Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.5
1.13.6 / 2022-05-08
Security
* [CRuby] Address CVE-2022-29181, improper handling of unexpected data types,
related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for
more information.
Improvements
* {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise
TypeError instead of segfaulting when an incorrect type is passed.
1.13.5 / 2022-05-04
Security
* [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See
GHSA-cgx6-hpwq-fhv5 for more information.
Dependencies
* [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.
Improvements
* [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when
recovering some broken markup related to start-of-tag and bare <
characters.
Changed
* [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken
markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and
incorrectly-opened comments will result in HTML text nodes starting with &
lt;! instead of skipping the invalid tag. This behavior is a direct result
of the quadratic-behavior fix noted above. The behavior of downstream
sanitizers relying on this behavior will also change. Some tests describing
the changed behavior are in test/html4/test_comments.rb.
These were for NetBSD < 8. But since broken #ifdefs did not cause a compile
error we have been using compatibility waitid(2) code where we shouldn't.
Bump PKGREVISIONs.
What's new in Sudo 1.9.10
* Added new "log_passwords" and "passprompt_regex" sudoers options.
If "log_passwords" is disabled, sudo will attempt to prevent passwords
from being logged. If sudo detects any of the regular expressions in
the "passprompt_regex" list in the terminal output, sudo will log '*'
characters instead of the terminal input until a newline or carriage
return is found in the input or an output character is received.
* Added new "log_passwords" and "passprompt_regex" settings to
sudo_logsrvd that operate like the sudoers options when logging
terminal input.
* Fixed several few bugs in the cvtsudoers utility when merging
multiple sudoers sources.
* Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf
file, where the "retry_interval" in the [relay] section was not
being recognized.
* Restored the pre-1.9.9 behavior of not performing authentication
when sudo's -n option is specified. A new "noninteractive_auth"
sudoers option has been added to enable PAM authentication in
non-interactive mode.
* On systems with /proc, if the /proc/self/stat (Linux) or
/proc/pid/psinfo (other systems) file is missing or invalid,
sudo will now check file descriptors 0-2 to determine the user's
terminal.
* Fixed a compilation problem on Debian kFreeBSD.
* Fixed a crash in sudo_logsrvd when running in relay mode if
an alert message is received.
* Fixed an issue that resulting in "problem with defaults entries"
email to be sent if a user ran sudo when the sudoers entry in
the nsswitch.conf file includes "sss" but no sudo provider is
configured in /etc/sssd/sssd.conf.
* Updated the warning displayed when the invoking user is not
allowed to run sudo. If sudo has been configured to send mail
on failed attempts (see the mail_* flags in sudoers), it will
now print "This incident has been reported to the administrator."
If the "mailto" or "mailerpath" sudoers settings are disabled,
the message will not be printed and no mail will be sent.
* Fixed a bug where the user-specified command timeout was not
being honored if the sudoers rule did not also specify a timeout.
* Added support for using POSIX extended regular expressions in
sudoers rules. A command and/or arguments in sudoers are treated
as a regular expression if they start with a '^' character and
end with a '$'. The command and arguments are matched separately,
either one (or both) may be a regular expression.
* A user may now only run "sudo -U otheruser -l" if they have a
"sudo ALL" privilege where the RunAs user contains either "root"
or "otheruser". Previously, having "sudo ALL" was sufficient,
regardless of the RunAs user.
* The sudo lecture is now displayed immediately before the password
prompt. As a result, sudo will no longer display the lecture
unless the user needs to enter a password. Authentication methods
that don't interact with the user via a terminal do not trigger
the lecture.
* Sudo now uses its own closefrom() emulation on Linux systems.
The glibc version may not work in a chroot jail where /proc is
not available. If close_range(2) is present, it will be used
in preference to /proc/self/fd.
What's new in Sudo 1.9.9
* Sudo can now be built with OpenSSL 3.0 without generating warnings
about deprecated OpenSSL APIs.
* A digest can now be specified along with the "ALL" command in
the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for
this in the sudoers file but did not include corresponding changes
for the other back-ends.
* visudo now only warns about an undefined alias or a cycle in an
alias once for each alias.
* The sudoRole cn was truncated by a single character in warning messages.
* The cvtsudoers utility has new --group-file and --passwd-file options
to use a custom passwd or group file when the --match-local option is
also used.
* The cvtsudoers utility can now filter or match based on a command.
* The cvtsudoers utility can now produce output in csv (comma-separated
value) format. This can be used to help generate entitlement reports.
* Fixed a bug in sudo_logsrvd that could result in the connection being
dropped for very long command lines.
