Your message dated Thu, 07 Nov 2024 17:04:27 +0000
with message-id <e1t95vn-0006lj...@fasolo.debian.org>
and subject line Bug#1086551: fixed in ansible-core 2.17.5-5
has caused the Debian Bug report #1086551,
regarding ansible-core: uninstallable in unstable: Depends: python3-resolvelib
(< 1.1.0)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1086551: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086551
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ansible-core
Version: 2.17.5-4
Severity: grave
Tags: upstream
Justification: renders package unusable
Forwarded: https://github.com/ansible/ansible/issues/84217
X-Debbugs-Cc: python-resolve...@packages.debian.org, by...@debian.org
$ podman run --rm -it debian:sid-slim
# apt upate
# apt upgrade
# apt install ansible-core
…
Unsatisfied dependencies:
ansible-core : Depends: python3-resolvelib (< 1.1.0) but it is not going to be
installed
It looks as though this restriction was intentionally added by upstream:
> # NOTE: resolvelib 0.x version bumps should be considered major/breaking
> # NOTE: and we should update the upper cap with care, at least until 1.0
> # NOTE: Ref: https://github.com/sarugaku/resolvelib/issues/69
> # NOTE: When updating the upper bound, also update the latest version used
> # NOTE: in the ansible-galaxy-collection test suite.
> resolvelib >= 0.5.3, < 1.1.0 # dependency resolver used by ansible-galaxy
— https://github.com/ansible/ansible/blob/devel/requirements.txt
I've reported the incompatibility upstream, please see above for issue URL.
Thanks,
smcv
--- End Message ---
--- Begin Message ---
Source: ansible-core
Source-Version: 2.17.5-5
Done: Colin Watson <cjwat...@debian.org>
We believe that the bug you reported is fixed in the latest version of
ansible-core, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1086...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated ansible-core package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 07 Nov 2024 16:36:31 +0000
Source: ansible-core
Architecture: source
Version: 2.17.5-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Closes: 1082851 1086551
Changes:
ansible-core (2.17.5-5) unstable; urgency=medium
.
* Team upload.
.
[ Bastien Roucariès ]
* Fix CVE-2024-8775: A flaw was found in Ansible,
where sensitive information stored in Ansible Vault
files can be exposed in plaintext during the execution
of a playbook. This occurs when using tasks such as
include_vars to load vaulted variables without
setting the no_log: true parameter, resulting in
sensitive data being printed in the playbook output
or logs. This can lead to the unintentional disclosure
of secrets like passwords or API keys, compromising
security and potentially allowing unauthorized
access or actions.
(Closes: #1082851)
* Bump resolvelib dependency to << 1.2 (Closes: #1086551)
.
[ Colin Watson ]
* Disable a few tests until https://pypi.org/project/ansible-core/ is
updated with upstream's resolvelib dependency change.
Checksums-Sha1:
817647ba3a219631f1caa834ba9a4e3c46314510 2593 ansible-core_2.17.5-5.dsc
51f05fd12de9811bc0ba61707f79053102c3ae13 29328
ansible-core_2.17.5-5.debian.tar.xz
Checksums-Sha256:
33cb37ee5f8eaf776c03f43ba6b74e244f50b3f972f50067a4e3edbedaec171b 2593
ansible-core_2.17.5-5.dsc
f93a6d46b37f545bf3e26dc3eb6672545d30dcb6c9c13f91693fe5319b1ba3d2 29328
ansible-core_2.17.5-5.debian.tar.xz
Files:
3cccb7a278cf7adc744732535a29e86d 2593 admin optional ansible-core_2.17.5-5.dsc
7e43ee0efcb2738d47299eb56ef3227d 29328 admin optional
ansible-core_2.17.5-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmcs7WIACgkQOTWH2X2G
UAub+w/9FaayR/8KnEMpqULNo0Ue4f8aMXuNxO+98wfZh7S3jHUgFr37c4YUGfch
YnFsBnVIswGuczTx+2fTEq4zyjh3BBxBLW4iv8bwxG7QISi9JAvCSoMcJx64h2Lq
rAOmy9PCiP9QuEGmzrZ9mStM8esa5TcFFFafbykRFeiAbMZtb/MUaEX/1AU6Tb8Y
jRtt7+PJzHKpClb5mM6FWs1j6PN/9IO0VXsu6xkcR9pGoU7DG+B3LDdjaHedyOUZ
2LL21gjsHusQPEqiUFKUXxltH2l2cAXGdpwuVpp31t7dUwwFJOW7gMcE9pZJIvm8
68R3f8eN/4uy3m+hJG+p2Y/cs7jdUTOSNFIbJw/BKPNjjTcVAo4G+/UlTdhmdnrS
X9YnjBLBKmK0rJ3mpYf1L+Upz9Omi5WfzZj4A8fiunva1WLlFL8mISeIBNfRYyZS
63PHvF8+4DgjWSQFDaydGaSZ8ptANx7rACdCRZrtll3UH+mQMZg4XcPlki4VZWyP
Ke7wOxvqUsSGLc7Ojk/3PG6R0BscKVp215ZVSv6e7Jr3g/6Z15WgXUNhqgKytixf
JDjNvfVHIDPzBMDPR6fvTt7bklTJRpG9sR7ibGH4BLQf46F/wnVNkg2/lOZKoDF6
l7oR88tzvC/i6VabUCw1C14DNAhIbsm2lbjKaJkN5PbkghnJZ6E=
=QKa/
-----END PGP SIGNATURE-----
pgpGR6SnGEWUy.pgp
Description: PGP signature
--- End Message ---
