Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ansible-core for openSUSE:Factory checked in at 2023-12-13 18:34:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ansible-core (Old) and /work/SRC/openSUSE:Factory/.ansible-core.new.25432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ansible-core" Wed Dec 13 18:34:53 2023 rev:22 rq:1132748 version:2.15.8 Changes: -------- --- /work/SRC/openSUSE:Factory/ansible-core/ansible-core.changes 2023-12-05 17:03:32.289859621 +0100 +++ /work/SRC/openSUSE:Factory/.ansible-core.new.25432/ansible-core.changes 2023-12-13 18:35:00.770515877 +0100 @@ -1,0 +2,14 @@ +Tue Dec 12 17:22:59 UTC 2023 - Johannes Kastl <ka...@b1-systems.de> + +- update to 2.15.8: + * Minor Changes + - ansible-test - Add FreeBSD 13.2 remote. + - ansible-test - Removed freebsd/13.1 remote. + * Bugfixes + - unsafe data - Address an incompatibility when iterating or + getting a single index from AnsibleUnsafeBytes + - unsafe data - Address an incompatibility with + AnsibleUnsafeText and AnsibleUnsafeBytes when pickling with + protocol=0 + +------------------------------------------------------------------- Old: ---- ansible-core-2.15.7.tar.gz New: ---- ansible-core-2.15.8.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ansible-core.spec ++++++ --- /var/tmp/diff_new_pack.m5GePg/_old 2023-12-13 18:35:01.394538934 +0100 +++ /var/tmp/diff_new_pack.m5GePg/_new 2023-12-13 18:35:01.394538934 +0100 @@ -38,7 +38,7 @@ %endif Name: ansible-core -Version: 2.15.7 +Version: 2.15.8 Release: 0 Summary: Radically simple IT automation License: GPL-3.0-or-later ++++++ ansible-core-2.15.7.tar.gz -> ansible-core-2.15.8.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/PKG-INFO new/ansible-core-2.15.8/PKG-INFO --- old/ansible-core-2.15.7/PKG-INFO 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/PKG-INFO 2023-12-11 21:48:45.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: ansible-core -Version: 2.15.7 +Version: 2.15.8 Summary: Radically simple IT automation Home-page: https://ansible.com/ Author: Ansible, Inc. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/changelogs/CHANGELOG-v2.15.rst new/ansible-core-2.15.8/changelogs/CHANGELOG-v2.15.rst --- old/ansible-core-2.15.7/changelogs/CHANGELOG-v2.15.rst 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/changelogs/CHANGELOG-v2.15.rst 2023-12-11 21:48:45.000000000 +0100 @@ -5,6 +5,28 @@ .. contents:: Topics +v2.15.8 +======= + +Release Summary +--------------- + +| Release Date: 2023-12-11 +| `Porting Guide <https://docs.ansible.com/ansible-core/2.15/porting_guides/porting_guide_core_2.15.html>`__ + + +Minor Changes +------------- + +- ansible-test - Add FreeBSD 13.2 remote. +- ansible-test - Removed `freebsd/13.1` remote. + +Bugfixes +-------- + +- unsafe data - Address an incompatibility when iterating or getting a single index from ``AnsibleUnsafeBytes`` +- unsafe data - Address an incompatibility with ``AnsibleUnsafeText`` and ``AnsibleUnsafeBytes`` when pickling with ``protocol=0`` + v2.15.7 ======= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/changelogs/changelog.yaml new/ansible-core-2.15.8/changelogs/changelog.yaml --- old/ansible-core-2.15.7/changelogs/changelog.yaml 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/changelogs/changelog.yaml 2023-12-11 21:48:45.000000000 +0100 @@ -1275,3 +1275,25 @@ - restore_role_param_precedence.yml - wait_for_mmap.yml release_date: '2023-11-27' + 2.15.8: + changes: + bugfixes: + - unsafe data - Address an incompatibility when iterating or getting a single + index from ``AnsibleUnsafeBytes`` + - unsafe data - Address an incompatibility with ``AnsibleUnsafeText`` and ``AnsibleUnsafeBytes`` + when pickling with ``protocol=0`` + minor_changes: + - ansible-test - Add FreeBSD 13.2 remote. + - ansible-test - Removed `freebsd/13.1` remote. + release_summary: '| Release Date: 2023-12-11 + + | `Porting Guide <https://docs.ansible.com/ansible-core/2.15/porting_guides/porting_guide_core_2.15.html>`__ + + ' + codename: Ten Years Gone + fragments: + - 2.15.8_summary.yaml + - ci_freebsd_new.yml + - fbsd13_1_remove.yml + - unsafe-fixes-2.yml + release_date: '2023-12-11' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/lib/ansible/module_utils/ansible_release.py new/ansible-core-2.15.8/lib/ansible/module_utils/ansible_release.py --- old/ansible-core-2.15.7/lib/ansible/module_utils/ansible_release.py 