* Fixed a bug where sudo_logsrvd would not accept a restore point
of zero.
* Fixed a bug in visudo where the value of the "editor" setting was not
used if it did not match the user's EDITOR environment variable.
This was only a problem if the "env_editor" setting was not enabled.
* Sudo now builds with the -fcf-protection compiler option and the
"-z now" linker option if supported.
* The output of "sudoreplay -l" now more closely matches the
traditional sudo log format.
* The sudo_sendlog utility will now use the full contents of the log.json
file, if present. This makes it possible to send sudo-format I/O logs
that use the newer log.json format to sudo_logsrvd without losing any
information.
* Fixed compilation of the arc4random_buf() replacement on systems with
arc4random() but no arc4random_buf().
* Sudo now uses its own getentropy() by default on Linux. The GNU libc
version of getentropy() will fail on older kernels that don't support
the getrandom() system call.
* It is now possible to build sudo with WolfSSL's OpenSSL compatibility
layer by using the --enable-wolfssl configure option.
* Fixed a bug related to Daylight Saving Time when parsing timestamps
in Generalized Time format. This affected the NOTBEFORE and
NOTAFTER options in sudoers.
* Added the -O and -P options to visudo, which can be used to check
or set the owner and permissions. This can be used in conjunction
with the -c option to check that the sudoers file ownership and
permissions are correct.
* It is now possible to set resource limits in the sudoers file itself.
The special values "default" and "user" refer to the default system
limit and invoking user limit respectively. The core dump size limit
is now set to 0 by default unless overridden by the sudoers file.
* The cvtsudoers utility can now merge multiple sudoers sources into
a single, combined sudoers file. If there are conflicting entries,
cvtsudoers will attempt to resolve them but manual intervention
may be required. The merging of sudoers rules is currently fairly
simplistic but will be improved in a future release.
* Sudo was parsing but not applying the "deref" and "tls_reqcert"
ldap.conf settings. This meant the options were effectively
ignored which broke dereferencing of aliases in LDAP.
* Clarified in the sudo man page that the security policy may
override the user's PATH environment variable.
* When sudo is run in non-interactive mode (with the -n option), it
will now attempt PAM authentication and only exit with an error
if user interaction is required. This allows PAM modules that
don't interact with the user to succeed. Previously, sudo
would not attempt authentication if the -n option was specified.
* Fixed a regression introduced in version 1.9.1 when sudo is
built with the --with-fqdn configure option. The local host
name was being resolved before the sudoers file was processed,
making it impossible to disable DNS lookups by negating the
"fqdn" sudoers option.
* Added support for negated sudoUser attributes in the LDAP and
SSSD sudoers back ends. A matching sudoUser that is negated
will cause the sudoRole containing it to be ignored.
* Fixed a bug where the stack resource limit could be set to a
value smaller than that of the invoking user and not be reset
before the command was run.
What's new in Sudo 1.9.8p2
* Fixed a potential out-of-bounds read with "sudo -i" when the
target user's shell is bash. This is a regression introduced
in sudo 1.9.8.
* sudo_logsrvd now only sends a log ID for first command of a session.
There is no need to send the log ID for each sub-command.
* Fixed a few minor memory leaks in intercept mode.
* Fixed a problem with sudo_logsrvd in relay mode if "store_first"
was enabled when handling sub-commands. A new zero-length journal
file was created for each sub-command instead of simply using
the existing journal file.
* Fixed a bug where sudoedit would fail if one of the directories
in the path to be edited had the immutable flag set (BSD, Linux
or macOS).
What's new in Sudo 1.9.8p1
* Fixed support for passing a prompt (sudo -p) or a login class
(sudo -c) on the command line. This is a regression introduced
in sudo 1.9.8.
* Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
This is a regression introduced in sudo 1.9.8.
* Fixed a compilation error when the --enable-static-sudoers configure
option was specified. This is a regression introduced in sudo
1.9.8 caused by a symbol clash with the intercept and log server
protobuf functions.
What's new in Sudo 1.9.8
* It is now possible to transparently intercepting sub-commands
executed by the original command run via sudo. Intercept support
is implemented using LD_PRELOAD (or the equivalent supported by
the system) and so has some limitations. The two main limitations
are that only dynamic executables are supported and only the
execl, execle, execlp, execv, execve, execvp, and execvpe library
functions are currently intercepted. Its main use case is to
support restricting privileged shells run via sudo.
To support this, there is a new "intercept" Defaults setting and
an INTERCEPT command tag that can be used in sudoers. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
Defaults!SHELLS intercept
would cause sudo to run the listed shells in intercept mode.
