Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[dnf] ensure packages are gpg-verified #71539

Merged
merged 1 commit into from Aug 31, 2020
Merged

[dnf] ensure packages are gpg-verified #71539

merged 1 commit into from Aug 31, 2020

Conversation

relrod
Copy link
Member

@relrod relrod commented Aug 31, 2020
edited

SUMMARY

Backport of #71537

Change:

  • By default the dnf API does not gpg-verify packages. This is a feature
    that is executed in its CLI code. It never made it into Ansible's
    usage of the API, so packages were previously not verified.
  • This fixes CVE-2020-14365.

Test Plan:

  • New integration tests

Signed-off-by: Rick Elrod rick@elrod.me

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

dnf

@relrod
[dnf] ensure packages are gpg-verified
79cb40b 
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
  that is executed in its CLI code. It never made it into Ansible's
  usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.

Test Plan:
- New integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
@ansibot ansibot added affects_2.10 This issue/PR affects Ansible v2.10 backport This PR does not target the devel branch. bug This issue/PR relates to a bug. core_review In order to be merged, this PR must follow the core review workflow. module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. packaging Packaging category support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Aug 31, 2020
@relrod relrod merged commit dc97027 into ansible:stable-2.10 Aug 31, 2020
@sivel sivel removed the needs_triage Needs a first human triage before being processed. label Sep 1, 2020
relrod added a commit to relrod/ansible that referenced this pull request Sep 4, 2020
@relrod
[docs] add porting guide for DNF GPG validation
0478501 
Change:
- This was a breaking change (security fix), but I neglected to add a
  porting guide entry for it previously.

Tickets:
- Refs ansible#71537
- Refs ansible#71539
- Refs ansible#71540
- Refs ansible#71541

Signed-off-by: Rick Elrod <rick@elrod.me>
@relrod relrod mentioned this pull request Sep 4, 2020
Merged
samccann pushed a commit that referenced this pull request Sep 15, 2020
@relrod
[docs] add porting guide for DNF GPG validation (#71640)
7a38c47 
* [docs] add porting guide for DNF GPG validation

Change:
- This was a breaking change (security fix), but I neglected to add a
  porting guide entry for it previously.

Tickets:
- Refs #71537
- Refs #71539
- Refs #71540
- Refs #71541

Signed-off-by: Rick Elrod <rick@elrod.me>

* changes from sivel

Signed-off-by: Rick Elrod <rick@elrod.me>
samccann pushed a commit to samccann/ansible that referenced this pull request Sep 21, 2020
@relrod @samccann
[docs] add porting guide for DNF GPG validation (ansible#71640)
69a0980 
* [docs] add porting guide for DNF GPG validation

Change:
- This was a breaking change (security fix), but I neglected to add a
  porting guide entry for it previously.

Tickets:
- Refs ansible#71537
- Refs ansible#71539
- Refs ansible#71540
- Refs ansible#71541

Signed-off-by: Rick Elrod <rick@elrod.me>

* changes from sivel

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 7a38c47)
acozine pushed a commit that referenced this pull request Sep 21, 2020
@samccann @guillaumevincent
@shufengh @devarops @Akasurde @relrod @shounak1 @roumano
[Docs][backport][2.10] Backportapalooza 12 (#71842)
b739bbe 
* Fix typo in the documentation (#71701)

Fix typo in the documentation: casting instead of casing

(cherry picked from commit 1a06587)

* Add how to run unit test link in testing_units_modules doc (#71523)

* Add how to run unit test link in testing_units_modules
* Fix sanity test

(cherry picked from commit 7a0e545)

* Fix typo in delveloping_plugins_network (#71737)

(cherry picked from commit 4bf61f0)

* Fix broken bullet list (#71728)

(cherry picked from commit 00ed5b1)

* vmware: Add docs for filters (#71670)

Add a scenario guide for filters in VMware documentation

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 7603343)

* [docs] add porting guide for DNF GPG validation (#71640)

* [docs] add porting guide for DNF GPG validation

Change:
- This was a breaking change (security fix), but I neglected to add a
  porting guide entry for it previously.

Tickets:
- Refs #71537
- Refs #71539
- Refs #71540
- Refs #71541

Signed-off-by: Rick Elrod <rick@elrod.me>

* changes from sivel

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 7a38c47)

* Fixed invalid urls inside guide_packet.rst and collections_using.rst (#71705)

* Fixed invalid urls inside guide_packet.rst and collections_using.rst

* Reverted fix for collections_using.rst

(cherry picked from commit c36e939)

* Update EXAMPLES in package_facts.py documentation (#71838)

this module is not limited to rpm , so remove rpm in tasks name

(cherry picked from commit 7f62b47)

* change duplicated label

(cherry picked from commit bcfead8)

Co-authored-by: Guillaume Vincent <guillaume@oslab.fr>
Co-authored-by: Amin Vakil <info@aminvakil.com>
Co-authored-by: Shufeng <fenghhk@gmail.com>
Co-authored-by: Evaristo Rojas <evaristo.rojas@islas.org.mx>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Shounak <25407872+shounak1@users.noreply.github.com>
Co-authored-by: roumano <roumano@gmail.com>
@ansible ansible locked and limited conversation to collaborators Sep 28, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
affects_2.10 This issue/PR affects Ansible v2.10 backport This PR does not target the devel branch. bug This issue/PR relates to a bug. core_review In order to be merged, this PR must follow the core review workflow. module This issue/PR relates to a module. packaging Packaging category support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@relrod @sivel @ansibot