diff options
Diffstat (limited to 'app-admin/ansible')
-rw-r--r-- | app-admin/ansible/Manifest | 11 | ||||
-rw-r--r-- | app-admin/ansible/ansible-2.10.0-r2.ebuild (renamed from app-admin/ansible/ansible-2.9.13.ebuild) | 30 | ||||
-rw-r--r-- | app-admin/ansible/ansible-2.10.0.ebuild | 69 | ||||
-rw-r--r-- | app-admin/ansible/ansible-2.10.1.ebuild (renamed from app-admin/ansible/ansible-2.9.12.ebuild) | 28 | ||||
-rw-r--r-- | app-admin/ansible/ansible-9999.ebuild | 26 | ||||
-rw-r--r-- | app-admin/ansible/files/ansible-2.10.0-CVE-2020-25635-6.patch | 54 |
6 files changed, 117 insertions, 101 deletions
diff --git a/app-admin/ansible/Manifest b/app-admin/ansible/Manifest index c1afa7e4c554..b3d3d1a1d5ca 100644 --- a/app-admin/ansible/Manifest +++ b/app-admin/ansible/Manifest @@ -1,8 +1,7 @@ +AUX ansible-2.10.0-CVE-2020-25635-6.patch 2961 BLAKE2B bd023424bb075a743881056d6e0c0c194ae56cde0ed3b9aad2ef5a2f75d6a63994a0455a896e6e9f16cacd0f1c3438eb45cd2352d4f4b53810f19728b5a7de5e SHA512 36bb9321e9524d04f06d7156ad6f7f72ce4bd75332437a33ff49c226e12e8e4f8cd82976ccb0c02076ee95de762988d6783a2ed00453b1b8893fe8127847bc30 DIST ansible-2.10.0.tar.gz 25454980 BLAKE2B 91f930518b90b36aa2c21f553092233059fada86fd1674c9c6e881484b1bd4e68a3eaa05d82e15115906e55da99c43394c3de36a898e26bb222f780b82f8a5bd SHA512 878036f06e1705e4392223bda210b2acae0232069d0cec02a47f13f6b3bc6c9538fb515a2d2dc6003695bcf0915fdd3dfc5b8dc59355e37e2ca8fa48bbd79657 -DIST ansible-2.9.12.tar.gz 14260349 BLAKE2B 6d7fdc82489df755196b890b39c166e9639c94e4238b4bf33686a3ab17fcc92c6b3a05f80e1276795b966aaa318ec7d9003099950102c014adb1a5d730928633 SHA512 6c05c49e363d4d68516dfea448cead3e2c281d1288c9467a0b6dd083504f303df694ed1c5957ae6582b28acc937d12d13333254328e13bac430b9b7fa4354f23 -DIST ansible-2.9.13.tar.gz 14261322 BLAKE2B 5de939a99cd703eaf240f536a9a4b707e3931364647782dde2bbebd5b755253594cbb1cf8c4e9f22a14fca85c9f018ee6ea26bce1cbe2145ba72e5f5ec313670 SHA512 cb08adf62df0f3650425a5d960baadd7439c7c1e95b8f9df3d08e7504f9622b9e5f7104b8700b0f1e9fe318d349a6a5728e9178f0193fb4a190456e30a2f1eb2 -EBUILD ansible-2.10.0.ebuild 1793 BLAKE2B d28af2621729fe04a885e1c453aa95b7541ffea6064d127046882793b472c37b7cee7df68088bada6111946cee1671d1382a1413527a22c1cebdf2465fc083f7 SHA512 e5a0c899b16e2948e03601559d525d3f46e430e4a805872d30b76dbc65afaa30850de7234ca92f6a6782eef3e7ab38fe565f13eb51899714bc1e3a20a91b6e71 -EBUILD ansible-2.9.12.ebuild 1761 BLAKE2B 6107712ccf535e58d00972c73b6a07b40d09b1b3180a69a4cbb0909d9de532d1f4c2699e51ad2b280fa66ff854d69a5e65c01530a527f600e45ba31c5fba8f5e SHA512 a53f8f993f8f77ddbeb41948a2a1dc1943f86784984ecad49ccd099d65af2faba7467f927193fa25bee6125baf9c9ee460986ea7d04ff7e78cd588c9e4a1621e -EBUILD ansible-2.9.13.ebuild 1763 BLAKE2B 968a38a35b853ead47f04d4094cb86be79972d5d13415272472776403e63e160842a6cc7e3d1c936efc80a6945fd580d56cfdad185f9efa7ad2ce161b58c4b2e SHA512 bb0dbd464c6c3edfb4aad153e1b558b1e1e4bc076b6ca787b17aed61b9d7a21505c65a3b345a02528a41598bf9a558f5ea4f300152fefa7aa8a5af008d294b9a -EBUILD ansible-9999.ebuild 1747 BLAKE2B 8f93eabc728ab74ad23a341e1d58bedd9547562532eb55f43d1045d67a17a9ea4bc4cc8c8a386b4791bc5010713d1d4769970dc660ea126499fb172f2fc1fcb5 