This can also be set on a per-rule basis. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
chuck ALL = INTERCEPT: SHELLS
would only apply intercept mode to user "chuck" when running one
of the listed shells.
In intercept mode, sudo will not prompt for a password before
running a sub-command and will not allow a set-user-ID or
set-group-ID program to be run by default. The new
intercept_authenticate and intercept_allow_setid sudoers settings
can be used to change this behavior.
* The new "log_subcmds" sudoers setting can be used to log additional
commands run in a privileged shell. It uses the same mechanism as
the intercept support described above and has the same limitations.
* The new "log_exit_status" sudoers setting can be used to log
the exit status commands run via sudo. This is also a corresponding
"log_exit" setting in the sudo_logsrvd.conf eventlog stanza.
* Support for logging sudo_logsrvd errors via syslog or to a file.
Previously, most sudo_logsrvd errors were only visible in the
debug log.
* Better diagnostics when there is a TLS certificate validation error.
* Using the "+=" or "-=" operators in a Defaults setting that takes
a string, not a list, now produces a warning from sudo and a
syntax error from inside visudo.
* Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
had no effect when creating I/O log parent directories if the I/O log
file name ended with the string "XXXXXX".
* Fixed a bug in the sudoers custom prompt code where the size
parameter that was passed to the strlcpy() function was incorrect.
No overflow was possible since the correct amount of memory was
already pre-allocated.
* The mksigname and mksiglist helper programs are now built with
the host compiler, not the target compiler, when cross-compiling.
* Fixed compilation error when the --enable-static-sudoers configure
option was specified. This was due to a typo introduced in sudo
1.9.7.
v6.1.0
Minor Changes
Implement JSON Schema verification for several known file types
Improve cli argument handling
Add no-prompting rule as experimental
Add only-builtins rule to check compatibility with core
Add native SARIF output support
--write: Optionally pass rule names to --write in cli
--write: Allow Transforms to mark MatchErrors as fixed
Bugfixes
Fix support for block tasks in unnamed-task rule
Make sure all tasks get evaluated by matchtask including block/always/rescue and nested tasks
Ensure tags are escaped when printed
Detect role argument_specs files as a lintable kind
Fix var-naming rule to show line numbers and apply noqa
--write: Do not rewrite zero 0 as octal 00
Relax the yamllint rules on spaces inside braces for flow mappings
Update test and typing deps and remove special code paths for py < 3.8
Update package metadata for setuptools
Apply var-spacing tests to vars files
Add philosophy section to the documentation
Propagate error message to user on systemexit
Fix loading ansible-lint.yml in git projects
v5.7.1
Minor Changes
-------------
- The version of fortinet.fortios has been rolled back to 2.1.4 (from 2.1.5) to address a syntax error pending a new release of
the collection
v5.7.0
Major Changes
-------------
community.postgresql
~~~~~~~~~~~~~~~~~~~~
- postgresql_user - the ``priv`` argument has been deprecated and will be removed in ``community.postgresql 3.0.0``. Please use the ``postgresql_privs`` module to grant/revoke privileges instead (https://github.com/ansible-collections/community.postgresql/issues/212).
fortinet.fortios
~~~~~~~~~~~~~~~~
- Support FortiOS 7.0.2, 7.0.3, 7.0.4, 7.0.5.
Minor Changes
-------------
ansible.utils
~~~~~~~~~~~~~
- 'consolidate' filter plugin added.
cloud.common
~~~~~~~~~~~~
- Move the content of README_ansible_turbo.module.rst in the main README.md to get visibility on Ansible Galaxy.
community.dns
~~~~~~~~~~~~~
- Prepare collection for inclusion in an Execution Environment by declaring its dependencies (https://github.com/ansible-collections/community.dns/pull/93).
community.docker
~~~~~~~~~~~~~~~~
- Prepare collection for inclusion in an Execution Environment by declaring its dependencies. The ``docker_stack*`` modules are not supported (https://github.com/ansible-collections/community.docker/pull/336).
- current_container_facts - add detection for GitHub Actions (https://github.com/ansible-collections/community.docker/pull/336).
- docker_container - support returning Docker container log output when using Docker's ``local`` logging driver, an optimized local logging driver introduced in Docker 18.09 (https://github.com/ansible-collections/community.docker/pull/337).
community.general
~~~~~~~~~~~~~~~~~
- alternatives - add ``state`` parameter, which provides control over whether the alternative should be set as the active selection for its alternatives group (https://github.com/ansible-collections/community.general/issues/4543, https://github.com/ansible-collections/community.general/pull/4557).
