From 34adb430df50693d9f042aa62cc908fc0be897cb Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Wed, 15 Jul 2015 09:24:10 +0000 Subject: [PATCH 1/2] - update to 1.9.2: - Security fixes to check that hostnames match certificates with https urls (CVE-2015-3908): + get_url and uri modules + url and etcd lookup plugins - Security fixes to the zone (Solaris containers), jail (bsd containers), and chroot connection plugins. These plugins can be used to connect to their respective container types in leiu of the standard ssh connection. Prior to this fix being applied these connection plugins didn't properly handle symlinks within the containers which could lead to files intended to be written to or read from the container being written to or read from the host system instead. (CVE pending) - Fixed a bug in the service module where init scripts were being incorrectly used instead of upstart/systemd. - Fixed a bug where sudo/su settings were not inherited from ansible.cfg correctly. - Fixed a bug in the rds module where a traceback may occur due to an unbound variable. - Fixed a bug where certain remote file systems where the SELinux context was not being properly set. - Re-enabled several windows modules which had been partially merged (via action plugins): + win_copy.ps1 + win_copy.py + win_file.ps1 + win_file.py + win_template.py - Fix bug using with_sequence and a count that is zero. Also allows counting backwards isntead of forwards OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=46 --- ansible-1.9.1.tar.gz | 3 --- ansible-1.9.2.tar.gz | 3 +++ ansible.changes | 41 +++++++++++++++++++++++++++++++++++++++++ ansible.spec | 2 +- 4 files changed, 45 insertions(+), 4 deletions(-) delete mode 100644 ansible-1.9.1.tar.gz create mode 100644 ansible-1.9.2.tar.gz diff --git a/ansible-1.9.1.tar.gz b/ansible-1.9.1.tar.gz deleted file mode 100644 index e611280..0000000 --- a/ansible-1.9.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a6f975d565723765a4d490ff40cede96833a745f38908def4950a0075f1973f5 -size 917471 diff --git a/ansible-1.9.2.tar.gz b/ansible-1.9.2.tar.gz new file mode 100644 index 0000000..791a133 --- /dev/null +++ b/ansible-1.9.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c25ef4738b08fdfb3094247c012f3fd1b29972acbd37f988070b2a85f5fbee00 +size 927525 diff --git a/ansible.changes b/ansible.changes index 941945d..f98212f 100644 --- a/ansible.changes +++ b/ansible.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Wed Jul 15 09:17:54 UTC 2015 - lars@linux-schulserver.de + +- update to 1.9.2: + - Security fixes to check that hostnames match certificates with + https urls (CVE-2015-3908): + + get_url and uri modules + + url and etcd lookup plugins + - Security fixes to the zone (Solaris containers), jail (bsd + containers), and chroot connection plugins. These plugins can be + used to connect to their respective container types in leiu of the + standard ssh connection. Prior to this fix being applied these + connection plugins didn't properly handle symlinks within the containers + which could lead to files intended to be written to or read from the + container being written to or read from the host system instead. (CVE + pending) + - Fixed a bug in the service module where init scripts were being + incorrectly used instead of upstart/systemd. + - Fixed a bug where sudo/su settings were not inherited from + ansible.cfg correctly. + - Fixed a bug in the rds module where a traceback may occur due to an + unbound variable. + - Fixed a bug where certain remote file systems where the SELinux + context was not being properly set. + - Re-enabled several windows modules which had been partially merged + (via action plugins): + + win_copy.ps1 + + win_copy.py + + win_file.ps1 + + win_file.py + + win_template.py + - Fix bug using with_sequence and a count that is zero. Also allows + counting backwards isntead of forwards + - Fix get_url module bug preventing use of custom ports with https + urls + - Fix bug disabling repositories in the yum module. + - Fix giving yum module a url to install a package from on + RHEL/CENTOS5 + - Fix bug in dnf module preventing it from working when yum-utils was + not already installed + ------------------------------------------------------------------- Tue Apr 28 19:03:01 UTC 2015 - boris@steki.net diff --git a/ansible.spec b/ansible.spec index 4ce6cc9..c0eb2f6 100644 --- a/ansible.spec +++ b/ansible.spec @@ -19,7 +19,7 @@ Name: ansible -Version: 1.9.1 +Version: 1.9.2 Release: 0 Summary: Radically simple IT automation License: GPL-3.0 From 7cc33e94d4529923814fa7befaa3a655252b4a43 Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Wed, 15 Jul 2015 09:27:14 +0000 Subject: [PATCH 2/2] add bnc number to CVE OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=47 --- ansible.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.changes b/ansible.changes index f98212f..2abd05e 100644 --- a/ansible.changes +++ b/ansible.changes @@ -3,7 +3,7 @@ Wed Jul 15 09:17:54 UTC 2015 - lars@linux-schulserver.de - update to 1.9.2: - Security fixes to check that hostnames match certificates with - https urls (CVE-2015-3908): + https urls (CVE-2015-3908; bnc #938161): + get_url and uri modules + url and etcd lookup plugins - Security fixes to the zone (Solaris containers), jail (bsd