- update to version 2.9.18
* CVE-2021-20228 where default and fallback values for no_log parameters
to modules were not previously masked.
* CVE-2021-20178 where several parameters to the snmp_facts module were
logged and displayed despite containing sensitive information.
* CVE-2021-20180 where several parameters to the
bitbucket_pipeline_variable were logged and displayed despite
containing sensitive information.
* CVE-2021-20191 which addresses a number of modules whose parameters
were logged and displayed despite containing sensitive
information. For the full list of affected modules, refer to the
changelog linked below.
OBS-URL: https://build.opensuse.org/request/show/873716
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=202
- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733
(bsc#1164140)
- Add metadata information to this file to mark which SUSE
bugzilla have been already fixed.
- bsc#1164140 CVE-2020-1733 - insecure temporary directory when
running become_user from become directive
- bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe
lookup plugin subprocess
- bsc#1164137 CVE-2020-1735 - path injection on dest parameter
in fetch module
- bsc#1164134 CVE-2020-1736 atomic_move primitive sets
permissive permissions
- bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip
module does not check extracted path
- bsc#1164136 CVE-2020-1738 module package can be selected by
the ansible facts
- bsc#1164133 CVE-2020-1739 - svn module leaks password when
specified as a parameter
- bsc#1164135 CVE-2020-1740 - secrets readable after
ansible-vault edit
- bsc#1165393 CVE-2020-1746 - information disclosure issue in
ldap_attr and ldap_entry modules
- bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks
sensitive information
- CVE-2020-10684 - code injection when using ansible_facts as a subkey
- bsc#1167440 CVE-2020-10685 - modules which use files
encrypted with vault are not properly cleaned up
- CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
- update to version 2.9.6 (maintenance release) including
OBS-URL: https://build.opensuse.org/request/show/809080
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=183
- ran spec-cleaner
- remove old SUSE targets (SLE-11, Leap 42.3 and below)
This simplifies the spec file and makes building easier
- Additional required packages for building:
+ python-boto3 and python-botocore for Amazon EC2
+ python-jmespath for json queries
+ python-memcached for cloud modules and local caching of JSON
formatted, per host records
+ python-redis for cloud modules and local caching of JSON
formatted, per host records
+ python-requests for many web-based modules (cloud, network,
netapp)
=> as the need for those packages depends on the usage of the
tool, they are just recommended on openSUSE/SUSE machines
- made dependencies for gitlab, vmware and winrm modules configurable,
as most of their dependencies are not (yet) available on current
openSUSE/SUSE distributions
- exclude /usr/bin/pwsh from the automatic dependency generation,
as the Windows Power Shell is not available (yet) on openSUSE/SUSE
- build additional docs and split up ansible-doc package;
moving changelogs, contrib and example directories there
- prepare for building HTML documentation, but disable this per
default for the moment, as not all package dependencies are available
in openSUSE/SUSE (yet)
- package some test scripts with executable permissions
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=158
- Update to version 2.8.3:
Full changelog is packaged, but also at
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
- (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing
CVE-2019-10206: ansible-playbook -k and ansible cli tools
prompt passwords by expanding them from templates as they could
contain special characters. Passwords should be wrapped to
prevent templates trigger and exposing them.
- (bsc#1144453) Adds CVE-2019-10217-gcp-modules-sensitive-fields.patch
CVE-2019-10217: Fields managing sensitive data should be set as
such by no_log feature. Some of these fields in GCP modules are
not set properly. service_account_contents() which is common
class for all gcp modules is not setting no_log to True. Any
sensitive data managed by that function would be leak as an
output when running ansible playbooks.
- Update to version 2.8.1
Full changelog is at /usr/share/doc/packages/ansible/changelogs/
Bugfixes
--------
- ACI - DO not encode query_string
- ACI modules - Fix non-signature authentication
- Add missing directory provided via ``--playbook-dir`` to adjacent collection loading
- Fix "Interface not found" errors when using eos_l2_interface with nonexistant
interfaces configured
- Fix cannot get credential when `source_auth` set to `credential_file`.
- Fix netconf_config backup string issue
- Fix privilege escalation support for the docker connection plugin when
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=146
- Update to version 2.8.3:
Full changelog is packaged, but also at
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
- (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing
CVE-2019-10206: ansible-playbook -k and ansible cli tools
prompt passwords by expanding them from templates as they could
contain special characters. Passwords should be wrapped to
prevent templates trigger and exposing them.
- (bsc#1144453) Adds CVE-2019-10217-gcp-modules-sensitive-fields.patch
CVE-2019-10217: Fields managing sensitive data should be set as
such by no_log feature. Some of these fields in GCP modules are
not set properly. service_account_contents() which is common
class for all gcp modules is not setting no_log to True. Any
sensitive data managed by that function would be leak as an
output when running ansible playbooks.
OBS-URL: https://build.opensuse.org/request/show/721576
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=143