- atomic_container - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- clc_alert_policy - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- clc_group - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- clc_loadbalancer - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- clc_server - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- cmd_runner module util - reusable command runner with consistent argument formatting and sensible defaults (https://github.com/ansible-collections/community.general/pull/4476).
- datadog_monitor - support new datadog event monitor of type `event-v2 alert` (https://github.com/ansible-collections/community.general/pull/4457)
- filesystem - add support for resizing btrfs (https://github.com/ansible-collections/community.general/issues/4465).
- lxd_container - adds ``project`` option to allow selecting project for LXD instance (https://github.com/ansible-collections/community.general/pull/4479).
- lxd_profile - adds ``project`` option to allow selecting project for LXD profile (https://github.com/ansible-collections/community.general/pull/4479).
- nmap inventory plugin - add ``sudo`` option in plugin in order to execute ``sudo nmap`` so that ``nmap`` runs with elevated privileges (https://github.com/ansible-collections/community.general/pull/4506).
- nomad_job - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- nomad_job_info - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- packet_device - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- packet_sshkey - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- packet_volume - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- profitbricks - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- proxmox - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- proxmox inventory plugin - add token authentication as an alternative to username/password (https://github.com/ansible-collections/community.general/pull/4540).
- proxmox inventory plugin - parse LXC configs returned by the proxmox API (https://github.com/ansible-collections/community.general/pull/4472).
- proxmox_snap - add restore snapshot option (https://github.com/ansible-collections/community.general/pull/4377).
- proxmox_snap - fixed timeout value to correctly reflect time in seconds. The timeout was off by one second (https://github.com/ansible-collections/community.general/pull/4377).
- redfish_command - add ``IndicatorLedOn``, ``IndicatorLedOff``, and ``IndicatorLedBlink`` commands to the Systems category for controling system LEDs (https://github.com/ansible-collections/community.general/issues/4084).
- seport - minor refactoring (https://github.com/ansible-collections/community.general/pull/4471).
- smartos_image_info - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- terraform - adds ``terraform_upgrade`` parameter which allows ``terraform init`` to satisfy new provider constraints in an existing Terraform project (https://github.com/ansible-collections/community.general/issues/4333).
- udm_group - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- udm_share - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- vmadm - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- webfaction_app - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- webfaction_db - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- xfconf - added missing value types ``char``, ``uchar``, ``int64`` and ``uint64`` (https://github.com/ansible-collections/community.general/pull/4534).
community.grafana
~~~~~~~~~~~~~~~~~
- Remove requirement for `ds_type` and `ds_url` parameters when deleting a datasource
- add `grafana` action group in `meta/runtime.yml` to support for module group defaults
- refactor grafana_notification_channel module
community.hrobot
~~~~~~~~~~~~~~~~
- Prepare collection for inclusion in an Execution Environment by declaring its dependencies (https://github.com/ansible-collections/community.hrobot/pull/45).
community.zabbix
~~~~~~~~~~~~~~~~
- all modules - prepare for deprecation of distutils LooseVersion.
- collection - Add dependencies to other collections. This helps Ansible Galaxy automatically downloading collections that this collection relies on to run.
- connection.httpapi (plugin) - add initial httpapi connection plugin.
- httpapi.jsonrpc (plugin) - add initial httpapi for future handling of json-rpc.
- new module zabbix authentication for configuring global authentication settings in Zabbix Server's Settings section of GUI.
- new module zabbix_autoregister for configuring global autoregistration settings in Zabbix Server's Settings section of GUI.
- new module zabbix_housekeeping for configuring global housekeeping settings in Zabbix Server's Settings section of GUI.
- test_zabbix_host_info - fix Template/Group names for 5.4
- test_zabbix_screen - disable testing for screen in 5.4 (deprecated)
- zabbix_action - additional fixes to make module work with Zabbix 6.0 (https://github.com/ansible-collections/community.zabbix/pull/664)
- zabbix_action - module ported to work with Zabbix 6.0 (https://github.com/ansible-collections/community.zabbix/pull/648, https://github.com/ansible-collections/community.zabbix/pull/653)
- zabbix_agent - Check if 'firewalld' exist and is running when handler is executed.
- zabbix_agent - Install the correct Python libxml2 package on SLES15
- zabbix_agent - Move inclusion of the apache.yml tasks to later stage during execution of role.
- zabbix_agent - Prepare for Zabbix 6.0.
- zabbix_agent - Specify a minor version with zabbix_agent_version_minor for RH systems.
