* Strip lookup calls out of inventory variables and clean unsafe data
returned from lookup plugins (CVE-2014-4966)
* Make sure vars don't insert extra parameters into module args and prevent
duplicate params from superseding previous params (CVE-2014-4967)
The new CentOS 7 beta lists the distribution as "CentOS Linux", which
breaks the distribution detection and class loading. This patch fixes
that by taking just the first entry in the string when a space is
detected.
Previously, the get_fqdn() function in known_hosts.py only worked
with urls that started with git@, and ignored any urls that started
with a normal schema type (ie. http:// or ssh://). This patch corrects
that by using urlparse to parse the hostname portion out of urls that
have a proper schema.
Fixes#7474
Also added some error handling to the fetch_url() call in the
apt_repository module, so that failures to look up the PPA info
are properly handled.
Fixes#7322
The ssl cert check will now respect the http and https proxy
environment settings. The url may also have the username/password
embedded, in which case basic auth will be used to connect to the
proxy server.
Fixes#7413
If the module directory is not writable/executable to the current user
(most likely because of a sudo to a non-root user), the ssh_wrapper
will be created in the default location for mkstemp() calls. To facilitate
the deletion of these new files, a new mechanism for cleaning up files
created by the module was also added.
Fixes#7375
This is a corner case for remote file systems that don't support
chown() and where the source and destination for the atomic_move
are on that remote file system.
Fixes#7372
Previously, we set the LANG (and LC_CTYPE) environment variables
directly in the module code and applied them with os.environ().
Instead, we are now pre-pending those variables to the environment
string used to execute the command which allows the user to
override the localization values by setting the environment values
directly (even on a per-task basis):
- subversion: repo=file:///path/to/repos/svn_über dest=/tmp/svntest
environment:
LANG: "C"
LC_CTYPE: "en_US.UTF-8"
So if a user wishes to default their LANG back to C, they can still
avoid unicode issues by doing the above.
Fixes#7060
James Cammarata
Michael DeHaan
Ruggero Marchei
Casey Fitzpatrick
dewey hylton
Ivo Senner
Matt Martz
Chris Church
Matt Bray
Jakub Kramarz
Alexander Winkler
rik2803
Yang Liping
Michal Mach