This addresses the following security issues:
* Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864)
* CVE-2019-14846 - Several Ansible plugins could disclose aws
credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
lookup/aws_account_attribute.py, and lookup/aws_secret.py,
lookup/aws_ssm.py use the boto3 library from the Ansible process. The
boto3 library logs credentials at log level DEBUG. If Ansible's
logging was enabled (by setting LOG_PATH to a value) Ansible would set
the global log level to DEBUG. This was inherited by boto and would
then log boto credentials to the file specified by LOG_PATH. This did
not affect aws ansible modules as those are executed in a separate
process. This has been fixed by switching to log level INFO
* Convert CLI provided passwords to text initially, to prevent unsafe
context being lost when converting from bytes->text during post
processing of PlayContext. This prevents CLI provided passwords from
being incorrectly templated (CVE-2019-14856)
* properly hide parameters marked with no_log in suboptions when
invalid parameters are passed to the module (CVE-2019-14858)
Changelog: 24220a618a/changelogs/CHANGELOG-v2.8.rst
Since commit f7e28bf5d8 ("Split
buildPythonPackage into setup hooks"), the `ia` command provided by this
package has crashed with the error:
Traceback (most recent call last):
File "/nix/store/7n1jf081h0qnj82m2s69mxzj02zf746f-python3.7-internetarchive-1.8.1/bin/.ia-wrapped", line 7, in <module>
from internetarchive.cli.ia import main
File "/nix/store/7n1jf081h0qnj82m2s69mxzj02zf746f-python3.7-internetarchive-1.8.1/lib/python3.7/site-packages/internetarchive/cli/__init__.py", line 27, in <module>
from internetarchive.cli import ia, ia_configure, ia_delete, ia_download, ia_list, \
File "/nix/store/7n1jf081h0qnj82m2s69mxzj02zf746f-python3.7-internetarchive-1.8.1/lib/python3.7/site-packages/internetarchive/cli/ia.py", line 60, in <module>
from pkg_resources import iter_entry_points, DistributionNotFound
ModuleNotFoundError: No module named 'pkg_resources'
This commit fixes that by adding `setuptools` (which contains the
'pkg_resources' module) to `propagatedBuildInputs`.
Since testresources declares `Requires-Dist: pbr (>=1.8)` and imports
`pbr.version`, any user of testresources also needs to have pbr.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
People have only been using this for the spell-entry widget, i.e even
hexchat just has the code vendored and are maintaining it themselves.
There is a continuation that could be packaged if anyone needs it
* https://github.com/TingPing/libsexy3
but currently no package within nixpkgs has a use for this.