- zabbix_agent - There was no way to configure a specific type for the macro.
- zabbix_agent - Use multiple aliases in the configuration file with ``zabbix_agent_zabbix_alias`` or ``zabbix_agent2_zabbix_alias``.
- zabbix_maintenance - added new module parameter `tags`, which allows configuring Problem Tags on maintenances.
- zabbix_proxy - Prepare for Zabbix 6.0.
- zabbix_proxy - Specify a minor version with zabbix_proxy_version_minor for RH systems.
- zabbix_proxy - Support for Sangoma and treat it like a RHEL system.
- zabbix_server - Check the 'zabbix_server_install_database_client' variable in RedHat tasks.
- zabbix_server - Prepare for Zabbix 6.0.
- zabbix_server - Specify a minor version with zabbix_server_version_minor for RH systems.
- zabbix_user - change alias property to username (changed in 5.4) (alias is now an alias for username)
- zabbix_user_info - change alias property to username (changed in 5.4) (alias is now an alias for username)
- zabbix_web - Change format ENCRYPTION, VERIFY_HOST from string to boolean.
- zabbix_web - Specify a minor version with zabbix_web_version_minor for RH systems.
f5networks.f5_modules
~~~~~~~~~~~~~~~~~~~~~
- bigip_device_info - add UCS creation date to the data gathered
- bigip_virtual_server - add service_down_immediate_action parameter
- bigiq_regkey_license - add addon_keys parameter to the module
netapp.cloudmanager
~~~~~~~~~~~~~~~~~~~
- na_cloudmanager_connector_gcp - when using the user application default credential authentication by running the command gcloud auth application-default login, ``gcp_service_account_path`` is not needed.
netapp.ontap
~~~~~~~~~~~~
- na_ontap_cluster_config role - use na_ontap_login_messages as na_ontap_motd is deprecated.
- na_ontap_debug - report ansible version and ONTAP collection version.
- na_ontap_efficiency_policy - Added REST support.
- na_ontap_export_policy_rule - new option ``ntfs_unix_security`` for NTFS export UNIX security options added.
- na_ontap_lun - Added REST support.
- na_ontap_snapmirror -- Added more descriptive error messages for REST
- na_ontap_snapshot_policy - Added REST support to the na_ontap_snapshot_policy module.
- na_ontap_svm - add support for web services (ssl modify) - REST only with 9.8 or later.
- na_ontap_volume - add support for SnapLock - only for REST.
- na_ontap_volume - allow to modify volume after rename.
- na_ontap_volume - new option ``max_files`` to increase the inode count value.
- na_ontap_vserver_create role - support max_volumes option.
netbox.netbox
~~~~~~~~~~~~~
- Add meta information for use in Execution Environments
- Multiple modules - add new parameters added in NetBox 3.2
- nb_inventory - Add site_group as an option
- netbox_front_port and netbox_rear_port - Add label as parameter
sensu.sensu_go
~~~~~~~~~~~~~~
- Added support for ansible 2.13
- Removed support for CentOS 8
t_systems_mms.icinga_director
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Add icinga_serviceset module (https://github.com/T-Systems-MMS/ansible-collection-icinga-director/pull/163)
- Test more ansible versions (https://github.com/T-Systems-MMS/ansible-collection-icinga-director/pull/162)
Deprecated Features
-------------------
community.general
~~~~~~~~~~~~~~~~~
- nmcli - deprecate default hairpin mode for a bridge. This so we can change it to ``false`` in community.general 7.0.0, as this is also the default in ``nmcli`` (https://github.com/ansible-collections/community.general/pull/4334).
- proxmox inventory plugin - the current default ``true`` of the ``want_proxmox_nodes_ansible_host`` option has been deprecated. The default will change to ``false`` in community.general 6.0.0. To keep the current behavior, explicitly set ``want_proxmox_nodes_ansible_host`` to ``true`` in your inventory configuration. We suggest to already switch to the new behavior by explicitly setting it to ``false``, and by using ``compose:`` to set ``ansible_host`` to the correct value. See the examples in the plugin documentation for details (https://github.com/ansible-collections/community.general/pull/4466).
Bugfixes
--------
Ansible-core
~~~~~~~~~~~~
- Ansible.ModuleUtils.SID - Use user principal name as is for lookup in the ``Convert-ToSID`` function - https://github.com/ansible/ansible/issues/77316
- Fix traceback when installing a collection from a git repository and git is not installed (https://github.com/ansible/ansible/issues/77479).
- ansible-test - Correctly detect when running as the ``root`` user (UID 0) on the origin host. The result of the detection was incorrectly being inverted.
