From owner-svn-ports-head@freebsd.org Fri Apr 17 22:31:58 2020 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B3A0F2AE10A; Fri, 17 Apr 2020 22:31:58 +0000 (UTC) (envelope-from bofh@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 493rRy4MCtz3Ph9; Fri, 17 Apr 2020 22:31:58 +0000 (UTC) (envelope-from bofh@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 90A731D29; Fri, 17 Apr 2020 22:31:58 +0000 (UTC) (envelope-from bofh@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03HMVwsN087126; Fri, 17 Apr 2020 22:31:58 GMT (envelope-from bofh@FreeBSD.org) Received: (from bofh@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03HMVu1j087115; Fri, 17 Apr 2020 22:31:56 GMT (envelope-from bofh@FreeBSD.org) Message-Id: <202004172231.03HMVu1j087115@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bofh set sender to bofh@FreeBSD.org using -f From: Muhammad Moinur Rahman Date: Fri, 17 Apr 2020 22:31:56 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r531978 - in head/sysutils: ansible ansible/files ansible23 ansible24 ansible25 ansible26 ansible27 X-SVN-Group: ports-head X-SVN-Commit-Author: bofh X-SVN-Commit-Paths: in head/sysutils: ansible ansible/files ansible23 ansible24 ansible25 ansible26 ansible27 X-SVN-Commit-Revision: 531978 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Apr 2020 22:31:58 -0000 Author: bofh Date: Fri Apr 17 22:31:56 2020 New Revision: 531978 URL: https://svnweb.freebsd.org/changeset/ports/531978 Log: sysutils/ansible: Multiple Vulnerabilities fix - Update ansible 2.8.7=>2.8.11 - Update ansible27 2.7.15=>2.7.17 - For ansible27 add fixes [1] - Rudimentary detection of the virtual platforms - playbook hangs without ASSUME_ALWAYS_YES for pkgng - Fix zpool snapshot cloning - Fix `doas` password authentication - Mark ansible26, ansible25, ansible24 and ansible23 DEPRECATED without EXPIRATION_DATE for MFH PR: 241734 233970 [1] Submitted by: timur [1] Reported by: ncrogers@gmail.com Approved by: portmgr (maintainer timeout, > 14 days) MFH: 2020Q2 (bugfix release) Security: CVE-2020-1737 Security: CVE-2020-1739 Security: CVE-2020-1740 Added: head/sysutils/ansible/files/extra-patch-27 (contents, props changed) Modified: head/sysutils/ansible/Makefile head/sysutils/ansible/distinfo head/sysutils/ansible23/Makefile head/sysutils/ansible24/Makefile head/sysutils/ansible25/Makefile head/sysutils/ansible26/Makefile head/sysutils/ansible27/Makefile head/sysutils/ansible27/distinfo Modified: head/sysutils/ansible/Makefile ============================================================================== --- head/sysutils/ansible/Makefile Fri Apr 17 22:29:36 2020 (r531977) +++ head/sysutils/ansible/Makefile Fri Apr 17 22:31:56 2020 (r531978) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= ansible -PORTVERSION?= 2.8.7 +PORTVERSION?= 2.8.11 PORTREVISION?= 0 CATEGORIES= sysutils python MASTER_SITES= http://releases.ansible.com/ansible/ Modified: head/sysutils/ansible/distinfo ============================================================================== --- head/sysutils/ansible/distinfo Fri Apr 17 22:29:36 2020 (r531977) +++ head/sysutils/ansible/distinfo Fri Apr 17 22:31:56 2020 (r531978) @@ -1,3 +1,3 @@ -TIMESTAMP = 1577375349 -SHA256 (ansible-2.8.7.tar.gz) = 828239ca2b4d92865a00ab415caa932700f7c93f3e4838ddd55614ddf104c947 -SIZE (ansible-2.8.7.tar.gz) = 12697144 +TIMESTAMP = 1587131533 +SHA256 (ansible-2.8.11.tar.gz) = 156caa8b6c60b9f0d5c7d57ee0f4e46d8e226147b58546be6a8ac52925a9c191 +SIZE (ansible-2.8.11.tar.gz) = 12712657 Added: head/sysutils/ansible/files/extra-patch-27 