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/lib/ansible/module_utils/ansible_release.py 2023-12-11 21:48:45.000000000 +0100 @@ -19,6 +19,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -__version__ = '2.15.7' +__version__ = '2.15.8' __author__ = 'Ansible, Inc.' __codename__ = "Ten Years Gone" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/lib/ansible/release.py new/ansible-core-2.15.8/lib/ansible/release.py --- old/ansible-core-2.15.7/lib/ansible/release.py 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/lib/ansible/release.py 2023-12-11 21:48:45.000000000 +0100 @@ -19,6 +19,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -__version__ = '2.15.7' +__version__ = '2.15.8' __author__ = 'Ansible, Inc.' __codename__ = "Ten Years Gone" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/lib/ansible/utils/unsafe_proxy.py new/ansible-core-2.15.8/lib/ansible/utils/unsafe_proxy.py --- old/ansible-core-2.15.7/lib/ansible/utils/unsafe_proxy.py 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/lib/ansible/utils/unsafe_proxy.py 2023-12-11 21:48:45.000000000 +0100 @@ -71,6 +71,9 @@ def _strip_unsafe(self): return super().__bytes__() + def __reduce__(self, /): + return (self.__class__, (self._strip_unsafe(),)) + def __str__(self, /): # pylint: disable=invalid-str-returned return self.decode() @@ -84,12 +87,10 @@ return AnsibleUnsafeText(super().__format__(format_spec)) def __getitem__(self, key, /): + if isinstance(key, int): + return super().__getitem__(key) return self.__class__(super().__getitem__(key)) - def __iter__(self, /): - cls = self.__class__ - return (cls(c) for c in super().__iter__()) - def __reversed__(self, /): return self[::-1] @@ -192,6 +193,9 @@ def _strip_unsafe(self, /): return super().__str__() + def __reduce__(self, /): + return (self.__class__, (self._strip_unsafe(),)) + def __str__(self, /): # pylint: disable=invalid-str-returned return self diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/lib/ansible_core.egg-info/PKG-INFO new/ansible-core-2.15.8/lib/ansible_core.egg-info/PKG-INFO --- old/ansible-core-2.15.7/lib/ansible_core.egg-info/PKG-INFO 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/lib/ansible_core.egg-info/PKG-INFO 2023-12-11 21:48:45.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: ansible-core -Version: 2.15.7 +Version: 2.15.8 Summary: Radically simple IT automation Home-page: https://ansible.com/ Author: Ansible, Inc. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/test/integration/targets/filter_urls/tasks/main.yml new/ansible-core-2.15.8/test/integration/targets/filter_urls/tasks/main.yml --- old/ansible-core-2.15.7/test/integration/targets/filter_urls/tasks/main.yml 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/test/integration/targets/filter_urls/tasks/main.yml 2023-12-11 21:48:45.000000000 +0100 @@ -19,6 +19,13 @@ - "{'foo': 'bar', 'baz': 'buz'}|urlencode == 'foo=bar&baz=buz'" - "()|urlencode == ''" +- name: verify urlencode works for unsafe strings + assert: + that: + - thing|urlencode == 'foo%3Abar' + vars: + thing: !unsafe foo:bar + # Needed (temporarily) due to coverage reports not including the last task. - assert: that: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/test/integration/targets/subversion/roles/subversion/defaults/main.yml new/ansible-core-2.15.8/test/integration/targets/subversion/roles/subversion/defaults/main.yml --- old/ansible-core-2.15.7/test/integration/targets/subversion/roles/subversion/defaults/main.yml 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/test/integration/targets/subversion/roles/subversion/defaults/main.yml 2023-12-11 21:48:45.000000000 +0100 @@ -3,8 +3,7 @@ subversion_test_dir: /tmp/ansible-svn-test-dir subversion_server_dir: /tmp/ansible-svn # cannot use a path in the home dir without userdir or granting exec permission to the apache user subversion_repo_name: ansible-test-repo -subversion_repo_url: http://127.0.0.1:{{ apache_port }}/svn/{{ subversion_repo_name }} -subversion_repo_auth_url: http://127.0.0.1:{{ apache_port }}/svnauth/{{ subversion_repo_name }} +subversion_repo_url: https://localhost:{{ apache_port }}/svn/{{ subversion_repo_name }} # svn can't verify TLS certificates against IP addresses +subversion_repo_auth_url: https://localhost:{{ apache_port }}/svnauth/{{ subversion_repo_name }} subversion_username: subsvn_user''' subversion_password: Password123! -subversion_external_repo_url: https://github.com/ansible/ansible.github.com # GitHub serves SVN diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/test/integration/targets/subversion/roles/subversion/tasks/setup.yml new/ansible-core-2.15.8/test/integration/targets/subversion/roles/subversion/tasks/setup.yml --- old/ansible-core-2.15.7/test/integration/targets/subversion/roles/subversion/tasks/setup.yml 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/test/integration/targets/subversion/roles/subversion/tasks/setup.yml 2023-12-11 21:48:45.000000000 +0100 @@ -33,6 +33,60 @@ include_tasks: setup_selinux.yml when: ansible_selinux.status == "enabled" +- name: Generate CA and TLS certificates via trustme + vars: + venv_path: >- + {{ subversion_server_dir }}/.venv + venv_python: >- + {{ subversion_server_dir }}/.venv/bin/python + block: + - name: trustme -- provision a venv + command: >- + {{ ansible_python_interpreter }} + -{% if ansible_python.version.major != 2 %}I{% endif %}m + {% if ansible_python.version.major != 2 %}venv{% + else %}virtualenv{% endif %} + + {{ venv_path }} + - name: trustme -- upgrade pip in venv | RHEL 7.9 & 8.8+py36 + when: >- # these don't know how to notice `cryptography` wheels + ansible_distribution == 'RedHat' + and ansible_distribution_major_version | int < 9 + pip: + name: pip + state: latest + virtualenv: >- + {{ venv_path }} + - name: trustme -- install tool + pip: + name: trustme + virtualenv: >- + {{ venv_path }} + - name: trustme -- generate CA and TLS certs + command: + argv: + - >- + {{ venv_python }} + - -{%- if ansible_python.version.major != 2 -%}I{%- endif -%}m + - trustme + - --dir={{ subversion_server_dir }} + +- name: symlink trustme certificates into apache config dir - Red Hat + when: ansible_os_family in ['RedHat'] + # when: ansible_distribution in ['Fedora', 'RedHat'] + file: + src: /tmp/ansible-svn/server.{{ item.trustme_filetype }} + dest: /etc/pki/tls/{{ item.apache_target_path }} + state: link + force: yes # Othewise Apache on CentOS 7 uses its own fake certificate + loop: + - apache_target_path: certs/localhost.crt + trustme_filetype: pem + - apache_target_path: certs/server-chain.crt + trustme_filetype: pem + - apache_target_path: private/localhost.key + trustme_filetype: key + - name: template out configuration file template: src: subversion.conf.j2 @@ -66,3 +120,14 @@ async: 3600 # We kill apache manually in the clean up phase poll: 0 when: ansible_os_family in ['RedHat'] + +- lineinfile: + dest: >- + {{ ansible_env.HOME }}/.subversion/servers + regexp: >- + ^#\s*ssl-authority-files\s*=\s* + line: >- + ssl-authority-files = {{ subversion_server_dir }}/client.pem + insertafter: >- + ^\[global\] + state: present diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/test/integration/targets/subversion/roles/subversion/tasks/tests.yml new/ansible-core-2.15.8/test/integration/targets/subversion/roles/subversion/tasks/tests.yml --- old/ansible-core-2.15.7/test/integration/targets/subversion/roles/subversion/tasks/tests.yml 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/test/integration/targets/subversion/roles/subversion/tasks/tests.yml 2023-12-11 21:48:45.000000000 +0100 @@ -18,10 +18,11 @@ # checks out every branch so using a small repo -- name: initial checkout +- name: initial checkout with validate_certs=true subversion: repo: '{{ subversion_repo_url }}' dest: '{{ subversion_test_dir }}/svn' + validate_certs: yes register: subverted - name: check if dir was checked out @@ -130,16 +131,27 @@ - "export_branches.stat.isdir" - "subverted4.changed" -- name: clone a small external repo with validate_certs=true +- name: unconfigure client-side TLS trust + block: + - name: remove TLS CA chain file path from the SVN config + lineinfile: + dest: >- + {{ ansible_env.HOME }}/.subversion/servers + regexp: >- + ^(?:#)?