- ansible-test - Fix skipping of tests marked ``needs/python`` on the origin host.
- ansible-test - Fix skipping of tests marked ``needs/root`` on the origin host.
- ansible-test compile sanity test - do not crash if a column could not be determined for an error (https://github.com/ansible/ansible/pull/77465).
- hostname - use ``file_get_content()`` to read the file containing the host name in the ``FileStrategy.get_permanent_hostname()`` method. This prevents a ``TypeError`` from being raised when the strategy is used (https://github.com/ansible/ansible/issues/77025).
- script - skip in check mode since the plugin cannot determine if a change will occur.
- shell/command - only skip in check mode if the options `creates` and `removes` are both None.
- winrm - Ensure ``kinit`` is run with the same ``PATH`` env var as the Ansible process
cloud.common
~~~~~~~~~~~~
- fix parameters with aliases not being passed through (https://github.com/ansible-collections/cloud.common/issues/91).
- fix turbo mode loading incorrect module (https://github.com/ansible-collections/cloud.common/pull/102).
- turbo - Ensure we don't call the module with duplicated aliased parameters.
community.dns
~~~~~~~~~~~~~
- Update Public Suffix List.
community.docker
~~~~~~~~~~~~~~~~
- docker connection plugin - make sure that ``docker_extra_args`` is used for querying the Docker version. Also ensures that the Docker version is only queried when needed. This is currently the case if a remote user is specified (https://github.com/ansible-collections/community.docker/issues/325, https://github.com/ansible-collections/community.docker/pull/327).
community.general
~~~~~~~~~~~~~~~~~
- dnsmadeeasy - fix failure on deleting DNS entries when API response does not contain monitor value (https://github.com/ansible-collections/community.general/issues/3620).
- git_branch - remove deprecated and unnecessary branch ``unprotect`` method (https://github.com/ansible-collections/community.general/pull/4496).
- gitlab_group - improve searching for projects inside group on deletion (https://github.com/ansible-collections/community.general/pull/4491).
- gitlab_group_members - handle more than 20 groups when finding a group (https://github.com/ansible-collections/community.general/pull/4491, https://github.com/ansible-collections/community.general/issues/4460, https://github.com/ansible-collections/community.general/issues/3729).
- gitlab_hook - handle more than 20 hooks when finding a hook (https://github.com/ansible-collections/community.general/pull/4491).
- gitlab_project - handle more than 20 namespaces when finding a namespace (https://github.com/ansible-collections/community.general/pull/4491).
- gitlab_project_members - handle more than 20 projects and users when finding a project resp. user (https://github.com/ansible-collections/community.general/pull/4491).
- gitlab_user - handle more than 20 users and SSH keys when finding a user resp. SSH key (https://github.com/ansible-collections/community.general/pull/4491).
- keycloak - fix parameters types for ``defaultDefaultClientScopes`` and ``defaultOptionalClientScopes`` from list of dictionaries to list of strings (https://github.com/ansible-collections/community.general/pull/4526).
- opennebula inventory plugin - complete the implementation of ``constructable`` for opennebula inventory plugin. Now ``keyed_groups``, ``compose``, ``groups`` actually work (https://github.com/ansible-collections/community.general/issues/4497).
- pacman - fixed bug where ``absent`` state did not work for locally installed packages (https://github.com/ansible-collections/community.general/pull/4464).
- pritunl - fixed bug where pritunl plugin api add unneeded data in ``auth_string`` parameter (https://github.com/ansible-collections/community.general/issues/4527).
- proxmox inventory plugin - fix error when parsing container with LXC configs (https://github.com/ansible-collections/community.general/issues/4472, https://github.com/ansible-collections/community.general/pull/4472).
- proxmox_kvm - fix a bug when getting a state of VM without name will fail (https://github.com/ansible-collections/community.general/pull/4508).
- xbps - fix error message that is reported when installing packages fails (https://github.com/ansible-collections/community.general/pull/4438).
community.hrobot
~~~~~~~~~~~~~~~~
- robot inventory plugin - do not crash if a server neither has name or primary IP set. Instead, fall back to using the server's number as the name. This can happen if unnamed rack reservations show up in your server list (https://github.com/ansible-collections/community.hrobot/issues/40, https://github.com/ansible-collections/community.hrobot/pull/47).
community.postgresql
~~~~~~~~~~~~~~~~~~~~
- postgresql_db - get rid of the deprecated psycopg2 connection alias ``database`` in favor of ``dbname`` when psycopg2 is 2.7+ is used (https://github.com/ansible-collections/community.postgresql/issues/194, https://github.com/ansible-collections/community.postgresql/pull/196).
community.proxysql
~~~~~~~~~~~~~~~~~~
- module_utils/mysql.py - Proxysql version suffix may not be an integer (https://github.com/ansible-collections/community.proxysql/pull/96).
community.zabbix
~~~~~~~~~~~~~~~~
- Various modules and plugins - use vendored version of ``distutils.version`` instead of the deprecated Python standard library ``distutils`` (https://github.com/ansible-collections/community.zabbix/pull/603).
