Accepting request 816464 from systemsmanagement
update to 2.9.10 OBS-URL: https://build.opensuse.org/request/show/816464 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ansible?expand=0&rev=66
This commit is contained in:
commit
666c447331
@ -1,54 +0,0 @@
|
|||||||
From 0a85e91329d4c048e7e4b2cd478f2c17a3dac988 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Brian Coca <bcoca@users.noreply.github.com>
|
|
||||||
Date: Mon, 13 Apr 2020 17:16:29 -0400
|
|
||||||
Subject: [PATCH 1/4] avoid mkdir -p (#68921)
|
|
||||||
|
|
||||||
* also consolidated temp dir name generation, added pid for more 'uniqness'
|
|
||||||
* generalize error message
|
|
||||||
* added notes about remote expansion
|
|
||||||
|
|
||||||
CVE-2020-1733
|
|
||||||
fixes #67791
|
|
||||||
|
|
||||||
(cherry picked from commit 8077d8e40148fe77e2393caa5f2b2ea855149d63)
|
|
||||||
---
|
|
||||||
changelogs/fragments/remote_mkdir_fix.yml | 2 ++
|
|
||||||
lib/ansible/plugins/action/__init__.py | 11 ++++++++---
|
|
||||||
lib/ansible/plugins/shell/__init__.py | 14 ++++++++++----
|
|
||||||
lib/ansible/plugins/shell/powershell.py | 2 ++
|
|
||||||
4 files changed, 22 insertions(+), 7 deletions(-)
|
|
||||||
create mode 100644 changelogs/fragments/remote_mkdir_fix.yml
|
|
||||||
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/changelogs/fragments/remote_mkdir_fix.yml
|
|
||||||
@@ -0,0 +1,2 @@
|
|
||||||
+bugfixes:
|
|
||||||
+ - Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733
|
|
||||||
--- a/lib/ansible/plugins/action/__init__.py
|
|
||||||
+++ b/lib/ansible/plugins/action/__init__.py
|
|
||||||
@@ -340,7 +340,11 @@ class ActionBase(with_metaclass(ABCMeta,
|
|
||||||
else:
|
|
||||||
# NOTE: shell plugins should populate this setting anyways, but they dont do remote expansion, which
|
|
||||||
# we need for 'non posix' systems like cloud-init and solaris
|
|
||||||
- tmpdir = self._remote_expand_user(self.get_shell_option('remote_tmp', default='~/.ansible/tmp'), sudoable=False)
|
|
||||||
+ try:
|
|
||||||
+ tmpdir = self._connection._shell.get_option('remote_tmp')
|
|
||||||
+ except AnsibleError:
|
|
||||||
+ tmpdir = '~/.ansible/tmp'
|
|
||||||
+ tmpdir = self._remote_expand_user(tmpdir, sudoable=False)
|
|
||||||
|
|
||||||
become_unprivileged = self._is_become_unprivileged()
|
|
||||||
basefile = self._connection._shell._generate_temp_dir_name()
|
|
||||||
--- a/lib/ansible/plugins/shell/__init__.py
|
|
||||||
+++ b/lib/ansible/plugins/shell/__init__.py
|
|
||||||
@@ -79,6 +79,10 @@ class ShellBase(AnsiblePlugin):
|
|
||||||
def _generate_temp_dir_name():
|
|
||||||
return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48))
|
|
||||||
|
|
||||||
+ @staticmethod
|
|
||||||
+ def _generate_temp_dir_name():
|
|
||||||
+ return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48))
|
|
||||||
+
|
|
||||||
def env_prefix(self, **kwargs):
|
|
||||||
return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items()])
|
|
||||||
|
|
3
ansible-2.9.10.tar.gz
Normal file
3
ansible-2.9.10.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:0866f1432db1698758ca5753f2c1c2a8048823cc6f9ab4b7d03162c44febcacd
|
||||||
|
size 14237929
|
1
ansible-2.9.10.tar.gz.sha
Normal file
1
ansible-2.9.10.tar.gz.sha
Normal file
@ -0,0 +1 @@
|
|||||||
|
0866f1432db1698758ca5753f2c1c2a8048823cc6f9ab4b7d03162c44febcacd ansible-2.9.10.tar.gz
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:e83d84ae8bf131c0499d8a4c0e1144bf969454c43086e61cca3c224227df29d1
|
|
||||||
size 14222889
|
|
@ -1 +0,0 @@
|
|||||||
e83d84ae8bf131c0499d8a4c0e1144bf969454c43086e61cca3c224227df29d1 ansible-2.9.9.tar.gz
|
|
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jun 22 23:10:23 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||||||
|
|
||||||
|
- update to version 2.9.10 with many bug fixes.
|
||||||
|
- removed CVE-2020-1744_avoid_mkdir_p.patch obsoleted by upstream update
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu May 28 13:57:38 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
Thu May 28 13:57:38 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||||||
|
|
||||||
|
@ -220,7 +220,7 @@ Recommends: %{python}-six
|
|||||||
Recommends: sshpass
|
Recommends: sshpass
|
||||||
%endif
|
%endif
|
||||||
Name: ansible
|
Name: ansible
|
||||||
Version: 2.9.9
|
Version: 2.9.10
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: SSH-based configuration management, deployment, and task execution system
|
Summary: SSH-based configuration management, deployment, and task execution system
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
@ -229,9 +229,6 @@ URL: https://ansible.com/
|
|||||||
Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz
|
Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz
|
||||||
Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha
|
Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha
|
||||||
Source99: ansible-rpmlintrc
|
Source99: ansible-rpmlintrc
|
||||||
# PATCH-FIX-UPSTREAM CVE-2020-1744_avoid_mkdir_p.patch bsc#1171823 mcepl@suse.com
|
|
||||||
# gh#ansible/ansible#67791 avoid race condition and insecure directory creation
|
|
||||||
Patch0: CVE-2020-1744_avoid_mkdir_p.patch
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
# extented documentation
|
# extented documentation
|
||||||
%if 0%{?with_docs}
|
%if 0%{?with_docs}
|
||||||
@ -291,7 +288,6 @@ automatically.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n ansible-%{version}
|
%setup -q -n ansible-%{version}
|
||||||
%autopatch -p1
|
|
||||||
|
|
||||||
for file in .git_keep .travis.yml ; do
|
for file in .git_keep .travis.yml ; do
|
||||||
find . -name "$file" -delete
|
find . -name "$file" -delete
|
||||||
|
Loading…
Reference in New Issue
Block a user