import fence-agents-4.10.0-55.el9_3.3

10 months ago · c9f101ccb3
parent 6efff29d16
commit c9f101ccb3
5 changed files with 40 additions and 124 deletions
--- a/.fence-agents.metadata
+++ b/.fence-agents.metadata
@ -1,4 +1,4 @@
-3297473a9d57e93ff378eab173990c1b64673c01 SOURCES/Jinja2-3.0.2.tar.gz
+a9db54d91b53f76f546afa1414dd015c0574ebeb SOURCES/Jinja2-3.1.3.tar.gz
 e1b766b2b1601fde67b3b19ed2f13b9746bb1cca SOURCES/MarkupSafe-2.0.1.tar.gz
 e1fb5dc6f95a85e7d1f93c6701b331201e8b5479 SOURCES/PyJWT-2.1.0-py3-none-any.whl
 53fc16036940089ceadd4127381e40fd6106a7ed SOURCES/PyYAML-5.1.tar.gz
@ -61,7 +61,7 @@ e0fa19f8fda46a1fa2253477499b116b33f67175 SOURCES/pyasn1-0.4.8.tar.gz
 43b89feb6864fe359aae89120627165219de313b SOURCES/pyasn1-modules-0.2.8.tar.gz
 d77aa46abbcaccc4054a0777a191e427c785c65a SOURCES/pyasn1_modules-0.2.8-py2.py3-none-any.whl
 a0df3ebc552b551f8e99a05cf0a29ce30bef62ee SOURCES/pycparser-2.20-py2.py3-none-any.whl
-df33feb2a14904c0461b5dcc3ca31f910206e7bd SOURCES/pycryptodome-3.10.1-cp35-abi3-manylinux2010_x86_64.whl
+c55d177e9484d974c95078d4ae945f89ba2c7251 SOURCES/pycryptodome-3.20.0.tar.gz
 c8307f47e3b75a2d02af72982a2dfefa3f56e407 SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
 6082312a090f5be5e796e0854294da0738ec0379 SOURCES/pyparsing-3.0.1.tar.gz
 24213006f983ada342ed86ea516028fdbb1ac66f SOURCES/pyroute2-0.6.4.tar.gz
@ -94,8 +94,7 @@ a4f02fddae697614e356cadfddb6241cc7737f38 SOURCES/setuptools_scm-6.3.2.tar.gz
 47a980b20875d1a1714e921552b5bb0eda190f37 SOURCES/suds_community-0.8.5-py3-none-any.whl
 b42b7960047441db7dc021cc20e14279bd836f8d SOURCES/tomli-1.0.1.tar.gz
 83be56610e5f824bb05ff7a5618d6d4df9b6cc08 SOURCES/uritemplate-3.0.1-py2.py3-none-any.whl
-206b17697417cbf5fc55f1e39c7ceb2197fe3e63 SOURCES/urllib3-1.26.6-py2.py3-none-any.whl
-eb35c3fd8b0867ae988a15917d6b80e8bdf60222 SOURCES/urllib3-1.26.7.tar.gz
+84e2852d8da1655373f7ce5e7d5d3e256b62b4e4 SOURCES/urllib3-1.26.18.tar.gz
 7126323614cada181bc8b06436e80ef372ff8656 SOURCES/wcwidth-0.1.9-py2.py3-none-any.whl
 540f083782c584989c1a0f69ffd69ba7aae07db6 SOURCES/websocket-client-1.2.1.tar.gz
 b6c48d8714e043524be7a869d1db0adcd8441cd4 SOURCES/wheel-0.37.0-py2.py3-none-any.whl
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
-SOURCES/Jinja2-3.0.2.tar.gz
+SOURCES/Jinja2-3.1.3.tar.gz
 SOURCES/MarkupSafe-2.0.1.tar.gz
 SOURCES/PyJWT-2.1.0-py3-none-any.whl
 SOURCES/PyYAML-5.1.tar.gz
@ -61,7 +61,7 @@ SOURCES/pyasn1-0.4.8.tar.gz
 SOURCES/pyasn1-modules-0.2.8.tar.gz
 SOURCES/pyasn1_modules-0.2.8-py2.py3-none-any.whl
 SOURCES/pycparser-2.20-py2.py3-none-any.whl
-SOURCES/pycryptodome-3.10.1-cp35-abi3-manylinux2010_x86_64.whl
+SOURCES/pycryptodome-3.20.0.tar.gz
 SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
 SOURCES/pyparsing-3.0.1.tar.gz
 SOURCES/pyroute2-0.6.4.tar.gz
@ -94,8 +94,7 @@ SOURCES/six-1.16.0.tar.gz
 SOURCES/suds_community-0.8.5-py3-none-any.whl
 SOURCES/tomli-1.0.1.tar.gz
 SOURCES/uritemplate-3.0.1-py2.py3-none-any.whl
-SOURCES/urllib3-1.26.6-py2.py3-none-any.whl
-SOURCES/urllib3-1.26.7.tar.gz
+SOURCES/urllib3-1.26.18.tar.gz
