* Disallow use of remote home directories containing .. in their path
* Add CVE to changelog
(cherry picked from commit b34d141)
Co-authored-by: Matt Martz <matt@sivel.net>
* fix tempating issues with no_log and loops (#44468)
* fix tempating issues with no_log and loops
- task is no log if any item is
- added test cases
fixes#43294
(cherry picked from commit bda074d34e)
* use play context to avoid bug when jinja2+py3
(cherry picked from commit b0678e71a8)
* user: do not pass ssh_key_passphrase on cmdline
* user: do not pass ssh_key_passphrase on cmdline
CVE-2018-16837
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit a0aa53d1a1)
* Ignore user module use of subprocess.
(cherry picked from commit 8d00afc013)
* Fix python3 problem in user module cve fix
(cherry picked from commit 9088671c4e)
* Fix changelog entry for user module CVE fix
(cherry picked from commit 210a43ebeb)
(cherry picked from commit b618339c32)
* zap ignore entry
* Ensure that the value of PLUGIN_FILTERS_CFG is treated as type=path, and that we use the standard section of 'defaults' instead of 'default'
* deprecate the default section
* Don't add version_added for the corrected section
(cherry picked from commit 172137c)
Co-authored-by: Matt Martz <matt@sivel.net>
* Return correct version on installed VyOS (#39115)
* Return correct version on installed VyOS
Previously existing regexp will shows only "VyOS" without numeric output of router version.
For example: from "Version: VyOS 1.1.6" only VyOS will be written in ansible_net_version variable
For more informative output numeric value should be returned as well
* Fixed unittests
(cherry picked from commit 235b11f681)
* Added changelog
* [stable-2.5] [stable-2.7] Fix logic to not re-download existing files when force=no (#45495) (#45509)
* [stable-2.7] Fix logic to not re-download existing files when force=no (#45495)
* Fix logic to not re-download existing files when force=no. Fixes#45491
* Reduce logic complexity.
(cherry picked from commit 5785de582f)
Co-authored-by: Matt Martz <matt@sivel.net>
* Backport of get_url fix cannot use result
result was only added in 2.8+.
(cherry picked from commit 99171a9c6f)
Co-authored-by: Matt Martz <matt@sivel.net>
* Update get_url.py
* Don't pass file_name to DataLoader.load in script inventory plugin. Fixes#34164
* Add changelog fragment
(cherry picked from commit 263b9fa)
Co-authored-by: Matt Martz <matt@sivel.net>
* [stable-2.5] Don't allow import_tasks to transition to dynamic when file is missing. See #44822 (#44836)
(cherry picked from commit cd2f66f)
Co-authored-by: Matt Martz <matt@sivel.net>
* Look in task_ds, as we don't have action var in 2.5
There should be no warning if there is no ansible.cfg file i nthe
current working directory.
(cherry picked from commit f46c943)
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
* strip additional comments from /etc/default/passwd
Strip trailling comments from /etc/default/passwd like
MINWEEKS=1 #MINWEEKS=2
MAXWEEKS=12 # MAXWEEKS=8
Which otherwise cause failures with "failed to read /etc/default/passwd: too many values to unpack"
* fix carriage return typo in commit
* yet another typo in commit
* Fix indent problem
* add changelog fragment for PR 43931
(cherry picked from commit 5c1e620504)
This allows the use of variables in vars_prompt fields but allows variables entered in the prompt to affect play vars rather than throwing an undefined error.
Add tests for vars_prompt
(cherry picked from commit 6d38167d49)
The bundled selectors library which is used by the local and ssh
connection plugins had a bug which caused a traceback in a cornercase.
If selectors were in use and a syscall was interrupted, selectors would
attempt to restart the syscall after the interrupt was processed. if
the attempt determined that the timeout for running the syscall had
already expired, the code attempted to raise OSError. The raise was
using a Python3-ism and needed to be ported to work on Python2.
Fixes#41630
(cherry picked from commit e2e44f8)
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Only print warning when ansible.cfg is actually skipped
* Also add unittests for the find_ini_config_file function
* Add documentation on world writable current working directory
config files can no longer be loaded from a world writable current
working directory but the end user is allowed to specify that
explicitly. Give appropriate warnings and information on how.
Fixes#42388
(cherry picked from commit 30662bedad)
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
* openvswitch_db: Split key-value pairs correctly (#33335)
Map values can contain commas, e.g.
- name: Configure OVN bridge mapping
openvswitch_db:
state: present table: open_vswitch record: . col: external_ids key: ovn-bridge-mappings
value: '"vmnet-static:br-vmnet-st,vmnet-dynamic:br-vmnet-dyn"'
Previous behaviour was splitting the value and raised an exception.
(cherry picked from commit 3c53e2f8ea)
* openvswitch_db: Make 'key' parameter optional (#42110)
The OVSDB schema consists of typed columns. The 'key' parameter is
required only for columns with type of a 'map'. This patch makes 'key'
an optional parameter to allow setting values for other column types
like int.
Fixes#42108
(cherry picked from commit 26b0908270)
(cherry picked from commit 01097715fd9466c64bfb37d7604d095275a5e9d8)
* Make ios_vlan identify vlans starting with 9 (#42247)
* Make ios_vlan identify vlans starting with 9
* Add unit test for vlan id start with 9
(cherry picked from commit 70e33ef92c)
* Added changelog for ios_vlan fix