Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ansible-core for openSUSE:Factory checked in at 2023-12-05 17:03:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ansible-core (Old) and /work/SRC/openSUSE:Factory/.ansible-core.new.25432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ansible-core" Tue Dec 5 17:03:21 2023 rev:21 rq:1130887 version:2.15.7 Changes: -------- --- /work/SRC/openSUSE:Factory/ansible-core/ansible-core.changes 2023-11-07 21:28:30.068247661 +0100 +++ /work/SRC/openSUSE:Factory/.ansible-core.new.25432/ansible-core.changes 2023-12-05 17:03:32.289859621 +0100 @@ -1,0 +2,31 @@ +Tue Dec 5 06:08:05 UTC 2023 - Johannes Kastl <[email protected]> + +- update to 2.15.7: + This release includes a fix for CVE-2023-5764, where internal + templating actions could result in unsafe data losing its unsafe + designation. + * Breaking Changes / Porting Guide + - assert - Nested templating may result in an inability for the + conditional to be evaluated. See the porting guide for more + information. + * Security Fixes + - templating - Address issues where internal templating can + cause unsafe variables to lose their unsafe designation + (CVE-2023-5764) + * Bugfixes + - ansible-pull now will expand relative paths for the + -d|--directory option is now expanded before use. + - flush_handlers - properly handle a handler failure in a + nested block when force_handlers is set + (http://github.com/ansible/ansible/issues/81532) + - module no_log will no longer affect top level booleans, for + example no_log_module_parameter='a' will no longer hide + changed=False as a 'no log value' (matches 'a'). + - modules/user.py - Add check for valid directory when creating + new user homedir (allows /dev/null as skeleton) (#75063) + - role params now have higher precedence than host facts again, + matching documentation, this had unintentionally changed in + 2.15. + - wait_for should not handle 'non mmapable files' again. + +------------------------------------------------------------------- Old: ---- ansible-core-2.15.6.tar.gz New: ---- ansible-core-2.15.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ansible-core.spec ++++++ --- /var/tmp/diff_new_pack.wZs2o2/_old 2023-12-05 17:03:32.889881738 +0100 +++ /var/tmp/diff_new_pack.wZs2o2/_new 2023-12-05 17:03:32.889881738 +0100 @@ -38,7 +38,7 @@ %endif Name: ansible-core -Version: 2.15.6 +Version: 2.15.7 Release: 0 Summary: Radically simple IT automation License: GPL-3.0-or-later ++++++ ansible-core-2.15.6.tar.gz -> ansible-core-2.15.7.tar.gz ++++++ ++++ 2396 lines of diff (skipped)
