From 507d69e36e3f396cf3dc199c750ee6fa79e8dbee Mon Sep 17 00:00:00 2001
From: Maxwell G <maxwell@gtmx.me>
Date: Thu, 1 Feb 2024 05:11:30 +0000
Subject: [PATCH] Update to 2.16.3. Fixes rhbz#2261507.

---
 .gitignore          |  2 ++
 CVE-2024-0690.patch | 85 ---------------------------------------------
 ansible-core.spec   |  9 ++---
 sources             |  4 +--
 4 files changed, 9 insertions(+), 91 deletions(-)
 delete mode 100644 CVE-2024-0690.patch

diff --git a/.gitignore b/.gitignore
index 22a1676..43194d4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -49,3 +49,5 @@
 /ansible-documentation-2.16.1.tar.gz
 /ansible-core-2.16.2.tar.gz
 /ansible-documentation-2.16.2.tar.gz
+/ansible-core-2.16.3.tar.gz
+/ansible-documentation-2.16.3.tar.gz
diff --git a/CVE-2024-0690.patch b/CVE-2024-0690.patch
deleted file mode 100644
index 0b541c8..0000000
--- a/CVE-2024-0690.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From b9a03bbf5a63459468baf8895ff74a62e9be4532 Mon Sep 17 00:00:00 2001
-From: Matt Martz <matt@sivel.net>
-Date: Thu, 18 Jan 2024 17:41:55 -0600
-Subject: [PATCH] [stable-2.16] Ensure ANSIBLE_NO_LOG is respected
- (CVE-2024-0690) (#82565) (#82566)
-
-(cherry picked from commit 6935c8e)
----
- changelogs/fragments/cve-2024-0690.yml            |  2 ++
- lib/ansible/playbook/base.py                      |  2 +-
- lib/ansible/playbook/play_context.py              |  4 ----
- test/integration/targets/no_log/no_log_config.yml | 13 +++++++++++++
- test/integration/targets/no_log/runme.sh          |  5 +++++
- 5 files changed, 21 insertions(+), 5 deletions(-)
- create mode 100644 changelogs/fragments/cve-2024-0690.yml
- create mode 100644 test/integration/targets/no_log/no_log_config.yml
-
-diff --git a/changelogs/fragments/cve-2024-0690.yml b/changelogs/fragments/cve-2024-0690.yml
-new file mode 100644
-index 00000000000000..0e030d88864ca5
---- /dev/null
-+++ b/changelogs/fragments/cve-2024-0690.yml
-@@ -0,0 +1,2 @@
-+security_fixes:
-+- ANSIBLE_NO_LOG - Address issue where ANSIBLE_NO_LOG was ignored (CVE-2024-0690)
-diff --git a/lib/ansible/playbook/base.py b/lib/ansible/playbook/base.py
-index d08b826772bcfc..81ce502b9c3886 100644
---- a/lib/ansible/playbook/base.py
-+++ b/lib/ansible/playbook/base.py
-@@ -731,7 +731,7 @@ class Base(FieldAttributeBase):
- 
-     # flags and misc. settings
-     environment = FieldAttribute(isa='list', extend=True, prepend=True)
--    no_log = FieldAttribute(isa='bool')
-+    no_log = FieldAttribute(isa='bool', default=C.DEFAULT_NO_LOG)
-     run_once = FieldAttribute(isa='bool')
-     ignore_errors = FieldAttribute(isa='bool')
-     ignore_unreachable = FieldAttribute(isa='bool')
-diff --git a/lib/ansible/playbook/play_context.py b/lib/ansible/playbook/play_context.py
-index d9bb040ed0e810..af65e86f496ed9 100644
---- a/lib/ansible/playbook/play_context.py
-+++ b/lib/ansible/playbook/play_context.py
-@@ -318,10 +318,6 @@ def set_task_and_variable_override(self, task, variables, templar):
-             display.warning('The "%s" connection plugin has an improperly configured remote target value, '
-                             'forcing "inventory_hostname" templated value instead of the string' % new_info.connection)
- 
--        # set no_log to default if it was not previously set
--        if new_info.no_log is None:
--            new_info.no_log = C.DEFAULT_NO_LOG
--
-         if task.check_mode is not None:
-             new_info.check_mode = task.check_mode
- 
-diff --git a/test/integration/targets/no_log/no_log_config.yml b/test/integration/targets/no_log/no_log_config.yml
-new file mode 100644
-index 00000000000000..8a5088059db424
---- /dev/null
-+++ b/test/integration/targets/no_log/no_log_config.yml
-@@ -0,0 +1,13 @@
-+- hosts: testhost
-+  gather_facts: false
-+  tasks:
-+    - debug:
-+      no_log: true
-+
-+    - debug:
-+      no_log: false
-+
-+    - debug:
-+
-+    - debug:
-+      loop: '{{ range(3) }}'
-diff --git a/test/integration/targets/no_log/runme.sh b/test/integration/targets/no_log/runme.sh
-index 795730bddd78f4..bf764bf9abc588 100755
---- a/test/integration/targets/no_log/runme.sh
-+++ b/test/integration/targets/no_log/runme.sh
-@@ -19,3 +19,8 @@ set -eux
- 
- # test invalid data passed to a suboption
- [ "$(ansible-playbook no_log_suboptions_invalid.yml -i ../../inventory -vvvvv "$@" | grep -Ec '(SUPREME|IDIOM|MOCKUP|EDUCATED|FOOTREST|CRAFTY|FELINE|CRYSTAL|EXPECTANT|AGROUND|GOLIATH|FREEFALL)')" = "0" ]
-+
-+# test variations on ANSIBLE_NO_LOG
-+[ "$(ansible-playbook no_log_config.yml -i ../../inventory -vvvvv "$@" | grep -Ec 'the output has been hidden')" = "1" ]
-+[ "$(ANSIBLE_NO_LOG=0 ansible-playbook no_log_config.yml -i ../../inventory -vvvvv "$@" | grep -Ec 'the output has been hidden')" = "1" ]
-+[ "$(ANSIBLE_NO_LOG=1 ansible-playbook no_log_config.yml -i ../../inventory -vvvvv "$@" | grep -Ec 'the output has been hidden')" = "6" ]
diff --git a/ansible-core.spec b/ansible-core.spec
index 0461b5d..10a52ad 100644
--- a/ansible-core.spec
+++ b/ansible-core.spec
@@ -14,9 +14,9 @@
 
