svn commit: r531978 - in head/sysutils: ansible ansible/files ansible23 ansible24 ansible25 ansible26 ansible27
Muhammad Moinur Rahman
bofh at FreeBSD.org
Fri Apr 17 22:31:58 UTC 2020
Author: bofh
Date: Fri Apr 17 22:31:56 2020
New Revision: 531978
URL: https://svnweb.freebsd.org/changeset/ports/531978
Log:
sysutils/ansible: Multiple Vulnerabilities fix
- Update ansible 2.8.7=>2.8.11
- Update ansible27 2.7.15=>2.7.17
- For ansible27 add fixes [1]
- Rudimentary detection of the virtual platforms
- playbook hangs without ASSUME_ALWAYS_YES for pkgng
- Fix zpool snapshot cloning
- Fix `doas` password authentication
- Mark ansible26, ansible25, ansible24 and ansible23 DEPRECATED without
EXPIRATION_DATE for MFH
PR: 241734 233970 [1]
Submitted by: timur [1]
Reported by: ncrogers at gmail.com
Approved by: portmgr (maintainer timeout, > 14 days)
MFH: 2020Q2 (bugfix release)
Security: CVE-2020-1737
Security: CVE-2020-1739
Security: CVE-2020-1740
Added:
head/sysutils/ansible/files/extra-patch-27 (contents, props changed)
Modified:
head/sysutils/ansible/Makefile
head/sysutils/ansible/distinfo
head/sysutils/ansible23/Makefile
head/sysutils/ansible24/Makefile
head/sysutils/ansible25/Makefile
head/sysutils/ansible26/Makefile
head/sysutils/ansible27/Makefile
head/sysutils/ansible27/distinfo
Modified: head/sysutils/ansible/Makefile
==============================================================================
--- head/sysutils/ansible/Makefile Fri Apr 17 22:29:36 2020 (r531977)
+++ head/sysutils/ansible/Makefile Fri Apr 17 22:31:56 2020 (r531978)
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= ansible
-PORTVERSION?= 2.8.7
+PORTVERSION?= 2.8.11
PORTREVISION?= 0
CATEGORIES= sysutils python
MASTER_SITES= http://releases.ansible.com/ansible/
Modified: head/sysutils/ansible/distinfo
==============================================================================
--- head/sysutils/ansible/distinfo Fri Apr 17 22:29:36 2020 (r531977)
+++ head/sysutils/ansible/distinfo Fri Apr 17 22:31:56 2020 (r531978)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1577375349
-SHA256 (ansible-2.8.7.tar.gz) = 828239ca2b4d92865a00ab415caa932700f7c93f3e4838ddd55614ddf104c947
-SIZE (ansible-2.8.7.tar.gz) = 12697144
+TIMESTAMP = 1587131533
+SHA256 (ansible-2.8.11.tar.gz) = 156caa8b6c60b9f0d5c7d57ee0f4e46d8e226147b58546be6a8ac52925a9c191
+SIZE (ansible-2.8.11.tar.gz) = 12712657
Added: head/sysutils/ansible/files/extra-patch-27
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/ansible/files/extra-patch-27 Fri Apr 17 22:31:56 2020 (r531978)
@@ -0,0 +1,84 @@
+--- lib/ansible/module_utils/facts/virtual/freebsd.py.orig 2020-04-17 14:07:09 UTC
++++ lib/ansible/module_utils/facts/virtual/freebsd.py
+@@ -19,9 +19,11 @@ __metaclass__ = type
+ import os
+
+ from ansible.module_utils.facts.virtual.base import Virtual, VirtualCollector
++# Rudimentary detection of the virtual platforms, more through version is coming. Catches VMWare at minimum.
