diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2019-12-15 21:18:13 +0100 |
|---|---|---|
| committer | Andreas Rammhold <andreas@rammhold.de> | 2019-12-15 21:35:55 +0100 |
| commit | b1ee58be77cd13d1cd85d81c8a43bdc17a547cc4 (patch) | |
| tree | 02cc6770e7740b902eaa8b1062892d8e09cccf2a | |
| parent | ansible_2_7: 2.7.11 -> 2.7.15 (diff) | |
| download | nixpkgs-b1ee58be77cd13d1cd85d81c8a43bdc17a547cc4.tar.gz | |
ansible_2_8: 2.8.4 -> 2.8.7
This addresses the following security issues:
* Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864)
* CVE-2019-14846 - Several Ansible plugins could disclose aws
credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
lookup/aws_account_attribute.py, and lookup/aws_secret.py,
lookup/aws_ssm.py use the boto3 library from the Ansible process. The
boto3 library logs credentials at log level DEBUG. If Ansible's
logging was enabled (by setting LOG_PATH to a value) Ansible would set
the global log level to DEBUG. This was inherited by boto and would
then log boto credentials to the file specified by LOG_PATH. This did
not affect aws ansible modules as those are executed in a separate
process. This has been fixed by switching to log level INFO
* Convert CLI provided passwords to text initially, to prevent unsafe
context being lost when converting from bytes->text during post
processing of PlayContext. This prevents CLI provided passwords from
being incorrectly templated (CVE-2019-14856)
* properly hide parameters marked with no_log in suboptions when
invalid parameters are passed to the module (CVE-2019-14858)
Changelog: https://github.com/ansible/ansible/blob/24220a618a6d5cd3b5c99f8c7f7771661ed08d33/changelogs/CHANGELOG-v2.8.rst
(cherry picked from commit 71cde971c7da86123b897d0e96a2e7bd88010df0)
| -rw-r--r-- | pkgs/development/python-modules/ansible/default.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/development/python-modules/ansible/default.nix b/pkgs/development/python-modules/ansible/default.nix index fab3c0df58c5..d23030fb3dfa 100644 --- a/pkgs/development/python-modules/ansible/default.nix +++ b/pkgs/development/python-modules/ansible/default.nix @@ -18,13 +18,13 @@ buildPythonPackage rec { pname = "ansible"; - version = "2.8.4"; + version = "2.8.7"; src = fetchFromGitHub { owner = "ansible"; repo = "ansible"; rev = "v${version}"; - sha256 = "1fp7zz8awfv70nn8i6x0ggx4472377hm7787x16qv2kz4nb069ki"; + sha256 = "08vqjk85j0g1x0iad03d7ysws433dikii8j2lr3a1mlx6d186vv8"; }; prePatch = '' |