a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Release 1.2.0.

pull/117/head 1.2.0
Felix Fontein 2020-10-13 14:17:30 +02:00
parent 98db972a6c
commit 4fb3d09ee9
7 changed files with 67 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CHANGELOG.rst
View File

@ -5,6 +5,35 @@ Community Crypto Release Notes
.. contents:: Topics
v1.2.0
======
Release Summary
---------------
Please note that this release fixes a security issue (CVE-2020-25646).
Minor Changes
-------------
- acme_certificate - allow to pass CSR file as content with new option ``csr_content`` (https://github.com/ansible-collections/community.crypto/pull/115).
- x509_certificate_info - add ``fingerprints`` return value which returns certificate fingerprints (https://github.com/ansible-collections/community.crypto/pull/121).
Security Fixes
--------------
- openssl_csr - the option ``privatekey_content`` was not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
- openssl_privatekey_info - the option ``content`` was not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
- openssl_publickey - the option ``privatekey_content`` was not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
- openssl_signature - the option ``privatekey_content`` was not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
- x509_certificate - the options ``privatekey_content`` and ``ownca_privatekey_content`` were not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
- x509_crl - the option ``privatekey_content`` was not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
Bugfixes
--------
- openssl_pkcs12 - do not crash when reading PKCS#12 file which has no private key and/or no main certificate (https://github.com/ansible-collections/community.crypto/issues/103).
v1.1.1
======

38
changelogs/changelog.yaml
View File

@ -197,3 +197,41 @@ releases:
- 106-openssl_csr-idna-errors.yml
- 108-meta-runtime-versions.yml
release_date: '2020-09-14'
1.2.0:
changes:
bugfixes:
- openssl_pkcs12 - do not crash when reading PKCS#12 file which has no private
key and/or no main certificate (https://github.com/ansible-collections/community.crypto/issues/103).
minor_changes:
- acme_certificate - allow to pass CSR file as content with new option ``csr_content``
(https://github.com/ansible-collections/community.crypto/pull/115).
- x509_certificate_info - add ``fingerprints`` return value which returns certificate
fingerprints (https://github.com/ansible-collections/community.crypto/pull/121).
release_summary: Please note that this release fixes a security issue (CVE-2020-25646).
security_fixes:
- openssl_csr - the option ``privatekey_content`` was not marked as ``no_log``,
resulting in it being dumped into the system log by default, and returned
in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
- openssl_privatekey_info - the option ``content`` was not marked as ``no_log``,
resulting in it being dumped into the system log by default, and returned
in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
- openssl_publickey - the option ``privatekey_content`` was not marked as ``no_log``,
resulting in it being dumped into the system log by default, and returned
in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
- openssl_signature - the option ``privatekey_content`` was not marked as ``no_log``,
resulting in it being dumped into the system log by default, and returned
in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
- x509_certificate - the options ``privatekey_content`` and ``ownca_privatekey_content``
were not marked as ``no_log``, resulting in it being dumped into the system
log by default, and returned in the registered results in the ``invocation``
field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
- x509_crl - the option ``privatekey_content`` was not marked as ``no_log``,
resulting in it being dumped into the system log by default, and returned
in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125).
fragments:
- 1.2.0.yml
- 109-openssl_pkcs12-crash-no-cert-key.yml
- 115-acme_certificate-csr_content.yml
- 121-x509_certificate_info-fingerprints.yml
- cve-2020-25646.yml
release_date: '2020-10-13'

1
changelogs/fragments/1.2.0.yml
View File

@ -1 +0,0 @@
release_summary: Please note that this release fixes a security issue (CVE-2020-25646).

2
changelogs/fragments/109-openssl_pkcs12-crash-no-cert-key.yml
View File

@ -1,2 +0,0 @@
bugfixes:
- "openssl_pkcs12 - do not crash when reading PKCS#12 file which has no private key and/or no main certificate (https://github.com/ansible-collections/community.crypto/issues/103)."

2
changelogs/fragments/115-acme_certificate-csr_content.yml
View File

@ -1,2 +0,0 @@
minor_changes:
- acme_certificate - allow to pass CSR file as content with new option ``csr_content`` (https://github.com/ansible-collections/community.crypto/pull/115).

2
changelogs/fragments/121-x509_certificate_info-fingerprints.yml
View File

@ -1,2 +0,0 @@
minor_changes:
- "x509_certificate_info - add ``fingerprints`` return value which returns certificate fingerprints (https://github.com/ansible-collections/community.crypto/pull/121)."

7
changelogs/fragments/cve-2020-25646.yml
View File

@ -1,7 +0,0 @@
security_fixes:
- "openssl_csr - the option ``privatekey_content`` was not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125)."
- "openssl_privatekey_info - the option ``content`` was not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125)."
- "openssl_publickey - the option ``privatekey_content`` was not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125)."
- "openssl_signature - the option ``privatekey_content`` was not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125)."
- "x509_certificate - the options ``privatekey_content`` and ``ownca_privatekey_content`` were not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125)."
- "x509_crl - the option ``privatekey_content`` was not marked as ``no_log``, resulting in it being dumped into the system log by default, and returned in the registered results in the ``invocation`` field (CVE-2020-25646, https://github.com/ansible-collections/community.crypto/pull/125)."