- ZapiWrapper (module_utils) - fix only partial zabbix version is returned.
- zabbix_agent - Install Zabbix packages when zabbix_repo == other is used with yum.
- zabbix_agent - Install the Agent for MacOSX sooner than its configuration.
- zabbix_agent - The ``Install gpg key`` task for Debian did not work when a http proxy is configured.
- zabbix_agent - Use the correct URL with correct version.
- zabbix_agent - Use the correct path to determine Zabbix Agent 2 installation on Windows.
- zabbix_agent - Using the correct hostgroup as default now.
- zabbix_agent - fix for the autopsk, incl. tests with Molecule.
- zabbix_host - Added small notification that an user should have read access to get hostgroups overview.
- zabbix_host - adapter changed properties for interface comparisson
- zabbix_maintenance - should now work when creating maintenace on Zabbix 6.0 server
- zabbix_proxy - 'zcat' the zipped sql files to /tmp before executing it.
- zabbix_proxy - Check MySQL version before settings mysql_innodb_default_row_format value.
- zabbix_proxy - Install Zabbix packages when zabbix_repo == other is used with yum.
- zabbix_server - 'zcat' the zipped sql files to /tmp before executing it.
- zabbix_server - Check MySQL version before settings mysql_innodb_default_row_format value.
- zabbix_server - Install Zabbix packages when zabbix_repo == other is used with yum.
- zabbix_template - setting correct null values to fix unintentional changes
- zabbix_web - Added some default variables if the geerlingguys apache role is not used.
- zabbix_web - Specified the correct versions for php.
f5networks.f5_modules
~~~~~~~~~~~~~~~~~~~~~
- bigip_command - fixed a bug that interpreted a pipe symbol inside an input string as pipe used to combine commands
- bigip_device_certificate - adds missing space to tmsh command
- bigip_gtm_wide_ip - fixed inability to change persistence setting on existing wide ip objects
fortinet.fortios
~~~~~~~~~~~~~~~~
- Fix issues in version mismatch logic.
- Fix status issue in fortios_json_generic().
- Fix the issue of inconsistent data types in different schemas.
netapp.cloudmanager
~~~~~~~~~~~~~~~~~~~
- Add check when volume is capacity tiered.
- na_cloudmanager_connector_azure - Fix string formatting error when deleting the connector.
netapp.ontap
~~~~~~~~~~~~
- Fixed ONTAP minor version ignored in checking minimum ONTAP version.
- na_ontap_aggregate - Fixed error in delete aggregate if the ``disk_count`` is less than current disk count.
- na_ontap_autosupport - Fixed `partner_address` not working in REST.
- na_ontap_command - document that a READONLY user is not supported, even for show commands.
- na_ontap_disk_options - ONTAP 9.10.1 returns on/off rather than True/False.
- na_ontap_info - Fixes issue with na_ontap_info failing in 9.1 because of ``job-schedule-cluster``.
- na_ontap_iscsi - Fixed issue with ``start_state`` always being set to stopped when creating an ISCSI.
- na_ontap_iscsi - fixed error starting iscsi service on vserver where Service, adapter, or operation already started.
- na_ontap_lun - Fixed KeyError on options ``force_resize``, ``force_remove`` and ``force_remove_fenced`` in Zapi.
- na_ontap_lun - Fixed ``force_remove`` option silently ignored in REST.
- na_ontap_lun_map - TypeError - '>' not supported between instances of 'int' and 'str '.
- na_ontap_qtree - Fixed issue with ``oplocks`` not being changed during a modify in Zapi.
- na_ontap_qtree - Fixed issue with ``oplocks`` not warning user about not being supported in REST
- na_ontap_snapmirror - Added use_rest condition for the REST support to work when use_rest `always`.
- na_ontap_snapshot - add error message if volume is not found with REST.
- na_ontap_snapshot - fix key error on volume when using REST.
- na_ontap_snapshot_policy - Do not validate parameter when state is ``absent`` and fix KeyError on ``comment``.
