Accepting request 826038 from systemsmanagement

update to 2.9.12 including back-port patch fixing a regression in 2.9.12

OBS-URL: https://build.opensuse.org/request/show/826038
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ansible?expand=0&rev=69

ansible-2.9.11.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:88f9d033ece7fd51eca3abb4f02e13b63c924b97f9705a997d5a711c0cf42ab1
-size 14243995

ansible-2.9.11.tar.gz.sha

@@ -1 +0,0 @@
-88f9d033ece7fd51eca3abb4f02e13b63c924b97f9705a997d5a711c0cf42ab1  ansible-2.9.11.tar.gz

ansible-2.9.12.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7e95ddf719190b068fafc7d7c7877c218054cc5da4f6d9d794faf7bc66dab774
+size 14260349

ansible-2.9.12.tar.gz.sha

@@ -0,0 +1 @@
+7e95ddf719190b068fafc7d7c7877c218054cc5da4f6d9d794faf7bc66dab774  ansible-2.9.12.tar.gz

ansible.changes

@@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Wed Aug 12 12:44:52 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- added fix-cron-regression-71207.patch
+
+-------------------------------------------------------------------
+Tue Aug 11 05:09:36 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- update to version 2.9.12 with many bug fixes,
+  most notably the following security fixes:
+  * security issue - copy - Redact the value of the no_log 'content' 
+    parameter in the result's invocation.module_args in check mode. 
+    Previously when used with check mode and with '-vvv', the module would 
+    not censor the content if a change would be made to the destination path. 
+    (CVE-2020-14332)
+  * security issue atomic_move - change default permissions when creating 
+    temporary files so they are not world readable 
+    (https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736)
+  * Fix warning for default permission change when no mode is specified. 
+    Follow up to https://github.com/ansible/ansible/issues/67794. 
+    (CVE-2020-1736)
+  * Sanitize no_log values from any response keys that might be returned 
+    from the uri module (CVE-2020-14330).
+  * reset logging level to INFO due to CVE-2019-14846.
+
 -------------------------------------------------------------------
 Tue Jul 21 04:48:11 UTC 2020 - Michael Ströder <michael@stroeder.com>
 

ansible.spec

@@ -220,7 +220,7 @@ Recommends:     %{python}-six
 Recommends:     sshpass
 %endif
 Name:           ansible
-Version:        2.9.11
+Version:        2.9.12
 Release:        0
 Summary:        SSH-based configuration management, deployment, and task execution system
 License:        GPL-3.0-or-later
@@ -229,6 +229,7 @@ URL:            https://ansible.com/
 Source:         https://releases.ansible.com/ansible/ansible-%{version}.tar.gz
 Source1:        https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha
 Source99:       ansible-rpmlintrc
+Patch1:         fix-cron-regression-71207.patch
 BuildArch:      noarch
 # extented documentation
 %if 0%{?with_docs}
@@ -288,6 +289,7 @@ automatically.
 
 %prep
 %setup -q -n ansible-%{version}
+%patch1 -p1
 
 for file in .git_keep .travis.yml ; do
   find . -name "$file" -delete

fix-cron-regression-71207.patch

@@ -0,0 +1,11 @@
+diff -ur ansible-2.9.12.orig/lib/ansible/modules/system/cron.py ansible-2.9.12/lib/ansible/modules/system/cron.py
+--- ansible-2.9.12.orig/lib/ansible/modules/system/cron.py	2020-08-11 05:22:08.000000000 +0200
++++ ansible-2.9.12/lib/ansible/modules/system/cron.py	2020-08-12 14:42:34.519669206 +0200
+@@ -258,6 +258,7 @@
+             try:
+                 f = open(self.b_cron_file, 'rb')
+                 self.n_existing = to_native(f.read(), errors='surrogate_or_strict')
++                self.lines = self.n_existing.splitlines()
+                 f.close()
+             except IOError:
+                 # cron file does not exist