packages/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!13 fix CVE-2020-1738

Browse Source 
From: @programmer12
Reviewed-by: @licihua
Signed-off-by: @licihua
This commit is contained in:
openeuler-ci-bot 2021-09-17 07:09:37 +00:00 committed by Gitee
commit 9a85675d4f
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
CVE-2020-1738.patch Normal file
View File

@ -0,0 +1,48 @@
From 52d70d28eac2655a610b57291ca73e6ad33367ea Mon Sep 17 00:00:00 2001
From: Abbijeet Kasurde <akasurde@redhat.com>
Date: Thu, 16 Sep 2021 17:32:34 +0800
Subject: [PATCH] [WIP] Add whitelisting for package and service module
---
lib/ansible/plugins/action/package.py | 8 ++++++++
lib/ansible/plugins/action/service.py | 5 +++++
2 files changed, 13 insertions(+)
diff --git a/lib/ansible/plugins/action/package.py b/lib/ansible/plugins/action/package.py
index 932acccb..18acc856 100644
--- a/lib/ansible/plugins/action/package.py
+++ b/lib/ansible/plugins/action/package.py
@@ -56,6 +56,14 @@ class ActionModule(ActionBase):
module = facts.get('ansible_facts', {}).get('ansible_pkg_mgr', 'auto')
if module != 'auto':
+ if module not in ['apk','apt_rpm','apt','dnf','homebrew_cask',
+ 'homebrew_tap','homebrew','installp','macports','mas',
+ 'openbsd_pkg','opkg','pacman','pkg5','pkgin',
+ 'pkgng','pkgutil','portage','portinstall','slackpkg',
+ 'snap','sorcery','svr4pkg','swdepot','swupd',
+ 'urpmi','xbps','yum','zypper']:
+ raise AnsibleActionFail('Coudld not find a module for package manager %s.'
+ 'Try setting the "use" option.'% module)
if module not in self._shared_loader_obj.module_loader:
raise AnsibleActionFail('Could not find a module for %s.' % module)
diff --git a/lib/ansible/plugins/action/service.py b/lib/ansible/plugins/action/service.py
index 3ebd0ae1..d9b0344b 100644
--- a/lib/ansible/plugins/action/service.py
+++ b/lib/ansible/plugins/action/service.py
@@ -61,6 +61,11 @@ class ActionModule(ActionBase):
module = 'service'
if module != 'auto':
+ # Check if auto detected module is valid module name or not
+ if module not in ['nosh','openwrt_init','runit',
+ 'svc','systemd','sysvinit']:
+ raise AnsibleActionFail('Could not find module for service manager %s.'
+ 'Try setting the "use" option.')
# run the 'service' module
new_module_args = self._task.args.copy()
if 'use' in new_module_args:
--
2.27.0

6
ansible.spec
View File

@ -2,7 +2,7 @@
Name: ansible Name: ansible
Summary: SSH-based configuration management, deployment, and task execution system Summary: SSH-based configuration management, deployment, and task execution system
Version: 2.9.24 Version: 2.9.24
Release: 2 Release: 3
License: GPLv3+ License: GPLv3+
Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz Source0: https://releases.ansible.com/ansible/%{name}-%{version}.tar.gz
@ -17,6 +17,7 @@ Patch2: ansible-2.9.6-disable-test_build_requirement_from_path_no_version.patch
Patch3: fix-python-3.9-compatibility.patch Patch3: fix-python-3.9-compatibility.patch
Patch4: ansible-2.9.23-sphinx4.patch Patch4: ansible-2.9.23-sphinx4.patch
Patch5: CVE-2020-1736.patch Patch5: CVE-2020-1736.patch
Patch6: CVE-2020-1738.patch
Provides: ansible-python3 = %{version}-%{release} Provides: ansible-python3 = %{version}-%{release}
Obsoletes: ansible-python3 < %{version}-%{release} Obsoletes: ansible-python3 < %{version}-%{release}
@ -214,6 +215,9 @@ make PYTHON=/usr/bin/python3 tests-py3
%{python3_sitelib}/ansible_test %{python3_sitelib}/ansible_test
%changelog %changelog
* Fri Sep 17 2021 liwu <liwu13@huawei.com> - 2.9.24-3
- fix CVE-2020-1738
* Thu Sep 16 2021 liwu <liwu13@huawei.com> - 2.9.24-2 * Thu Sep 16 2021 liwu <liwu13@huawei.com> - 2.9.24-2
- fix CVE-2020-1736 - fix CVE-2020-1736