Bug#1112256: trixie-pu: package ansible-core/2.19.1-0+deb13u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1112256: trixie-pu: package ansible-core/2.19.1-0+deb13u1
From: Lee Garrett <debian@rocketjump.eu>
Date: Wed, 27 Aug 2025 23:51:55 +0200
Message-id: <[🔎] 175633151534.242783.14451334631702979814.reportbug@batou>
Reply-to: Lee Garrett <debian@rocketjump.eu>, 1112256@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: ansible-core@packages.debian.org, debian@rocketjump.eu
Control: affects -1 + src:ansible-core
User: release.debian.org@packages.debian.org
Usertags: pu

(Please provide enough information to help the release team
to judge the request efficiently. E.g. by filling in the
sections below.)

[ Reason ]
This is a follow-up for #1110092. This updates ansible-core from the
2.19.0~beta6-1 to the first upstream bugfix release. I have reviewed the changes
since #1110092 from 2.19.0 to 2.19.1 and approve them.

[ Impact ]
If rejecting this update, users will have a more buggy version of ansible-core
since between trixie and t-p-u a bunch of regressions were fixed. In particular,
it fixes one remaining issue that was reported by Martina Ferrari
(tina@debian.org):

https://github.com/ansible/ansible/issues/85204
https://bugs.debian.org/1106362

[ Tests ]
ansible-core itself has stellar upstream test coverage, and those unit and
integration tests are run via autopkgtest by me before every upload. I have also
manually tested this release extensively with my setup and have found no
bugs/regressions. On top of that Max Vozeler <xam@debian.org> has tested this
version with his playbook at work and reported back no problems.


[ Risks ]
The jump from beta6 to beta7 had the last larger internal code changes. 2.19
introduced a new data tagging feature which provides a new layer of security
preventing a type of security issue that ansible versions <= 2.18 were affected
by (namely double-templating of untrusted data). As such, the debdiff will
appear quite large.

I however believe that following the upstream bugfix releases is the way to go,
as backporting any future security fixes to 2.19.0~beta6-1 risk an even greater
chance of regressions or incomplete fixes.


[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
This update pulls the latest release from the upstream release branch.
The list of changes is verbosely documented here:
https://github.com/ansible/ansible/blob/stable-2.19/changelogs/CHANGELOG-v2.19.rst

[ Other info ]
If you have any follow-up questions don't hesitate to ask. I tried my best to
provide the info I think the release team needs to make a decision.

Reply to:

Follow-Ups:
- Processed: trixie-pu: package ansible-core/2.19.1-0+deb13u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: trixie-pu: package ansible-core/2.19.1-0+deb13u1
Next by Date: NEW changes in oldstable-new
Previous by thread: Processed: Re: Bug#1112252: bookworm-pu: package libarchive/3.6.2-1+deb12u3
Next by thread: Processed: trixie-pu: package ansible-core/2.19.1-0+deb13u1
Index(es):
- Date
- Thread