ansible/ansible.spec

85 lines
2.7 KiB
RPMSpec
Raw Normal View History

#
# spec file for package ansible
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Accepting request 809080 from home:mcepl:branches:systemsmanagement - Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140) - Add metadata information to this file to mark which SUSE bugzilla have been already fixed. - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] - update to version 2.9.6 (maintenance release) including OBS-URL: https://build.opensuse.org/request/show/809080 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=183
2020-05-26 23:14:44 +02:00
Name: ansible
Version: 6.5.0
Accepting request 809080 from home:mcepl:branches:systemsmanagement - Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140) - Add metadata information to this file to mark which SUSE bugzilla have been already fixed. - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] - update to version 2.9.6 (maintenance release) including OBS-URL: https://build.opensuse.org/request/show/809080 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=183
2020-05-26 23:14:44 +02:00
Release: 0
Summary: Radically simple IT automation
License: GPL-3.0+
Accepting request 809080 from home:mcepl:branches:systemsmanagement - Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140) - Add metadata information to this file to mark which SUSE bugzilla have been already fixed. - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] - update to version 2.9.6 (maintenance release) including OBS-URL: https://build.opensuse.org/request/show/809080 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=183
2020-05-26 23:14:44 +02:00
URL: https://ansible.com/
Source: https://files.pythonhosted.org/packages/source/a/ansible/ansible-%{version}.tar.gz
Accepting request 809080 from home:mcepl:branches:systemsmanagement - Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140) - Add metadata information to this file to mark which SUSE bugzilla have been already fixed. - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] - update to version 2.9.6 (maintenance release) including OBS-URL: https://build.opensuse.org/request/show/809080 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=183
2020-05-26 23:14:44 +02:00
Source99: ansible-rpmlintrc
BuildRequires: python3-rpm-macros
BuildRequires: python3-setuptools
BuildRequires: fdupes
# required to fix the azure collection line endings
BuildRequires: dos2unix
# SECTION test requirements
BuildRequires: ansible-core >= 2.13.5
# /SECTION
Requires: ansible-core >= 2.13.5
BuildArch: noarch
%description
Ansible is a radically simple model-driven configuration management, multi-node
deployment, and remote task execution system. Ansible works over SSH and does
not require any software or daemons to be installed on remote nodes. Extension
modules can be written in any language and are transferred to managed machines
automatically.
%prep
%setup -q -n ansible-%{version}
Accepting request 809080 from home:mcepl:branches:systemsmanagement - Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140) - Add metadata information to this file to mark which SUSE bugzilla have been already fixed. - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] - update to version 2.9.6 (maintenance release) including OBS-URL: https://build.opensuse.org/request/show/809080 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=183
2020-05-26 23:14:44 +02:00
for file in .git_keep .travis.yml ; do
find . -name "$file" -delete
done
# fix for wrong shebang:
sed -i 's|/Users/kbreit/Documents/Programming/ansible_collections/cisco/meraki/venv/bin/python|%{_bindir}/python3|g' ansible_collections/cisco/meraki/scripts/sublime-build/build.py.generic
# Replace all #!/usr/bin/env lines to use #!/usr/bin/$1 directly.
find ./ -type f -exec \
sed -i '1s|^#!%{_bindir}/env |#!%{_bindir}/|' {} \;
find ./ -type f -exec \
sed -i '1s|python$|python3|' {} \;
# remove .keep and .gitignore files
find ./ansible_collections/ -iname .gitignore -delete
find ./ansible_collections/ -iname .keep -delete
# azure collection has wrong file endings
find ./ansible_collections/azure -type f -exec dos2unix {} \;
%build
python3 setup.py build
%install
python3 setup.py install --prefix=%{_prefix} --root=%{buildroot}
%fdupes %{buildroot}/%{python_sitelib}/ansible_collections/
%files
%doc CHANGELOG-v6.rst README.rst
%license COPYING
%{_bindir}/ansible-community
Accepting request 263653 from home:bmanojlovic:ansible - updated package to latest release ## 1.8.1 "You Really Got Me" * Various bug fixes in postgresql and mysql modules. * Fixed a bug related to lookup plugins used within roles not finding files based on the relative paths to the roles files/ directory. * Fixed a bug related to vars specified in plays being templated too early, resulting in incorrect variable interpolation. * Fixed a bug related to git submodules in bare repos. * fact caching support, pluggable, initially supports Redis (DOCS pending) * 'serial' size in a rolling update can be specified as a percentage * added new Jinja2 filters, 'min' and 'max' that take lists * new 'ansible_version' variable available contains a dictionary of version info * For ec2 dynamic inventory, ec2.ini can has various new configuration options * 'ansible vault view filename.yml' opens filename.yml decrypted in a pager. * no_log parameter now surpressess data from callbacks/output as well as syslog * ansible-galaxy install -f requirements.yml allows advanced options and installs from non-galaxy SCM sources and tarballs. * command_warnings feature will warn about when usage of the shell/command module can be simplified to use core modules - this can be enabled in ansible.cfg * new omit value can be used to leave off a parameter when not set, like so module_name: a=1 b={{ c | default(omit) }}, would not pass value for b (not even an empty value) if c was not set. * developers: 'baby JSON' in module responses, originally intended for writing modules in bash, is removed as a feature to simplify logic, script module remains available for running bash scripts. * async jobs started in "fire & forget" mode can now be checked on at a later time. * added ability to subcategorize modules for docs.ansible.com * added ability for shipped modules to have aliases with symlinks * added ability to deprecate older modules by starting with "_" and including "deprecated: message why" in module docs + New Modules: OBS-URL: https://build.opensuse.org/request/show/263653 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=33
2014-12-01 19:05:08 +01:00
%{python_sitelib}/*
%changelog