 Name: ansible-core
 Summary: A radically simple IT automation system
-Version: 2.16.2
+Version: 2.16.3
 %global uversion %{version_no_tilde %{quote:%nil}}
-Release: 4%{?dist}
+Release: 1%{?dist}
 # The main license is GPLv3+. Many of the files in lib/ansible/module_utils
 # are BSD licensed. There are various files scattered throughout the codebase
 # containing code under different licenses.
@@ -24,8 +24,6 @@ License: GPL-3.0-or-later AND BSD-2-Clause AND PSF-2.0 AND MIT AND Apache-2.0
 
 Source0: https://github.com/ansible/ansible/archive/v%{uversion}/%{name}-%{uversion}.tar.gz
 Source1: https://github.com/ansible/ansible-documentation/archive/v%{uversion}/ansible-documentation-%{uversion}.tar.gz
-# Ensure ANSIBLE_NO_LOG is respected (CVE-2024-0690) (#82565) (#82566)
-Patch: https://github.com/ansible/ansible/commit/b9a03bbf5a63459468baf8895ff74a62e9be4532.patch#/CVE-2024-0690.patch
 
 Url: https://ansible.com
 BuildArch: noarch
@@ -269,6 +267,9 @@ install -Dpm 0644 licenses/* -t %{buildroot}%{_pkglicensedir}
 
 
 %changelog
+* Thu Feb 01 2024 Maxwell G <maxwell@gtmx.me> - 2.16.3-1
+- Update to 2.16.3. Fixes rhbz#2261507.
+
 * Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.16.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff --git a/sources b/sources
index e4315a2..d2cc7c9 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (ansible-core-2.16.2.tar.gz) = e76ee6de939ca09923cc7e19956ef2a673426059b4eb8bc9ae34c14b1b84248ac927daa68a0ef48adc94f28909c042be3be50cc1f6359feab1f9e257969a202c
-SHA512 (ansible-documentation-2.16.2.tar.gz) = 1db81bfdbe66056c9b3d972e535bfd19207a093a88340bea80af37684cf5f69d767cc6eaec99f0ef4eb1446c6f5cab6742f74b8e8d80461e51c633095fd3dbf7
+SHA512 (ansible-core-2.16.3.tar.gz) = 2bc88dbd2d30e50cb999bf8c744070accc042a2c4f1317558ee3edae45592002a0595ba57c3d89d1cc92e512d462734a241e3e392475326d44b8c2ee3c4aa0b0
+SHA512 (ansible-documentation-2.16.3.tar.gz) = c073b0b961e38bee560be78e2c12534facec891f6e375df14fdcaf99241f711cf6955ee58b936f7f23ab62a732d2dbde5fd279976989be06e747c2bf3db41661