 SOURCES/wcwidth-0.1.9-py2.py3-none-any.whl
 SOURCES/websocket-client-1.2.1.tar.gz
 SOURCES/wheel-0.37.0-py2.py3-none-any.whl
--- a/SOURCES/RHEL-12425-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch
+++ b/SOURCES/RHEL-12425-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch
@ -1,26 +0,0 @@
-From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001
-From: Quentin Pradet <quentin.pradet@gmail.com>
-Date: Mon, 2 Oct 2023 19:46:16 +0400
-Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f
-
---
- CHANGES.rst                               |  5 ++++
- docs/user-guide.rst                       |  3 +++
- src/urllib3/util/retry.py                 |  2 +-
- test/test_retry.py                        |  4 +--
- test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++-----
- 5 files changed, 35 insertions(+), 9 deletions(-)
-
-diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
-index ea48afe3ca..7572bfd26a 100644
--- a/kubevirt/urllib3/util/retry.py
-+++ b/kubevirt/urllib3/util/retry.py
-@@ -187,7 +187,7 @@ class Retry:
-     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
- 
-     #: Default headers to be used for ``remove_headers_on_redirect``
-    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
-+    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
- 
-     #: Default maximum backoff time.
-     DEFAULT_BACKOFF_MAX = 120
--- a/SOURCES/RHEL-12425-2-aws-awscli-azure-google-fix-bundled-urllib3-CVE-2023-43804.patch
+++ b/SOURCES/RHEL-12425-2-aws-awscli-azure-google-fix-bundled-urllib3-CVE-2023-43804.patch
@ -1,59 +0,0 @@
-From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001
-From: Quentin Pradet <quentin.pradet@gmail.com>
-Date: Mon, 2 Oct 2023 19:46:16 +0400
-Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f
-
---
- CHANGES.rst                               |  5 ++++
- docs/user-guide.rst                       |  3 +++
- src/urllib3/util/retry.py                 |  2 +-
- test/test_retry.py                        |  4 +--
- test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++-----
- 5 files changed, 35 insertions(+), 9 deletions(-)
-
-diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
-index ea48afe3ca..7572bfd26a 100644
--- a/aws/urllib3/util/retry.py
-+++ b/aws/urllib3/util/retry.py
-@@ -187,7 +187,7 @@ class Retry:
-     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
- 
-     #: Default headers to be used for ``remove_headers_on_redirect``
-    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
-+    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
- 
-     #: Default maximum backoff time.
-     DEFAULT_BACKOFF_MAX = 120
--- a/awscli/urllib3/util/retry.py
-+++ b/awscli/urllib3/util/retry.py
-@@ -187,7 +187,7 @@ class Retry:
-     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
- 
-     #: Default headers to be used for ``remove_headers_on_redirect``
-    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
-+    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
- 
-     #: Default maximum backoff time.