SHA512 e36d1d4adc1136e01a294c361ec18cd611dc2e7ac4061d139efb6fda14b3e396a3503200fa2c371865c78c38ec8b27db3c24e9329785d2f833da95e6f2cd7532 +DIST ansible-2.10.1.tar.gz 25851704 BLAKE2B f9f42ab9f7864a48f0d960b4e8149dfba3ece6c4b01c08db59f9ba5fbcd39771c7b315bf7c9853641d15c2bb6319c9b9ebc791440fc8933780895024c9b74c12 SHA512 46bbbfb22e5c3715df0069d420b174877dffd59f91613779e7057648d15751d528a9cb57357709d0c04a507a60e20c87b109ba1904e1f313441cf5832ba93b5e +EBUILD ansible-2.10.0-r2.ebuild 1985 BLAKE2B 30885a55981450ae698183239f9659e770e5afafb774722dc4dfeb48789c3b4e8985f39e917ff497911f84363dceaf1bdf7c2d45537c8f6e3bf21e57fc88a67e SHA512 e48e28eaf5ee8bfa2e54e3245b448105e6687cca172ba1f3fba5b68b2c165a16045d94f5794b936426658bdc53883342aaf7fc7a4eb4bb7ef7b3bb8bc0e014b9 +EBUILD ansible-2.10.1.ebuild 1923 BLAKE2B 63317a87180642d280eabbb19f5858b3d45a87b6aa503ff2f86bfb0d04accbbf2269ad6ede57b6617d3e7252844f0839e487f06c87abe5062eed2be02cdbe0ae SHA512 57478bab16bb0432ef913f8402ac239b7882d47d7c1e4c0c01c01607c35b0604d1c0f9eabb816f0fd3164373fe7bb3dab020c5876515ea100c135ed2e6de19cb +EBUILD ansible-9999.ebuild 1937 BLAKE2B 98ab62b10f1d118b9d491639800cf12c61d89c76d7c825bee3f944baec488d7de3ac699e8e4ee024ce80b97ecc5625fdffa04c32b1a6590c3c2dd73103b9ca60 SHA512 c067bbb92042d932316ee2a26f43f974586eff96b8f5f679a8b51e4a66f2e6a7c532edc0d0bf996bf665a875c7af61e29d6fb5ac1b4ac10896140e77004778c8 MISC metadata.xml 952 BLAKE2B 53640d081ebb558274f8c10095aa6e477820e28a7fdf62c169f5fb3b82153223a7f8ecd1807d14646eae2ec2262b50341919bbb13255293d379ba017b30b20bd SHA512 03b75d65cd0a4b32021b34d9f7ba21b6c4c6893cf185a36dbe6fc10728e0f18c65fc5b6a4c197be8c2b1dadb7243ddce02dbe2f504034a2df1c621f8ba6e26a7 diff --git a/app-admin/ansible/ansible-2.9.13.ebuild b/app-admin/ansible/ansible-2.10.0-r2.ebuild index 7a568caa73b3..eae0967a94af 100644 --- a/app-admin/ansible/ansible-2.9.13.ebuild +++ b/app-admin/ansible/ansible-2.10.0-r2.ebuild @@ -3,17 +3,26 @@ EAPI=7 -PYTHON_COMPAT=( python3_{6,7} ) +PYTHON_COMPAT=( python3_{6..9} ) +DISTUTILS_USE_SETUPTOOLS=bdepend inherit distutils-r1 eutils DESCRIPTION="Model-driven deployment, config management, and command execution framework" HOMEPAGE="https://ansible.com/" -SRC_URI="https://releases.ansible.com/${PN}/${P}.tar.gz" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/ansible/ansible.git" + EGIT_BRANCH="devel" + KEYWORDS="" +else + SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" + KEYWORDS="amd64 ~arm arm64 ~ppc64 x86 ~x64-macos" +fi LICENSE="GPL-3" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86 ~x64-macos" IUSE="doc test" RESTRICT="test" @@ -21,7 +30,6 @@ RDEPEND=" dev-python/paramiko[${PYTHON_USEDEP}] dev-python/jinja[${PYTHON_USEDEP}] dev-python/pyyaml[${PYTHON_USEDEP}] - dev-python/setuptools[${PYTHON_USEDEP}] dev-python/cryptography[${PYTHON_USEDEP}] dev-python/httplib2[${PYTHON_USEDEP}] dev-python/six[${PYTHON_USEDEP}] @@ -29,12 +37,11 @@ RDEPEND=" dev-python/pexpect[${PYTHON_USEDEP}] net-misc/sshpass virtual/ssh - !app-admin/ansible-base + app-admin/ansible-base " DEPEND=" - !app-admin/ansible-base - dev-python/setuptools[${PYTHON_USEDEP}] >=dev-python/packaging-16.6[${PYTHON_USEDEP}] + app-admin/ansible-base doc? ( dev-python/sphinx[${PYTHON_USEDEP}] dev-python/sphinx-notfound-page[${PYTHON_USEDEP}] @@ -50,6 +57,13 @@ DEPEND=" dev-vcs/git )" +PATCHES=( "${FILESDIR}/ansible-2.10.0-CVE-2020-25635-6.patch" ) + +python_compile() { + export ANSIBLE_SKIP_CONFLICT_CHECK=1 + distutils-r1_python_compile +} + python_compile_all() { if use doc; then cd docs/docsite || die @@ -65,6 +79,4 @@ python_test() { python_install_all() { use doc && local HTML_DOCS=( docs/docsite/_build/html/. ) distutils-r1_python_install_all - - dodoc -r examples } diff --git a/app-admin/ansible/ansible-2.10.0.ebuild b/app-admin/ansible/ansible-2.10.0.ebuild deleted file mode 100644 index c19820e359f3..000000000000 --- a/app-admin/ansible/ansible-2.10.0.ebuild +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6,7} ) - -inherit distutils-r1 eutils - -DESCRIPTION="Model-driven deployment, config management, and command execution framework" -HOMEPAGE="https://ansible.com/" -SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86 ~x64-macos" -IUSE="doc test" -RESTRICT="test" - -BDEPEND="!<app-admin/ansible-2.10.0[${PYTHON_USEDEP}]" -RDEPEND=" - dev-python/paramiko[${PYTHON_USEDEP}] - dev-python/jinja[${PYTHON_USEDEP}] - dev-python/pyyaml[${PYTHON_USEDEP}] - dev-python/setuptools[${PYTHON_USEDEP}] - dev-python/cryptography[${PYTHON_USEDEP}] - dev-python/httplib2[${PYTHON_USEDEP}] - dev-python/six[${PYTHON_USEDEP}] - dev-python/netaddr[${PYTHON_USEDEP}] - dev-python/pexpect[${PYTHON_USEDEP}] - net-misc/sshpass - virtual/ssh - !app-admin/ansible-base -" -DEPEND=" - !app-admin/ansible-base - dev-python/setuptools[${PYTHON_USEDEP}] - >=dev-python/packaging-16.6[${PYTHON_USEDEP}] - doc? ( - dev-python/sphinx[${PYTHON_USEDEP}] - dev-python/sphinx-notfound-page[${PYTHON_USEDEP}] - >=dev-python/pygments-2.4.0[${PYTHON_USEDEP}] - ) - test? ( - ${RDEPEND} - dev-python/nose[${PYTHON_USEDEP}] - >=dev-python/mock-1.0.1[${PYTHON_USEDEP}] - dev-python/passlib[${PYTHON_USEDEP}] - dev-python/coverage[${PYTHON_USEDEP}] - dev-python/unittest2[${PYTHON_USEDEP}] - dev-vcs/git - )" - -python_compile_all() { - if use doc; then - cd docs/docsite || die - export CPUS=4 - emake -f Makefile.sphinx html - fi -} - -python_test() { - nosetests -d -w test/units -v --with-coverage --cover-package=ansible --cover-branches || die -} - -python_install_all() { - use doc && local HTML_DOCS=( docs/docsite/_build/html/. ) - distutils-r1_python_install_all -} diff --git a/app-admin/ansible/ansible-2.9.12.ebuild b/app-admin/ansible/ansible-2.10.1.ebuild index 7d5eb95e9a9e..3bfcb1fab2c6 100644 --- a/app-admin/ansible/ansible-2.9.12.ebuild +++ b/app-admin/ansible/ansible-2.10.1.ebuild @@ -3,17 +3,26 @@ EAPI=7 -PYTHON_COMPAT=( python3_{6,7} ) +PYTHON_COMPAT=( python3_{6..9} ) +DISTUTILS_USE_SETUPTOOLS=bdepend inherit distutils-r1 eutils DESCRIPTION="Model-driven deployment, config management, and command execution framework" HOMEPAGE="https://ansible.com/" -SRC_URI="https://releases.ansible.com/${PN}/${P}.tar.gz" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/ansible/ansible.git" + EGIT_BRANCH="devel" + KEYWORDS="" +else + SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86 ~x64-macos" +fi LICENSE="GPL-3" SLOT="0" -KEYWORDS="amd64 ~arm ~arm64 ~ppc64 x86 ~x64-macos" IUSE="doc test" RESTRICT="test" @@ -21,7 +30,6 @@ RDEPEND=" dev-python/paramiko[${PYTHON_USEDEP}] dev-python/jinja[${PYTHON_USEDEP}] dev-python/pyyaml[${PYTHON_USEDEP}] - dev-python/setuptools[${PYTHON_USEDEP}] dev-python/cryptography[${PYTHON_USEDEP}] dev-python/httplib2[${PYTHON_USEDEP}] dev-python/six[${PYTHON_USEDEP}] @@ -29,12 +37,11 @@ RDEPEND=" dev-python/pexpect[${PYTHON_USEDEP}] net-misc/sshpass virtual/ssh - !app-admin/ansible-base + app-admin/ansible-base " DEPEND=" - !app-admin/ansible-base - dev-python/setuptools[${PYTHON_USEDEP}] >=dev-python/packaging-16.6[${PYTHON_USEDEP}] + app-admin/ansible-base doc? ( dev-python/sphinx[${PYTHON_USEDEP}] dev-python/sphinx-notfound-page[${PYTHON_USEDEP}] @@ -50,6 +57,11 @@ DEPEND=" dev-vcs/git )" +python_compile() { + export ANSIBLE_SKIP_CONFLICT_CHECK=1 + distutils-r1_python_compile +} + python_compile_all() { if use doc; then cd docs/docsite || die @@ -65,6 +77,4 @@ python_test() { python_install_all() { use doc && local HTML_DOCS=( docs/docsite/_build/html/. ) distutils-r1_python_install_all - - dodoc -r examples } diff --git a/app-admin/ansible/ansible-9999.ebuild b/app-admin/ansible/ansible-9999.ebuild index 6ff1f27cd47b..d3bff29efe2f 100644 --- a/app-admin/ansible/ansible-9999.ebuild +++ b/app-admin/ansible/ansible-9999.ebuild @@ -3,14 +3,23 @@ EAPI=7 -PYTHON_COMPAT=( python3_{6,7} ) +PYTHON_COMPAT=( python3_{6..9} ) +DISTUTILS_USE_SETUPTOOLS=bdepend -inherit distutils-r1 git-r3 eutils +inherit distutils-r1 eutils DESCRIPTION="Model-driven deployment, config management, and command execution framework" HOMEPAGE="https://ansible.com/" -EGIT_REPO_URI="https://github.com/ansible/ansible.git" -EGIT_BRANCH="devel" + +if [[ ${PV} == 9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/ansible/ansible.git" + EGIT_BRANCH="devel" + KEYWORDS="" +else + SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86 ~x64-macos" +fi LICENSE="GPL-3" SLOT="0" @@ -22,7 +31,6 @@ RDEPEND=" dev-python/paramiko[${PYTHON_USEDEP}] dev-python/jinja[${PYTHON_USEDEP}] dev-python/pyyaml[${PYTHON_USEDEP}] - dev-python/setuptools[${PYTHON_USEDEP}] dev-python/cryptography[${PYTHON_USEDEP}] dev-python/httplib2[${PYTHON_USEDEP}] dev-python/six[${PYTHON_USEDEP}] @@ -34,7 +42,6 @@ RDEPEND=" " DEPEND=" !app-admin/ansible-base - dev-python/setuptools[${PYTHON_USEDEP}] >=dev-python/packaging-16.6[${PYTHON_USEDEP}] doc? ( dev-python/sphinx[${PYTHON_USEDEP}] @@ -51,6 +58,11 @@ DEPEND=" dev-vcs/git )" +python_compile() { + export ANSIBLE_SKIP_CONFLICT_CHECK=1 + distutils-r1_python_compile +} + python_compile_all() { if use doc; then cd docs/docsite || die @@ -66,6 +78,4 @@ python_test() { python_install_all() { use doc && local HTML_DOCS=( docs/docsite/_build/html/. ) distutils-r1_python_install_all - - dodoc -r examples } diff --git a/app-admin/ansible/files/ansible-2.10.0-CVE-2020-25635-6.patch