From 2d9798ecee40e5baecbee4e2deadf7ba2f3fc9a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Mon, 22 Jun 2020 13:27:31 +0000 Subject: [PATCH 1/5] Accepting request 815919 from home:stroeder:branches:systemsmanagement - update to version 2.9.10 with many bug fixes. - removed obsolete patch CVE-2020-1744_avoid_mkdir_p.patch OBS-URL: https://build.opensuse.org/request/show/815919 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=185 --- ansible-2.9.10.tar.gz | 3 +++ ansible-2.9.10.tar.gz.sha | 1 + ansible-2.9.9.tar.gz | 3 --- ansible-2.9.9.tar.gz.sha | 1 - ansible.changes | 6 ++++++ ansible.spec | 6 +----- 6 files changed, 11 insertions(+), 9 deletions(-) create mode 100644 ansible-2.9.10.tar.gz create mode 100644 ansible-2.9.10.tar.gz.sha delete mode 100644 ansible-2.9.9.tar.gz delete mode 100644 ansible-2.9.9.tar.gz.sha diff --git a/ansible-2.9.10.tar.gz b/ansible-2.9.10.tar.gz new file mode 100644 index 0000000..bc40404 --- /dev/null +++ b/ansible-2.9.10.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0866f1432db1698758ca5753f2c1c2a8048823cc6f9ab4b7d03162c44febcacd +size 14237929 diff --git a/ansible-2.9.10.tar.gz.sha b/ansible-2.9.10.tar.gz.sha new file mode 100644 index 0000000..09f0949 --- /dev/null +++ b/ansible-2.9.10.tar.gz.sha @@ -0,0 +1 @@ +0866f1432db1698758ca5753f2c1c2a8048823cc6f9ab4b7d03162c44febcacd ansible-2.9.10.tar.gz diff --git a/ansible-2.9.9.tar.gz b/ansible-2.9.9.tar.gz deleted file mode 100644 index 4803b65..0000000 --- a/ansible-2.9.9.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e83d84ae8bf131c0499d8a4c0e1144bf969454c43086e61cca3c224227df29d1 -size 14222889 diff --git a/ansible-2.9.9.tar.gz.sha b/ansible-2.9.9.tar.gz.sha deleted file mode 100644 index ea5b145..0000000 --- a/ansible-2.9.9.tar.gz.sha +++ /dev/null @@ -1 +0,0 @@ -e83d84ae8bf131c0499d8a4c0e1144bf969454c43086e61cca3c224227df29d1 ansible-2.9.9.tar.gz diff --git a/ansible.changes b/ansible.changes index 609f13c..09a5203 100644 --- a/ansible.changes +++ b/ansible.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jun 19 09:21:12 UTC 2020 - Michael Ströder + +- update to version 2.9.10 with many bug fixes. +- removed obsolete patch CVE-2020-1744_avoid_mkdir_p.patch + ------------------------------------------------------------------- Thu May 28 13:57:38 UTC 2020 - Matej Cepl diff --git a/ansible.spec b/ansible.spec index 90475a3..fffe14c 100644 --- a/ansible.spec +++ b/ansible.spec @@ -220,7 +220,7 @@ Recommends: %{python}-six Recommends: sshpass %endif Name: ansible -Version: 2.9.9 +Version: 2.9.10 Release: 0 Summary: SSH-based configuration management, deployment, and task execution system License: GPL-3.0-or-later @@ -229,9 +229,6 @@ URL: https://ansible.com/ Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha Source99: ansible-rpmlintrc -# PATCH-FIX-UPSTREAM CVE-2020-1744_avoid_mkdir_p.patch bsc#1171823 mcepl@suse.com -# gh#ansible/ansible#67791 avoid race condition and insecure directory creation -Patch0: CVE-2020-1744_avoid_mkdir_p.patch BuildArch: noarch # extented documentation %if 0%{?with_docs} @@ -291,7 +288,6 @@ automatically. %prep %setup -q -n ansible-%{version} -%autopatch -p1 for file in .git_keep .travis.yml ; do find . -name "$file" -delete From d212db9bd7f7acc48495147f0dfb1e0e9dba6e2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Mon, 22 Jun 2020 14:25:31 +0000 Subject: [PATCH 2/5] update to version 2.9.10 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=186 --- ansible.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.changes b/ansible.changes index 09a5203..e41082d 100644 --- a/ansible.changes +++ b/ansible.changes @@ -2,7 +2,7 @@ Fri Jun 19 09:21:12 UTC 2020 - Michael Ströder - update to version 2.9.10 with many bug fixes. -- removed obsolete patch CVE-2020-1744_avoid_mkdir_p.patch +- removed patch for CVE-2020-1744 obsoleted by upstream update ------------------------------------------------------------------- Thu May 28 13:57:38 UTC 2020 - Matej Cepl From 353f876b82a4f635b7e38823246ba54e66339000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Mon, 22 Jun 2020 14:25:49 +0000 Subject: [PATCH 3/5] OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=187 --- ansible.