- na_ontap_svm - fixed KeyError issue on protocols when vserver is stopped.
- na_ontap_volume - do not attempt to mount volume if current state is offline.
- na_ontap_volume - fix idempotency issue with compression settings when using REST.
- na_ontap_vserver_peer - Added cluster peer accept code in REST.
- na_ontap_vserver_peer - Fixed AttributeError if ``dest_hostname`` or ``peer_options`` not present.
- na_ontap_vserver_peer - Fixed ``local_name_for_peer`` and ``local_name_for_source`` options silently ignored in REST.
- na_ontap_vserver_peer - Get peer cluster name if remote peer exist else use local cluster name.
- na_ontap_vserver_peer - ignore job entry doesn't exist error with REST to bypass ONTAP issue with FSx.
- na_ontap_vserver_peer - report error if SVM peer does not see a peering relationship after create.
netbox.netbox
~~~~~~~~~~~~~
- netbox_contact_group - Fix field description
- netbox_rack - Add location as a query parameter for uniqueness check
New Plugins
-----------
Connection
~~~~~~~~~~
- community.zabbix.httpapi - Use httpapi to run command on network appliances
Httpapi
~~~~~~~
- community.zabbix.jsonrpc - HttpApi Plugin for Zabbix
New Modules
-----------
community.general
~~~~~~~~~~~~~~~~~
Cloud
^^^^^
Lxd
...
- community.general.lxd_project - Manage LXD projects
Monitoring
^^^^^^^^^^
- community.general.alerta_customer - Manage customers in Alerta
community.zabbix
~~~~~~~~~~~~~~~~
- community.zabbix.zabbix_authentication - Update Zabbix authentication
- community.zabbix.zabbix_autoregister - Update Zabbix autoregistration
- community.zabbix.zabbix_housekeeping - Update Zabbix housekeeping
f5networks.f5_modules
~~~~~~~~~~~~~~~~~~~~~
- f5networks.f5_modules.bigip_ltm_global - Manages global LTM settings
t_systems_mms.icinga_director
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- t_systems_mms.icinga_director.icinga_serviceset - Manage servicesets in Icinga2
Ansible is a radically simple IT automation system. It handles configuration
management, application deployment, cloud provisioning, ad-hoc task execution,
network automation, and multi-node orchestration. Ansible makes complex changes
like zero-downtime rolling updates with load balancers easy.
We must pass -isysroot with the explicit path to the MacOSX SDK in CFLAGS.
Without this setup.py fails to find builtin zlib and bzip2.
See comment in ${WRKSRC}/Lib/distutils/unixccompiler.py:find_library_file()
for why this is necessary.
Untested because of
python3.10 ./scripts/ldnoexec.py out/rom16.o.strip.o out/rom16.noexec.o
Traceback (most recent call last):
File "/scratch/sysutils/xentools415/work/seabios-rel-1.14.0/./scripts/ldnoexec.py", line 32, in <module>
main()
File "/scratch/sysutils/xentools415/work/seabios-rel-1.14.0/./scripts/ldnoexec.py", line 20, in main
f = open(infilename, "rb")
FileNotFoundError: [Errno 2] No such file or directory: 'out/rom32seg.o.strip.o'
gmake[6]: *** [Makefile:133: out/rom32seg.noexec.o] Error 1
gmake[6]: *** Waiting for unfinished jobs....
Traceback (most recent call last):
File "/scratch/sysutils/xentools415/work/seabios-rel-1.14.0/./scripts/ldnoexec.py", line 32, in <module>
main()
File "/scratch/sysutils/xentools415/work/seabios-rel-1.14.0/./scripts/ldnoexec.py", line 20, in main
f = open(infilename, "rb")
FileNotFoundError: [Errno 2] No such file or directory: 'out/rom16.o.strip.o'
gmake[6]: *** [Makefile:133: out/rom16.noexec.o] Error 1
on -current/amd64.
Run pkglint -F while here.
Untested because of
ld -N -T out/romlayout32flat.lds out/rom16.strip.o out/rom32seg.strip.o out/code32flat.o -o out/rom.o
ld: cannot find out/rom16.strip.o: No such file or directory
ld: cannot find out/rom32seg.strip.o: No such file or directory
on -current/amd64.
Untested because of
In file included from include/ipxe/uaccess.h:27,
from core/acpi.c:28:
./config/ioapi.h:17:10: fatal error: config/local/ioapi.h: No such file or directory
17 | #include <config/local/ioapi.h>
| ^~~~~~~~~~~~~~~~~~~~~~
on -current/amd64.