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/ansible/files/extra-patch-27 Fri Apr 17 22:31:56 2020 (r531978) @@ -0,0 +1,84 @@ +--- lib/ansible/module_utils/facts/virtual/freebsd.py.orig 2020-04-17 14:07:09 UTC ++++ lib/ansible/module_utils/facts/virtual/freebsd.py +@@ -19,9 +19,11 @@ __metaclass__ = type + import os + + from ansible.module_utils.facts.virtual.base import Virtual, VirtualCollector ++# Rudimentary detection of the virtual platforms, more through version is coming. Catches VMWare at minimum. ++from ansible.module_utils.facts.virtual.sysctl import VirtualSysctlDetectionMixin + + +-class FreeBSDVirtual(Virtual): ++class FreeBSDVirtual(Virtual, VirtualSysctlDetectionMixin): + """ + This is a FreeBSD-specific subclass of Virtual. It defines + - virtualization_type +@@ -34,6 +36,9 @@ class FreeBSDVirtual(Virtual): + # Set empty values as default + virtual_facts['virtualization_type'] = '' + virtual_facts['virtualization_role'] = '' ++ ++ virtual_product_facts = self.detect_virt_product('hw.hv_vendor') ++ virtual_facts.update(virtual_product_facts) + + if os.path.exists('/dev/xen/xenstore'): + virtual_facts['virtualization_type'] = 'xen' +--- lib/ansible/modules/packaging/os/pkgng.py.orig 2020-04-17 14:07:10 UTC ++++ lib/ansible/modules/packaging/os/pkgng.py +@@ -201,13 +201,17 @@ def install_packages(module, pkgng_path, packages, cac + + # This environment variable skips mid-install prompts, + # setting them to their default values. +- batch_var = 'env BATCH=yes' ++ # There is at least one case, when upgrading from 11.1 to 11.2 when pkg asks extra ++ # question about OS version mismatch in the repository. As this isn't handled, playbook ++ # hangs forever. Adding ASSUME_ALWAYS_YES to the environment addresses that, and ++ # possibly other potential issues. ++ batch_var = 'env BATCH=yes ASSUME_ALWAYS_YES=yes' + + if not module.check_mode and not cached: + if old_pkgng: +- rc, out, err = module.run_command("%s %s update" % (pkgsite, pkgng_path)) ++ rc, out, err = module.run_command("%s %s %s update" % (batch_var, pkgsite, pkgng_path)) + else: +- rc, out, err = module.run_command("%s %s update" % (pkgng_path, dir_arg)) ++ rc, out, err = module.run_command("%s %s %s update" % (batch_var, pkgng_path, dir_arg)) + if rc != 0: + module.fail_json(msg="Could not update catalogue") + +--- lib/ansible/modules/storage/zfs/zfs.py.orig 2020-04-17 14:07:11 UTC ++++ lib/ansible/modules/storage/zfs/zfs.py +@@ -102,7 +102,15 @@ class Zfs(object): + self.changed = False + self.zfs_cmd = module.get_bin_path('zfs', True) + self.zpool_cmd = module.get_bin_path('zpool', True) +- self.pool = name.split('/')[0] ++ # - name: Create a new file system by cloning a snapshot ++ # zfs: ++ # name: rpool/cloned_fs ++ # state: present ++ # origin: rpool@mysnapshot ++ # ++ # doesn't work properly, as code assumes that there is at least one level of hierarchy ++ # in zpool. But that's not always the case - pool may be dataset as well and have a snapshot. ++ self.pool = name.split('@')[0].split('/')[0] + self.is_solaris = os.uname()[0] == 'SunOS' + self.is_openzfs = self.check_openzfs() + self.enhanced_sharing = self.check_enhanced_sharing() +--- lib/ansible/playbook/play_context.py.orig 2020-04-17 14:07:10 UTC ++++ lib/ansible/playbook/play_context.py +@@ -528,8 +528,13 @@ class PlayContext(Base): + becomecmd = cmd + + elif self.become_method == 'doas': ++ # `doas` support in ansible is broken ATM, doesn't handle password ++ # authentication properly, cause assumes only challenge-respond auth. ++ # This patch should handle both ways properly. ++ def detect_doas_prompt(b_data): ++ return re.match(b"[Pp]assword:", b_data) + +- prompt = 'doas (%s@' % self.remote_user ++ prompt = detect_doas_prompt + exe = self.become_exe or 'doas' + + if not self.become_pass: Modified: head/sysutils/ansible23/Makefile ============================================================================== --- head/sysutils/ansible23/Makefile Fri Apr 17 22:29:36 2020 (r531977) +++ head/sysutils/ansible23/Makefile Fri Apr 17 22:31:56 2020 (r531978) @@ -14,6 +14,8 @@ CONFLICTS= ansible-* \ MASTERDIR= ${.CURDIR}/../ansible DISTINFO_FILE= ${.CURDIR}/distinfo +DEPRECATED= Upstream support ended. Consider upgrading to sysutils/ansible + RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}jmespath>0:devel/py-jmespath@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}netaddr>0:net/py-netaddr@${PY_FLAVOR} \ Modified: head/sysutils/ansible24/Makefile ============================================================================== --- head/sysutils/ansible24/Makefile Fri Apr 17 22:29:36 2020 (r531977) +++ head/sysutils/ansible24/Makefile Fri Apr 17 22:31:56 2020 (r531978) @@ -14,6 +14,8 @@ CONFLICTS= ansible-* \ MASTERDIR= ${.CURDIR}/../ansible DISTINFO_FILE= ${.CURDIR}/distinfo +DEPRECATED= Upstream support ended. Consider upgrading to sysutils/ansible + EXTRA_PATCHES= .include "${MASTERDIR}/Makefile" Modified: head/sysutils/ansible25/Makefile ============================================================================== --- head/sysutils/ansible25/Makefile Fri Apr 17 22:29:36 2020 (r531977) +++ head/sysutils/ansible25/Makefile Fri Apr 17 22:31:56 2020 (r531978) @@ -14,6 +14,8 @@ CONFLICTS= ansible-* \ MASTERDIR= ${.CURDIR}/../ansible DISTINFO_FILE= ${.CURDIR}/distinfo +DEPRECATED= Upstream support ended. Consider upgrading to sysutils/ansible + EXTRA_PATCHES= .include "${MASTERDIR}/Makefile" Modified: head/sysutils/ansible26/Makefile ============================================================================== --- head/sysutils/ansible26/Makefile Fri Apr 17 22:29:36 2020 (r531977) +++ head/sysutils/ansible26/Makefile Fri Apr 17 22:31:56 2020 (r531978) @@ -13,6 +13,8 @@ CONFLICTS= ansible-* \ MASTERDIR= ${.CURDIR}/../ansible DISTINFO_FILE= ${.CURDIR}/distinfo +DEPRECATED= Upstream support ended. Consider upgrading to sysutils/ansible + EXTRA_PATCHES= ${FILESDIR}/extra-patch-sesu .include "${MASTERDIR}/Makefile" Modified: head/sysutils/ansible27/Makefile ============================================================================== --- head/sysutils/ansible27/Makefile Fri Apr 17 22:29:36 2020 (r531977) +++ head/sysutils/ansible27/Makefile Fri Apr 17 22:31:56 2020 (r531978) @@ -1,6 +1,6 @@ # $FreeBSD$ -PORTVERSION= 2.7.15 +PORTVERSION= 2.7.17 PKGNAMESUFFIX= 27 CONFLICTS= ansible-* \ @@ -13,6 +13,7 @@ CONFLICTS= ansible-* \ MASTERDIR= ${.CURDIR}/../ansible DISTINFO_FILE= ${.CURDIR}/distinfo -EXTRA_PATCHES= ${FILESDIR}/extra-patch-sesu +EXTRA_PATCHES= ${FILESDIR}/extra-patch-sesu \ + ${FILESDIR}/extra-patch-27 .include "${MASTERDIR}/Makefile" Modified: head/sysutils/ansible27/distinfo ============================================================================== --- head/sysutils/ansible27/distinfo Fri Apr 17 22:29:36 2020 (r531977) +++ head/sysutils/ansible27/distinfo Fri Apr 17 22:31:56 2020 (r531978) @@ -1,3 +1,3 @@ -TIMESTAMP = 1577375263 -SHA256 (ansible-2.7.15.tar.gz) = 99bf683d069b3f73704182ece95b6618ae2090594a66e146f4d286c0cac858ce -SIZE (ansible-2.7.15.tar.gz) = 10205890 +TIMESTAMP = 1587128349 +SHA256 (ansible-2.7.17.tar.gz) = 9fdb79c43f7ad972dc7ccff8a4e9553d623e52dc80b802c619568d3c38f94ccc +SIZE (ansible-2.7.17.tar.gz) = 10215119