b/app-admin/ansible/files/ansible-2.10.0-CVE-2020-25635-6.patch new file mode 100644 index 000000000000..df88be4264ff --- /dev/null +++ b/app-admin/ansible/files/ansible-2.10.0-CVE-2020-25635-6.patch @@ -0,0 +1,54 @@ +From 921bd53103c2b543e95c9e6b863702db3ff54d0c Mon Sep 17 00:00:00 2001 +From: Jill R <4121322+jillr@users.noreply.github.com> +Date: Fri, 2 Oct 2020 11:37:37 -0700 +Subject: [PATCH] aws_ssm: Namespace S3 buckets and delete transferred files + (#237) + +Files transferred to instances via the SSM connection plugin should use +folders within the bucket that are namespaced per-host, to prevent collisions. +Files should also be deleted from buckets when they are no longer required. + +Fixes: #221 +Fixes: #222 + +Based on work by abeluck + +changelog +--- + ansible_collections/community/aws/changelogs/fragments/221_222_ssm_bucket_operations.yaml | 2 ++ + ansible_collections/community/aws/plugins/connection/aws_ssm.py | 6 +++++- + 2 files changed, 7 insertions(+), 1 deletion(-) + create mode 100644 ansible_collections/community/aws/changelogs/fragments/221_222_ssm_bucket_operations.yaml + +diff --git a/ansible_collections/community/aws/changelogs/fragments/221_222_ssm_bucket_operations.yaml b/ansible_collections/community/aws/changelogs/fragments/221_222_ssm_bucket_operations.yaml +new file mode 100644 +index 00000000..247d5e36 +--- /dev/null ++++ b/ansible_collections/community/aws/changelogs/fragments/221_222_ssm_bucket_operations.yaml +@@ -0,0 +1,2 @@ ++bugfixes: ++ - aws_ssm connection plugin - namespace file uploads to S3 into unique folders per host, to prevent name collisions. Also deletes files from S3 to ensure temp files are not left behind. (https://github.com/ansible-collections/community.aws/issues/221, https://github.com/ansible-collections/community.aws/issues/222) +diff --git a/ansible_collections/community/aws/plugins/connection/aws_ssm.py b/ansible_collections/community/aws/plugins/connection/aws_ssm.py +index 7f7d6926..94289eee 100644 +--- a/ansible_collections/community/aws/plugins/connection/aws_ssm.py ++++ b/ansible_collections/community/aws/plugins/connection/aws_ssm.py +@@ -522,7 +522,8 @@ def _get_boto_client(self, service, region_name=None): + def _file_transport_command(self, in_path, out_path, ssm_action): + ''' transfer a file from using an intermediate S3 bucket ''' + +- s3_path = out_path.replace('\\', '/') ++ path_unescaped = "{0}/{1}".format(self.instance_id, out_path) ++ s3_path = path_unescaped.replace('\\', '/') + bucket_url = 's3://%s/%s' % (self.get_option('bucket_name'), s3_path) + + if self.is_windows: +@@ -546,6 +547,9 @@ def _file_transport_command(self, in_path, out_path, ssm_action): + client.upload_fileobj(data, self.get_option('bucket_name'), s3_path) + (returncode, stdout, stderr) = self.exec_command(get_command, in_data=None, sudoable=False) + ++ # Remove the files from the bucket after they've been transferred ++ client.delete_object(Bucket=self.get_option('bucket_name'), Key=s3_path) ++ + # Check the return code + if returncode == 0: + return (returncode, stdout, stderr) |