Accepting request 794987 from home:stroeder:branches:systemsmanagement

update to version 2.9.7 OBS-URL: https://build.opensuse.org/request/show/794987 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=169
2020-04-23 15:33:08 +00:00 · 2020-04-23 15:33:08 +00:00 · e76bc3ef7f
commit e76bc3ef7f
parent fb51e7cd29
6 changed files with 21 additions and 5 deletions
--- a/ansible-2.9.6.tar.gz
+++ b/ansible-2.9.6.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:59cf3a0781f89992d1dae5205b07e802dff1db205eebd238de9e503b62b8cbc9
-size 14201258
--- a/ansible-2.9.6.tar.gz.sha
+++ b/ansible-2.9.6.tar.gz.sha
@ -1 +0,0 @@
-59cf3a0781f89992d1dae5205b07e802dff1db205eebd238de9e503b62b8cbc9  ansible-2.9.6.tar.gz
--- a/ansible-2.9.7.tar.gz
+++ b/ansible-2.9.7.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7222ce925536a25b2912364e13b03a3e21dbf2f96799ebff304f48509324de7b
+size 14215538
--- a/ansible-2.9.7.tar.gz.sha
+++ b/ansible-2.9.7.tar.gz.sha
@ -0,0 +1 @@
+7222ce925536a25b2912364e13b03a3e21dbf2f96799ebff304f48509324de7b  ansible-2.9.7.tar.gz
--- a/ansible.changes
+++ b/ansible.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Fri Apr 17 06:49:56 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- update to version 2.9.7 with many bug fixes,
+  especially for these security issues:
+  * CVE-2020-1733  - insecure temporary directory when running become_user from become directive
+  * CVE-2020-1735  - path injection on dest parameter in fetch module
+  * CVE-2020-1737  - Extract-Zip function in win_unzip module does not check extracted path
+  * CVE-2020-1739  - svn module leaks password when specified as a parameter
+  * CVE-2020-1740  - secrets readable after ansible-vault edit
+  * CVE-2020-1746  - information disclosure issue in ldap_attr and ldap_entry modules
+  * CVE-2020-1753  - kubectl connection plugin leaks sensitive information [1]
+  * CVE-2020-10684 - code injection when using ansible_facts as a subkey
+  * CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up
+  * CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
+
 -------------------------------------------------------------------
 Mon Apr  6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6

--- a/ansible.spec
+++ b/ansible.spec
@ -55,7 +55,7 @@


 Name:           ansible
-Version:        2.9.6
+Version:        2.9.7
 Release:        0
 Summary:        SSH-based configuration management, deployment, and task execution system
 License:        GPL-3.0-or-later
				`@ -1 +0,0 @@`
				`59cf3a0781f89992d1dae5205b07e802dff1db205eebd238de9e503b62b8cbc9 ansible-2.9.6.tar.gz`
				`@ -0,0 +1 @@`
				`7222ce925536a25b2912364e13b03a3e21dbf2f96799ebff304f48509324de7b ansible-2.9.7.tar.gz`