Security update for ansible

This update for ansible fixes the following issues:

Ansible was updated to version 2.8.1:

Full changelog is at /usr/share/doc/packages/ansible/changelogs/

- Bugfixes

- ACI - DO not encode query_string
- ACI modules - Fix non-signature authentication
- Add missing directory provided via ``--playbook-dir`` to adjacent collection loading
- Fix "Interface not found" errors when using eos_l2_interface with nonexistant
interfaces configured
- Fix cannot get credential when `source_auth` set to `credential_file`.
- Fix netconf_config backup string issue
- Fix privilege escalation support for the docker connection plugin when
credentials need to be supplied (e.g. sudo with password).
- Fix vyos cli prompt inspection
- Fixed loading namespaced documentation fragments from collections.
- Fixing bug came up after running cnos_vrf module against coverity.
- Properly handle data importer failures on PVC creation, instead of timing out.
- To fix the ios static route TC failure in CI
- To fix the nios member module params
- To fix the nios_zone module idempotency failure
- add terminal initial prompt for initial connection
- allow include_role to work with ansible command
- allow python_requirements_facts to report on dependencies containing dashes
- asa_config fix
- azure_rm_roledefinition - fix a small error in build scope.
- azure_rm_virtualnetworkpeering - fix cross subscriptions virtual network
peering.
- cgroup_perf_recap - When not using file_per_task, make sure we don't
prematurely close the perf files
- display underlying error when reporting an invalid ``tasks:`` block.
- dnf - fix wildcard matching for state: absent
- docker connection plugin - accept version ``dev`` as 'newest version' and
print warning.
- docker_container - ``oom_killer`` and ``oom_score_adj`` options are available
since docker-py 1.8.0, not 2.0.0 as assumed by the version check.
- docker_container - fix network creation when ``networks_cli_compatible`` is
enabled.
- docker_container - use docker API's ``restart`` instead of ``stop``/``start``
to restart a container.
- docker_image - if ``build`` was not specified, the wrong default for
``build.rm`` is used.
- docker_image - if ``nocache`` set to ``yes`` but not ``build.nocache``, the
module failed.
- docker_image - module failed when ``source: build`` was set but
``build.path`` options not specified.
- docker_network module - fix idempotency when using ``aux_addresses`` in
``ipam_config``.
- ec2_instance - make Name tag idempotent
- eos: don't fail modules without become set, instead show message and continue
- eos_config: check for session support when asked to 'diff_against: session'
- eos_eapi: fix idempotency issues when vrf was unspecified.
- fix bugs for ce - more info see
- fix incorrect uses of to_native that should be to_text instead.
- hcloud_volume - Fix idempotency when attaching a server to a volume.
- ibm_storage - Added a check for null fields in ibm_storage utils module.
- include_tasks - whitelist ``listen`` as a valid keyword
- k8s - resource updates applied with force work correctly now
- keep results subset also when not no_log.
- meraki_switchport - improve reliability with native VLAN functionality.
- netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and
clearing functionality
- netapp_e_volumes - fix workload profileId indexing when no previous workload
tags exist on the storage array.
- nxos_acl some platforms/versions raise when no ACLs are present
- nxos_facts fix
- nxos_file_copy fix passwordless workflow
- nxos_interface Fix admin_state check for n6k
- nxos_snmp_traps fix group all for N35 platforms
- nxos_snmp_user fix platform fixes for get_snmp_user
- nxos_vlan mode idempotence bug
- nxos_vlan vlan names containing regex ctl chars should be escaped
- nxos_vtp_* modules fix n6k issues
- openssl_certificate - fix private key passphrase handling for
``cryptography`` backend.
- openssl_pkcs12 - fixes crash when private key has a passphrase and the module
is run a second time.
- os_stack - Apply tags conditionally so that the module does not throw up an
error when using an older distro of openstacksdk
- pass correct loading context to persistent connections other than local
- pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux
- postgresql - added initial SSL related tests
- postgresql - added missing_required_libs, removed excess param mapping
- postgresql - move connect_to_db and get_pg_version into
module_utils/postgres.py (https://github.com/ansible/ansible/pull/55514)
- postgresql_db - add note to the documentation about state dump and the
incorrect rc (https://github.com/ansible/ansible/pull/57297)
- postgresql_db - fix for postgresql_db fails if stderr contains output
- postgresql_ping - fixed a typo in the module documentation
- preserve actual ssh error when we cannot connect.
- route53_facts - the module did not advertise check mode support, causing it
not to be run in check mode.
- sysctl: the module now also checks the output of STDERR to report if values
are correctly set (https://github.com/ansible/ansible/pull/55695)
- ufw - correctly check status when logging is off
- uri - always return a value for status even during failure
- urls - Handle redirects properly for IPv6 address by not splitting on ``:``
and rely on already parsed hostname and port values
- vmware_vm_facts - fix the support with regular ESXi
- vyos_interface fix
- we don't really need to template vars on definition as we do this on demand
in templating.
- win_acl - Fix qualifier parser when using UNC paths -
- win_hostname - Fix non netbios compliant name handling
- winrm - Fix issue when attempting to parse CLIXML on send input failure
- xenserver_guest - fixed an issue where VM whould be powered off even though
check mode is used if reconfiguration requires VM to be powered off.
- xenserver_guest - proper error message is shown when maximum number of
network interfaces is reached and multiple network interfaces are added at
once.
- yum - Fix false error message about autoremove not being supported
- yum - fix failure when using ``update_cache`` standalone
- yum - handle special "_none_" value for proxy in yum.conf and .repo files

Update to version 2.8.0

Major changes:

* Experimental support for Ansible Collections and content namespacing -
Ansible content can now be packaged in a collection and addressed via
namespaces. This allows for easier sharing, distribution, and installation
of bundled modules/roles/plugins, and consistent rules for accessing
specific content via namespaces.
* Python interpreter discovery - The first time a Python module runs on a
target, Ansible will attempt to discover the proper default Python
interpreter to use for the target platform/version (instead of immediately
defaulting to /usr/bin/python). You can override this behavior by
setting ansible_python_interpreter or via config.
(see https://github.com/ansible/ansible/pull/50163)
* become - The deprecated CLI arguments for --sudo, --sudo-user,
--ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed, in
favor of the more generic --become, --become-user, --become-method, and
--ask-become-pass.
* become - become functionality has been migrated to a plugin architecture,
to allow customization of become functionality and 3rd party become methods
(https://github.com/ansible/ansible/pull/50991)

- addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837

For the full changelog see /usr/share/doc/packages/ansible/changelogs or online:
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst

Fixed bugs
bnc#1109957
ansible firewalld module fails
bnc#1126503
VUL-1: CVE-2019-3828: ansible: path traversal in the fetch module
bnc#1112959
VUL-0: CVE-2018-16837: ansible: Information leak in "user" module
bnc#1118896
VUL-1: CVE-2018-16876: ansible: Information disclosure in vvv+ mode with no_log on
Selected Binaries
openSUSE Build Service is sponsored by