++from ansible.module_utils.facts.virtual.sysctl import VirtualSysctlDetectionMixin
+
+
+-class FreeBSDVirtual(Virtual):
++class FreeBSDVirtual(Virtual, VirtualSysctlDetectionMixin):
+ """
+ This is a FreeBSD-specific subclass of Virtual. It defines
+ - virtualization_type
+@@ -34,6 +36,9 @@ class FreeBSDVirtual(Virtual):
+ # Set empty values as default
+ virtual_facts['virtualization_type'] = ''
+ virtual_facts['virtualization_role'] = ''
++
++ virtual_product_facts = self.detect_virt_product('hw.hv_vendor')
++ virtual_facts.update(virtual_product_facts)
+
+ if os.path.exists('/dev/xen/xenstore'):
+ virtual_facts['virtualization_type'] = 'xen'
+--- lib/ansible/modules/packaging/os/pkgng.py.orig 2020-04-17 14:07:10 UTC
++++ lib/ansible/modules/packaging/os/pkgng.py
+@@ -201,13 +201,17 @@ def install_packages(module, pkgng_path, packages, cac
+
+ # This environment variable skips mid-install prompts,
+ # setting them to their default values.
+- batch_var = 'env BATCH=yes'
++ # There is at least one case, when upgrading from 11.1 to 11.2 when pkg asks extra
++ # question about OS version mismatch in the repository. As this isn't handled, playbook
++ # hangs forever. Adding ASSUME_ALWAYS_YES to the environment addresses that, and
++ # possibly other potential issues.
++ batch_var = 'env BATCH=yes ASSUME_ALWAYS_YES=yes'
+
+ if not module.check_mode and not cached:
+ if old_pkgng:
+- rc, out, err = module.run_command("%s %s update" % (pkgsite, pkgng_path))
++ rc, out, err = module.run_command("%s %s %s update" % (batch_var, pkgsite, pkgng_path))
+ else:
+- rc, out, err = module.run_command("%s %s update" % (pkgng_path, dir_arg))
++ rc, out, err = module.run_command("%s %s %s update" % (batch_var, pkgng_path, dir_arg))
+ if rc != 0:
+ module.fail_json(msg="Could not update catalogue")
+
+--- lib/ansible/modules/storage/zfs/zfs.py.orig 2020-04-17 14:07:11 UTC
++++ lib/ansible/modules/storage/zfs/zfs.py
+@@ -102,7 +102,15 @@ class Zfs(object):
+ self.changed = False
+ self.zfs_cmd = module.get_bin_path('zfs', True)
+ self.zpool_cmd = module.get_bin_path('zpool', True)
+- self.pool = name.split('/')[0]
++ # - name: Create a new file system by cloning a snapshot
++ # zfs:
++ # name: rpool/cloned_fs
++ # state: present
++ # origin: rpool at mysnapshot
++ #
++ # doesn't work properly, as code assumes that there is at least one level of hierarchy
++ # in zpool. But that's not always the case - pool may be dataset as well and have a snapshot.
++ self.pool = name.split('@')[0].split('/')[0]
+ self.is_solaris = os.uname()[0] == 'SunOS'
+ self.is_openzfs = self.check_openzfs()
+ self.enhanced_sharing = self.check_enhanced_sharing()
+--- lib/ansible/playbook/play_context.py.orig 2020-04-17 14:07:10 UTC
++++ lib/ansible/playbook/play_context.py
+@@ -528,8 +528,13 @@ class PlayContext(Base):
+ becomecmd = cmd
+
+ elif self.become_method == 'doas':
++ # `doas` support in ansible is broken ATM, doesn't handle password
++ # authentication properly, cause assumes only challenge-respond auth.
++ # This patch should handle both ways properly.