\s*ssl-authority-files\s*=\s* + state: absent + - name: drop the client TLS CA chain file + file: + path: >- + {{ subversion_server_dir }}/client.pem + state: absent + +- name: >- + clone a HTTPS-accessible repo with validate_certs=false + and untrusted CA over TLS subversion: - repo: "{{ subversion_external_repo_url }}" - dest: "{{ subversion_test_dir }}/svn-external1" - validate_certs: yes - -- name: clone a small external repo with validate_certs=false - subversion: - repo: "{{ subversion_external_repo_url }}" - dest: "{{ subversion_test_dir }}/svn-external2" + repo: '{{ subversion_repo_url }}' + dest: '{{ subversion_test_dir }}/svn-untrusted-tls' validate_certs: no # TBA: test for additional options or URL variants welcome diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 new/ansible-core-2.15.8/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 --- old/ansible-core-2.15.7/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 2023-12-11 21:48:45.000000000 +0100 @@ -19,6 +19,7 @@ LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent +Include mods-available/ssl.load IncludeOptional mods-enabled/*.load IncludeOptional mods-enabled/*.conf IncludeOptional conf-enabled/*.conf @@ -32,6 +33,7 @@ {% elif ansible_os_family == "FreeBSD" %} Include /usr/local/etc/apache24/httpd.conf +LoadModule ssl_module libexec/apache24/mod_ssl.so LoadModule dav_module libexec/apache24/mod_dav.so LoadModule dav_svn_module libexec/apache24/mod_dav_svn.so LoadModule authz_svn_module libexec/apache24/mod_authz_svn.so @@ -48,7 +50,14 @@ {% endif %} PidFile {{ subversion_server_dir }}/apache.pid -Listen 127.0.0.1:{{ apache_port }} +Listen 127.0.0.1:{{ apache_port }} https +{% if ansible_distribution not in ["Alpine", "CentOS", "Fedora", "openSUSE Leap", "Ubuntu"] %} +Listen [::1]:{{ apache_port }} https +{% endif %} +SSLEngine on +SSLCertificateFile {{ subversion_server_dir }}/server.pem +SSLCertificateKeyFile {{ subversion_server_dir }}/server.key +SSLCertificateChainFile {{ subversion_server_dir }}/server.pem ErrorLog {{ subversion_server_dir }}/apache2-error.log <Location /svn> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/test/integration/targets/subversion/vars/Alpine.yml new/ansible-core-2.15.8/test/integration/targets/subversion/vars/Alpine.yml --- old/ansible-core-2.15.7/test/integration/targets/subversion/vars/Alpine.yml 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/test/integration/targets/subversion/vars/Alpine.yml 2023-12-11 21:48:45.000000000 +0100 @@ -5,5 +5,6 @@ - apache2-webdav - apache2-utils - apache2-ctl +- apache2-ssl apache_user: apache apache_group: apache diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/test/integration/targets/subversion/vars/RedHat.yml new/ansible-core-2.15.8/test/integration/targets/subversion/vars/RedHat.yml --- old/ansible-core-2.15.7/test/integration/targets/subversion/vars/RedHat.yml 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/test/integration/targets/subversion/vars/RedHat.yml 2023-12-11 21:48:45.000000000 +0100 @@ -1,6 +1,7 @@ --- subversion_packages: - mod_dav_svn +- mod_ssl - subversion upgrade_packages: # prevent sqlite from being out-of-sync with the version subversion was compiled with diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/test/integration/targets/subversion/vars/Ubuntu-20.yml new/ansible-core-2.15.8/test/integration/targets/subversion/vars/Ubuntu-20.yml --- old/ansible-core-2.15.7/test/integration/targets/subversion/vars/Ubuntu-20.yml 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/test/integration/targets/subversion/vars/Ubuntu-20.yml 2023-12-11 21:48:45.000000000 +0100 @@ -1,5 +1,7 @@ --- subversion_packages: +- apache2 # /usr/sbin/apachectl +- apache2-utils # htpasswd - subversion - libapache2-mod-svn apache_user: www-data diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ansible-core-2.15.7/test/lib/ansible_test/_data/completion/remote.txt new/ansible-core-2.15.8/test/lib/ansible_test/_data/completion/remote.txt --- old/ansible-core-2.15.7/test/lib/ansible_test/_data/completion/remote.txt 2023-12-04 22:46:37.000000000 +0100 +++ new/ansible-core-2.15.8/test/lib/ansible_test/_data/completion/remote.txt 2023-12-11 21:48:45.000000000 +0100 @@ -4,7 +4,7 @@ fedora/38 python=3.11 become=sudo provider=aws arch=x86_64 fedora become=sudo provider=aws arch=x86_64 freebsd/12.4 python=3.9 python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64 -freebsd/13.1 python=3.8,3.7,3.9,3.10 python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64 +freebsd/13.2 python=3.8,3.7,3.9,3.10 python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64 freebsd python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64 macos/13.2 python=3.11 python_dir=/usr/local/bin become=sudo provider=parallels arch=x86_64 macos python_dir=/usr/local/bin become=sudo provider=parallels arch=x86_64
