Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

avoid loading vars on unspecified basedir (cwd) #42067

Merged
merged 2 commits into from
Jun 29, 2018
Merged

avoid loading vars on unspecified basedir (cwd) #42067

merged 2 commits into from
Jun 29, 2018

Conversation

bcoca
Copy link
Member

@bcoca bcoca commented Jun 28, 2018

SUMMARY
ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

vars manager

ANSIBLE VERSION
2.x

@ansibot ansibot added affects_2.7 This issue/PR affects Ansible v2.7 bug This issue/PR relates to a bug. needs_triage Needs a first human triage before being processed. support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Jun 28, 2018
@abadger
Copy link
Contributor

abadger commented Jun 28, 2018

CC: @misc

@bcoca bcoca removed the needs_triage Needs a first human triage before being processed. label Jun 28, 2018
@ansibot ansibot added the needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. label Jun 28, 2018
@ansible ansible deleted a comment from ansibot Jun 28, 2018
@abadger
Copy link
Contributor

abadger commented Jun 28, 2018

Timeout running pylint sanity test and what looks like unrelated transient issues on rhel/7.4/1 and windows/2012-R2/1 Hitting rebuild in shippable

@abadger
Copy link
Contributor

abadger commented Jun 29, 2018

windows/2012-R2/1 test is still failing in a way that is unrelated.

Please add a changelog and then merge and backport to all stable branches back to 2.4.

abadger
abadger reviewed Jun 29, 2018
View reviewed changes
changelogs/fragments/avoid_cwd_vars.yml Outdated
@@ -0,0 +1,2 @@
bugfixes:
- avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't yet have a security category, so please prepend **Security Fix** - to this:

bugfixes:
    - ** Security Fix ** - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir

@ansibot ansibot removed the needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. label Jun 29, 2018
@abadger
Copy link
Contributor

abadger commented Jun 29, 2018

The following failed but look like they are unrelated:

  • T=windows/2012-R2/1
  • T=rhel/7.4/1

@ansibot ansibot added the needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. label Jun 29, 2018
@abadger abadger merged commit de0e11c into ansible:devel Jun 29, 2018
abadger pushed a commit to abadger/ansible that referenced this pull request Jun 29, 2018
@bcoca @abadger
[stable-2.6] avoid loading vars on unspecified basedir (cwd) (ansible…
7fd10ab 
…#42067)

* avoid loading vars on unspecified basedir (cwd)
(cherry picked from commit de0e11c)

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
abadger pushed a commit to abadger/ansible that referenced this pull request Jun 29, 2018
@bcoca @abadger
[stable-2.5] avoid loading vars on unspecified basedir (cwd) (ansible…
867bfed 
…#42067)

* avoid loading vars on unspecified basedir (cwd)
(cherry picked from commit de0e11c)

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
abadger pushed a commit to abadger/ansible that referenced this pull request Jun 29, 2018
@bcoca @abadger
[stable-2.4] avoid loading vars on unspecified basedir (cwd) (ansible…
662b6e7 
…#42067)

* avoid loading vars on unspecified basedir (cwd)
(cherry picked from commit de0e11c)

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
abadger pushed a commit that referenced this pull request Jul 2, 2018
@bcoca @abadger
[stable-2.4] avoid loading vars on unspecified basedir (cwd) (#42067)
44874ad 
* avoid loading vars on unspecified basedir (cwd)
(cherry picked from commit de0e11c)

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
@bcoca bcoca deleted the avoid_cwd_vars branch July 3, 2018 20:08
nitzmahone pushed a commit that referenced this pull request Jul 3, 2018
@abadger @bcoca @nitzmahone
[stable-2.5] avoid loading vars on unspecified basedir (cwd) (#42067) (
10d6fe6 
…#42139)

* avoid loading vars on unspecified basedir (cwd)
(cherry picked from commit de0e11c)

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
mattclay pushed a commit that referenced this pull request Jul 3, 2018
@bcoca @mattclay
[stable-2.6] avoid loading vars on unspecified basedir (cwd) (#42067)
1f80949 
* avoid loading vars on unspecified basedir (cwd)
(cherry picked from commit de0e11c)

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
@bcoca
Copy link
Member Author

bcoca commented Oct 12, 2018

fix for CVE-2018-10874

@mcepl mcepl mentioned this pull request Oct 12, 2018
Merged
@ansible ansible locked and limited conversation to collaborators Jul 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@abadger abadger abadger left review comments

Assignees
No one assigned
Labels
affects_2.7 This issue/PR affects Ansible v2.7 bug This issue/PR relates to a bug. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. support:core This issue/PR relates to code supported by the Ansible Engineering Team.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bcoca @abadger @ansibot