-     DEFAULT_BACKOFF_MAX = 120
--- a/azure/urllib3/util/retry.py
-+++ b/azure/urllib3/util/retry.py
-@@ -187,7 +187,7 @@ class Retry:
-     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
- 
-     #: Default headers to be used for ``remove_headers_on_redirect``
-    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
-+    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
- 
-     #: Default maximum backoff time.
-     DEFAULT_BACKOFF_MAX = 120
--- a/google/urllib3/util/retry.py
-+++ b/google/urllib3/util/retry.py
-@@ -187,7 +187,7 @@ class Retry:
-     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
- 
-     #: Default headers to be used for ``remove_headers_on_redirect``
-    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
-+    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
- 
-     #: Default maximum backoff time.
-     DEFAULT_BACKOFF_MAX = 120
--- a/SPECS/fence-agents.spec
+++ b/SPECS/fence-agents.spec
@ -33,12 +33,12 @@
 %global pyyaml_version		5.1
 %global six			six
 %global six_version		1.16.0
-%global urllib3			urllib3
-%global urllib3_version		1.26.7
-%global websocketclient		websocket-client
-%global websocketclient_version	1.2.1
+%global urllib3 		urllib3
+%global urllib3_version 	1.26.18
+%global websocketclient 	websocket-client
+%global websocketclient_version 1.2.1
 %global jinja2			Jinja2
-%global jinja2_version		3.0.2
+%global jinja2_version		3.1.3
 %global markupsafe		MarkupSafe
 %global markupsafe_version	2.0.1
 %global stringutils		string-utils
@ -59,7 +59,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.10.0
-Release: 55%{?alphatag:.%{alphatag}}%{?dist}.2
+Release: 55%{?alphatag:.%{alphatag}}%{?dist}.3
 License: GPLv2+ and LGPLv2+
 URL: https://github.com/ClusterLabs/fence-agents
 Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
@ -83,7 +83,7 @@ Source1002: aliyuncli-2.1.10-py2.py3-none-any.whl
 Source1003: cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl
 Source1004: colorama-0.3.3.tar.gz
 Source1005: jmespath-0.7.1-py2.py3-none-any.whl
-Source1006: pycryptodome-3.10.1-cp35-abi3-manylinux2010_x86_64.whl
+Source1006: pycryptodome-3.20.0.tar.gz
 Source1007: pycparser-2.20-py2.py3-none-any.whl
 # awscli
 Source1008: awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl
@ -100,7 +100,7 @@ Source1017: boto3-1.17.102-py2.py3-none-any.whl
 Source1018: botocore-1.20.102-py2.py3-none-any.whl
 Source1019: python_dateutil-2.8.1-py2.py3-none-any.whl
 Source1020: s3transfer-0.4.2-py2.py3-none-any.whl
-Source1021: urllib3-1.26.6-py2.py3-none-any.whl
+Source1021: urllib3-1.26.18.tar.gz
 # azure
 Source1022: adal-1.2.7-py2.py3-none-any.whl
 Source1023: azure_common-1.1.27-py2.py3-none-any.whl
@ -169,24 +169,23 @@ Source1078: %{pyyaml}-%{pyyaml_version}.tar.gz
 ## but gets removed to use cryptography lib instead
 Source1079: rsa-4.7.2.tar.gz
 Source1080: %{six}-%{six_version}.tar.gz
-Source1081: %{urllib3}-%{urllib3_version}.tar.gz
-Source1082: %{websocketclient}-%{websocketclient_version}.tar.gz
-Source1083: %{jinja2}-%{jinja2_version}.tar.gz
-Source1084: %{markupsafe}-%{markupsafe_version}.tar.gz
-Source1085: python-%{stringutils}-%{stringutils_version}.tar.gz
-Source1086: %{requests}-%{requests_version}.tar.gz
-Source1087: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz
-Source1088: %{idna}-%{idna_version}.tar.gz
-Source1089: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz
-Source1090: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz
-Source1091: %{setuptools}-%{setuptools_version}.tar.gz
+Source1081: %{websocketclient}-%{websocketclient_version}.tar.gz
+Source1082: %{jinja2}-%{jinja2_version}.tar.gz
+Source1083: %{markupsafe}-%{markupsafe_version}.tar.gz
+Source1084: python-%{stringutils}-%{stringutils_version}.tar.gz
+Source1085: %{requests}-%{requests_version}.tar.gz
+Source1086: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz
+Source1087: %{idna}-%{idna_version}.tar.gz
+Source1088: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz
+Source1089: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz
+Source1090: %{setuptools}-%{setuptools_version}.tar.gz
 ## required for installation
-Source1092: setuptools_scm-6.3.2.tar.gz
-Source1093: packaging-21.2-py3-none-any.whl
-Source1094: poetry-core-1.0.7.tar.gz
-Source1095: pyparsing-3.0.1.tar.gz
-Source1096: tomli-1.0.1.tar.gz
-Source1097: wheel-0.37.0-py2.py3-none-any.whl
+Source1091: setuptools_scm-6.3.2.tar.gz
+Source1092: packaging-21.2-py3-none-any.whl
+Source1093: poetry-core-1.0.7.tar.gz
+Source1094: pyparsing-3.0.1.tar.gz
+Source1095: tomli-1.0.1.tar.gz
+Source1096: wheel-0.37.0-py2.py3-none-any.whl
 ### END

 Patch0: ha-cloud-support-aliyun.patch
@ -240,10 +239,8 @@ Patch46: bz2224267-fence_ipmilan-fix-typos-in-metadata.patch
 ### HA support libs/utils ###
 # all archs
 Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
-Patch1001: RHEL-12425-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch
 # cloud (x86_64 only)
 Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
-Patch2001: RHEL-12425-2-aws-awscli-azure-google-fix-bundled-urllib3-CVE-2023-43804.patch

 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
 %ifarch x86_64
@ -439,11 +436,9 @@ rm -rf kubevirt/rsa*
 # regular patch doesnt work in build-section
 pushd support
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000}
-/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1001}

 %ifarch x86_64
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000}
-/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2001}
 %endif
 popd

@ -576,7 +571,7 @@ Provides: bundled(aliyuncli) = 2.1.10
 Provides: bundled(python-cffi) = 1.14.5
 Provides: bundled(python-colorama) = 0.3.3
 Provides: bundled(python-jmespath) = 0.7.1
-Provides: bundled(python-pycryptodome) = 3.10.1
+Provides: bundled(python-pycryptodome) = 3.20.0
 Provides: bundled(python-pycparser) = 2.20
 # awscli
 Provides: bundled(awscli) = 2.2.15
@ -594,7 +589,7 @@ Provides: bundled(python-boto3) = 1.17.102
 Provides: bundled(python-botocore) = 1.20.102
 Provides: bundled(python-dateutil) = 2.8.1
 Provides: bundled(python-s3transfer) = 0.4.2
-Provides: bundled(python-urllib3) = 1.26.6
+Provides: bundled(python-urllib3) = 1.26.18
 # azure
 Provides: bundled(python-adal) = 1.2.7
 Provides: bundled(python-azure-common) = 1.1.27
@ -1479,6 +1474,14 @@ are located on corosync cluster nodes.
 %endif

 %changelog
+* Thu Jan 18 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-55.3
+- bundled urllib3: fix CVE-2023-45803
+  Resolves: RHEL-21714
+- bundled pycryptodome: fix CVE-2023-52323
+  Resolves: RHEL-21722
+- bundled jinja2: fix CVE-2024-22195
+  Resolves: RHEL-21736
+
 * Wed Oct 11 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-55.2
 - bundled urllib3: fix CVE-2023-43804
  Resolves: RHEL-12425