issues:
* CVE-2019-14846 - Several Ansible plugins could disclose aws
credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
lookup/aws_account_attribute.py, and lookup/aws_secret.py,
lookup/aws_ssm.py use the boto3 library from the Ansible process. The
boto3 library logs credentials at log level DEBUG. If Ansible's
logging was enabled (by setting LOG_PATH to a value) Ansible would set
the global log level to DEBUG. This was inherited by boto and would
then log boto credentials to the file specified by LOG_PATH. This did
not affect aws ansible modules as those are executed in a separate
process. This has been fixed by switching to log level INFO
* Convert CLI provided passwords to text initially, to prevent unsafe
context being lost when converting from bytes->text during post
processing of PlayContext. This prevents CLI provided passwords from
being incorrectly templated (CVE-2019-14856)
* properly hide parameters marked with no_log in suboptions when
invalid parameters are passed to the module (CVE-2019-14858)
* resolves CVE-2019-10206, by avoiding templating passwords from
prompt as it is probable they have special characters.
* Handle improper variable substitution that was happening in
safe_eval, it was always meant to just do 'type enforcement' and have
Jinja2 deal with all variable interpolation. Also see CVE-2019-10156
Changelog: https://github.com/ansible/ansible/blob/9bdb89f740a87bcf760424577ce18a8f68d7a741/changelogs/CHANGELOG-v2.6.rst
|
|
This fixes the following security issues:
* Ansible: Splunk and Sumologic callback plugins leak sensitive data
in logs (CVE-2019-14864)
* CVE-2019-14846 - Several Ansible plugins could disclose aws
credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
lookup/aws_account_attribute.py, and lookup/aws_secret.py,
lookup/aws_ssm.py use the boto3 library from the Ansible process. The
boto3 library logs credentials at log level DEBUG. If Ansible's
logging was enabled (by setting LOG_PATH to a value) Ansible would set
the global log level to DEBUG. This was inherited by boto and would
then log boto credentials to the file specified by LOG_PATH. This did
not affect aws ansible modules as those are executed in a separate
process. This has been fixed by switching to log level INFO
* Convert CLI provided passwords to text initially, to prevent unsafe
context being lost when converting from bytes->text during post
processing of PlayContext. This prevents CLI provided passwords from
being incorrectly templated (CVE-2019-14856)
* properly hide parameters marked with no_log in suboptions when invalid
parameters are passed to the module (CVE-2019-14858)
* resolves CVE-2019-10206, by avoiding templating passwords from
prompt as it is probable they have special characters.
* Handle improper variable substitution that was happening in
safe_eval, it was always meant to just do 'type enforcement' and have
Jinja2 deal with all variable interpolation. Also see CVE-2019-10156
Changelog: https://github.com/ansible/ansible/blob/0623dedf2d9c4afc09e5be30d3ef249f9d1ebece/changelogs/CHANGELOG-v2.7.rst#v2-7-15
|
|
Ansible 2.5 has reached EOL in May 21, 2019
https://access.redhat.com/support/policy/updates/ansible-engine
|
|
|
|
|
|
|
|
|
