Accepting request 873716 from home:stroeder:branches:systemsmanagement

- update to version 2.9.18 * CVE-2021-20228 where default and fallback values for no_log parameters to modules were not previously masked. * CVE-2021-20178 where several parameters to the snmp_facts module were logged and displayed despite containing sensitive information. * CVE-2021-20180 where several parameters to the bitbucket_pipeline_variable were logged and displayed despite containing sensitive information. * CVE-2021-20191 which addresses a number of modules whose parameters were logged and displayed despite containing sensitive information. For the full list of affected modules, refer to the changelog linked below. OBS-URL: https://build.opensuse.org/request/show/873716 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=202
2021-02-19 10:39:23 +00:00 · 2021-02-19 10:39:23 +00:00 · f042d82a63
commit f042d82a63
parent 2a94455f13
6 changed files with 21 additions and 5 deletions
--- a/ansible-2.9.17.tar.gz
+++ b/ansible-2.9.17.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d78b46d647d91dd478ba7f43baf36ffa27f9a5992b826b16a6cc15cf993f19dc
-size 14251861
--- a/ansible-2.9.17.tar.gz.sha
+++ b/ansible-2.9.17.tar.gz.sha
@ -1 +0,0 @@
-d78b46d647d91dd478ba7f43baf36ffa27f9a5992b826b16a6cc15cf993f19dc  ansible-2.9.17.tar.gz
--- a/ansible-2.9.18.tar.gz
+++ b/ansible-2.9.18.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:55fee77729eab2dce854c94a7b6998f0fcb7b9a053bdaa7eb4057f01a0d5d93c
+size 14258092
--- a/ansible-2.9.18.tar.gz.sha
+++ b/ansible-2.9.18.tar.gz.sha
@ -0,0 +1 @@
+55fee77729eab2dce854c94a7b6998f0fcb7b9a053bdaa7eb4057f01a0d5d93c  ansible-2.9.18.tar.gz
--- a/ansible.changes
+++ b/ansible.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Fri Feb 19 08:40:14 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- update to version 2.9.18
+  * CVE-2021-20228 where default and fallback values for no_log parameters
+    to modules were not previously masked.
+  * CVE-2021-20178 where several parameters to the snmp_facts module were
+    logged and displayed despite containing sensitive information.
+  * CVE-2021-20180 where several parameters to the
+    bitbucket_pipeline_variable were logged and displayed despite
+    containing sensitive information.
+  * CVE-2021-20191 which addresses a number of modules whose parameters
+    were logged and displayed despite containing sensitive
+    information. For the full list of affected modules, refer to the
+    changelog linked below.
+  
 -------------------------------------------------------------------
 Tue Jan 19 00:48:05 UTC 2021 - Michael Ströder <michael@stroeder.com>

--- a/ansible.spec
+++ b/ansible.spec
@ -222,7 +222,7 @@ Recommends:     %{python}-six
 Recommends:     sshpass
 %endif
 Name:           ansible
-Version:        2.9.17
+Version:        2.9.18
 Release:        0
 Summary:        SSH-based configuration management, deployment, and task execution system
 License:        GPL-3.0-or-later
				`@ -1 +0,0 @@`
				`d78b46d647d91dd478ba7f43baf36ffa27f9a5992b826b16a6cc15cf993f19dc ansible-2.9.17.tar.gz`
				`@ -0,0 +1 @@`
				`55fee77729eab2dce854c94a7b6998f0fcb7b9a053bdaa7eb4057f01a0d5d93c ansible-2.9.18.tar.gz`