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.changes b/ansible.changes index e41082d..5406e2e 100644 --- a/ansible.changes +++ b/ansible.changes @@ -1,5 +1,5 @@ ------------------------------------------------------------------- -Fri Jun 19 09:21:12 UTC 2020 - Michael Ströder +Mon Jun 22 14:25:45 UTC 2020 - Michael Ströder - update to version 2.9.10 with many bug fixes. - removed patch for CVE-2020-1744 obsoleted by upstream update From 855fe7cce6d0f3357d59c2f7e8affab389c4bfd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Mon, 22 Jun 2020 23:09:54 +0000 Subject: [PATCH 4/5] OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=188 --- CVE-2020-1744_avoid_mkdir_p.patch | 54 ------------------------------- 1 file changed, 54 deletions(-) delete mode 100644 CVE-2020-1744_avoid_mkdir_p.patch diff --git a/CVE-2020-1744_avoid_mkdir_p.patch b/CVE-2020-1744_avoid_mkdir_p.patch deleted file mode 100644 index 3bd138d..0000000 --- a/CVE-2020-1744_avoid_mkdir_p.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 0a85e91329d4c048e7e4b2cd478f2c17a3dac988 Mon Sep 17 00:00:00 2001 -From: Brian Coca -Date: Mon, 13 Apr 2020 17:16:29 -0400 -Subject: [PATCH 1/4] avoid mkdir -p (#68921) - -* also consolidated temp dir name generation, added pid for more 'uniqness' -* generalize error message -* added notes about remote expansion - -CVE-2020-1733 -fixes #67791 - -(cherry picked from commit 8077d8e40148fe77e2393caa5f2b2ea855149d63) ---- - changelogs/fragments/remote_mkdir_fix.yml | 2 ++ - lib/ansible/plugins/action/__init__.py | 11 ++++++++--- - lib/ansible/plugins/shell/__init__.py | 14 ++++++++++---- - lib/ansible/plugins/shell/powershell.py | 2 ++ - 4 files changed, 22 insertions(+), 7 deletions(-) - create mode 100644 changelogs/fragments/remote_mkdir_fix.yml - ---- /dev/null -+++ b/changelogs/fragments/remote_mkdir_fix.yml -@@ -0,0 +1,2 @@ -+bugfixes: -+ - Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733 ---- a/lib/ansible/plugins/action/__init__.py -+++ b/lib/ansible/plugins/action/__init__.py -@@ -340,7 +340,11 @@ class ActionBase(with_metaclass(ABCMeta, - else: - # NOTE: shell plugins should populate this setting anyways, but they dont do remote expansion, which - # we need for 'non posix' systems like cloud-init and solaris -- tmpdir = self._remote_expand_user(self.get_shell_option('remote_tmp', default='~/.ansible/tmp'), sudoable=False) -+ try: -+ tmpdir = self._connection._shell.get_option('remote_tmp') -+ except AnsibleError: -+ tmpdir = '~/.ansible/tmp' -+ tmpdir = self._remote_expand_user(tmpdir, sudoable=False) - - become_unprivileged = self._is_become_unprivileged() - basefile = self._connection._shell._generate_temp_dir_name() ---- a/lib/ansible/plugins/shell/__init__.py -+++ b/lib/ansible/plugins/shell/__init__.py -@@ -79,6 +79,10 @@ class ShellBase(AnsiblePlugin): - def _generate_temp_dir_name(): - return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48)) - -+ @staticmethod -+ def _generate_temp_dir_name(): -+ return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48)) -+ - def env_prefix(self, **kwargs): - return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items()]) - From ff0f5efd75bccf038a3869f89aeb4c436cc84de5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Mon, 22 Jun 2020 23:10:31 +0000 Subject: [PATCH 5/5] OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=189 --- ansible.changes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible.changes b/ansible.changes index 5406e2e..5c6e395 100644 --- a/ansible.changes +++ b/ansible.changes @@ -1,8 +1,8 @@ ------------------------------------------------------------------- -Mon Jun 22 14:25:45 UTC 2020 - Michael Ströder +Mon Jun 22 23:10:23 UTC 2020 - Michael Ströder - update to version 2.9.10 with many bug fixes. -- removed patch for CVE-2020-1744 obsoleted by upstream update +- removed CVE-2020-1744_avoid_mkdir_p.patch obsoleted by upstream update ------------------------------------------------------------------- Thu May 28 13:57:38 UTC 2020 - Matej Cepl