++ def detect_doas_prompt(b_data):
++ return re.match(b"[Pp]assword:", b_data)
+
+- prompt = 'doas (%s@' % self.remote_user
++ prompt = detect_doas_prompt
+ exe = self.become_exe or 'doas'
+
+ if not self.become_pass:
Modified: head/sysutils/ansible23/Makefile
==============================================================================
--- head/sysutils/ansible23/Makefile Fri Apr 17 22:29:36 2020 (r531977)
+++ head/sysutils/ansible23/Makefile Fri Apr 17 22:31:56 2020 (r531978)
@@ -14,6 +14,8 @@ CONFLICTS= ansible-* \
MASTERDIR= ${.CURDIR}/../ansible
DISTINFO_FILE= ${.CURDIR}/distinfo
+DEPRECATED= Upstream support ended. Consider upgrading to sysutils/ansible
+
RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}jmespath>0:devel/py-jmespath@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}netaddr>0:net/py-netaddr@${PY_FLAVOR} \
Modified: head/sysutils/ansible24/Makefile
==============================================================================
--- head/sysutils/ansible24/Makefile Fri Apr 17 22:29:36 2020 (r531977)
+++ head/sysutils/ansible24/Makefile Fri Apr 17 22:31:56 2020 (r531978)
@@ -14,6 +14,8 @@ CONFLICTS= ansible-* \
MASTERDIR= ${.CURDIR}/../ansible
DISTINFO_FILE= ${.CURDIR}/distinfo
+DEPRECATED= Upstream support ended. Consider upgrading to sysutils/ansible
+
EXTRA_PATCHES=
.include "${MASTERDIR}/Makefile"
Modified: head/sysutils/ansible25/Makefile
==============================================================================
--- head/sysutils/ansible25/Makefile Fri Apr 17 22:29:36 2020 (r531977)
+++ head/sysutils/ansible25/Makefile Fri Apr 17 22:31:56 2020 (r531978)
@@ -14,6 +14,8 @@ CONFLICTS= ansible-* \
MASTERDIR= ${.CURDIR}/../ansible
DISTINFO_FILE= ${.CURDIR}/distinfo
+DEPRECATED= Upstream support ended. Consider upgrading to sysutils/ansible
+
EXTRA_PATCHES=
.include "${MASTERDIR}/Makefile"
Modified: head/sysutils/ansible26/Makefile
==============================================================================
--- head/sysutils/ansible26/Makefile Fri Apr 17 22:29:36 2020 (r531977)
+++ head/sysutils/ansible26/Makefile Fri Apr 17 22:31:56 2020 (r531978)
@@ -13,6 +13,8 @@ CONFLICTS= ansible-* \
MASTERDIR= ${.CURDIR}/../ansible
DISTINFO_FILE= ${.CURDIR}/distinfo
+DEPRECATED= Upstream support ended. Consider upgrading to sysutils/ansible
+
EXTRA_PATCHES= ${FILESDIR}/extra-patch-sesu
.include "${MASTERDIR}/Makefile"
Modified: head/sysutils/ansible27/Makefile
==============================================================================
--- head/sysutils/ansible27/Makefile Fri Apr 17 22:29:36 2020 (r531977)
+++ head/sysutils/ansible27/Makefile Fri Apr 17 22:31:56 2020 (r531978)
@@ -1,6 +1,6 @@
# $FreeBSD$
-PORTVERSION= 2.7.15
+PORTVERSION= 2.7.17
PKGNAMESUFFIX= 27
CONFLICTS= ansible-* \
@@ -13,6 +13,7 @@ CONFLICTS= ansible-* \
MASTERDIR= ${.CURDIR}/../ansible
DISTINFO_FILE= ${.CURDIR}/distinfo
-EXTRA_PATCHES= ${FILESDIR}/extra-patch-sesu
+EXTRA_PATCHES= ${FILESDIR}/extra-patch-sesu \
+ ${FILESDIR}/extra-patch-27
.include "${MASTERDIR}/Makefile"
Modified: head/sysutils/ansible27/distinfo
==============================================================================
--- head/sysutils/ansible27/distinfo Fri Apr 17 22:29:36 2020 (r531977)
+++ head/sysutils/ansible27/distinfo Fri Apr 17 22:31:56 2020 (r531978)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1577375263
-SHA256 (ansible-2.7.15.tar.gz) = 99bf683d069b3f73704182ece95b6618ae2090594a66e146f4d286c0cac858ce
-SIZE (ansible-2.7.15.tar.gz) = 10205890
+TIMESTAMP = 1587128349
+SHA256 (ansible-2.7.17.tar.gz) = 9fdb79c43f7ad972dc7ccff8a4e9553d623e52dc80b802c619568d3c38f94ccc
+SIZE (ansible-2.7.17.tar.gz) = 10215119
More information about the svn-ports-head
mailing list