diff --git a/.fence-agents.metadata b/.fence-agents.metadata index 95cbaff..2ca1484 100644 --- a/.fence-agents.metadata +++ b/.fence-agents.metadata @@ -1,4 +1,4 @@ -3297473a9d57e93ff378eab173990c1b64673c01 SOURCES/Jinja2-3.0.2.tar.gz +a9db54d91b53f76f546afa1414dd015c0574ebeb SOURCES/Jinja2-3.1.3.tar.gz e1b766b2b1601fde67b3b19ed2f13b9746bb1cca SOURCES/MarkupSafe-2.0.1.tar.gz e1fb5dc6f95a85e7d1f93c6701b331201e8b5479 SOURCES/PyJWT-2.1.0-py3-none-any.whl 53fc16036940089ceadd4127381e40fd6106a7ed SOURCES/PyYAML-5.1.tar.gz @@ -61,7 +61,7 @@ e0fa19f8fda46a1fa2253477499b116b33f67175 SOURCES/pyasn1-0.4.8.tar.gz 43b89feb6864fe359aae89120627165219de313b SOURCES/pyasn1-modules-0.2.8.tar.gz d77aa46abbcaccc4054a0777a191e427c785c65a SOURCES/pyasn1_modules-0.2.8-py2.py3-none-any.whl a0df3ebc552b551f8e99a05cf0a29ce30bef62ee SOURCES/pycparser-2.20-py2.py3-none-any.whl -df33feb2a14904c0461b5dcc3ca31f910206e7bd SOURCES/pycryptodome-3.10.1-cp35-abi3-manylinux2010_x86_64.whl +c55d177e9484d974c95078d4ae945f89ba2c7251 SOURCES/pycryptodome-3.20.0.tar.gz c8307f47e3b75a2d02af72982a2dfefa3f56e407 SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl 6082312a090f5be5e796e0854294da0738ec0379 SOURCES/pyparsing-3.0.1.tar.gz 24213006f983ada342ed86ea516028fdbb1ac66f SOURCES/pyroute2-0.6.4.tar.gz @@ -94,8 +94,7 @@ a4f02fddae697614e356cadfddb6241cc7737f38 SOURCES/setuptools_scm-6.3.2.tar.gz 47a980b20875d1a1714e921552b5bb0eda190f37 SOURCES/suds_community-0.8.5-py3-none-any.whl b42b7960047441db7dc021cc20e14279bd836f8d SOURCES/tomli-1.0.1.tar.gz 83be56610e5f824bb05ff7a5618d6d4df9b6cc08 SOURCES/uritemplate-3.0.1-py2.py3-none-any.whl -206b17697417cbf5fc55f1e39c7ceb2197fe3e63 SOURCES/urllib3-1.26.6-py2.py3-none-any.whl -eb35c3fd8b0867ae988a15917d6b80e8bdf60222 SOURCES/urllib3-1.26.7.tar.gz +84e2852d8da1655373f7ce5e7d5d3e256b62b4e4 SOURCES/urllib3-1.26.18.tar.gz 7126323614cada181bc8b06436e80ef372ff8656 SOURCES/wcwidth-0.1.9-py2.py3-none-any.whl 540f083782c584989c1a0f69ffd69ba7aae07db6 SOURCES/websocket-client-1.2.1.tar.gz b6c48d8714e043524be7a869d1db0adcd8441cd4 SOURCES/wheel-0.37.0-py2.py3-none-any.whl diff --git a/.gitignore b/.gitignore index f438961..ccca1dd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -SOURCES/Jinja2-3.0.2.tar.gz +SOURCES/Jinja2-3.1.3.tar.gz SOURCES/MarkupSafe-2.0.1.tar.gz SOURCES/PyJWT-2.1.0-py3-none-any.whl SOURCES/PyYAML-5.1.tar.gz @@ -61,7 +61,7 @@ SOURCES/pyasn1-0.4.8.tar.gz SOURCES/pyasn1-modules-0.2.8.tar.gz SOURCES/pyasn1_modules-0.2.8-py2.py3-none-any.whl SOURCES/pycparser-2.20-py2.py3-none-any.whl -SOURCES/pycryptodome-3.10.1-cp35-abi3-manylinux2010_x86_64.whl +SOURCES/pycryptodome-3.20.0.tar.gz SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl SOURCES/pyparsing-3.0.1.tar.gz SOURCES/pyroute2-0.6.4.tar.gz @@ -94,8 +94,7 @@ SOURCES/six-1.16.0.tar.gz SOURCES/suds_community-0.8.5-py3-none-any.whl SOURCES/tomli-1.0.1.tar.gz SOURCES/uritemplate-3.0.1-py2.py3-none-any.whl -SOURCES/urllib3-1.26.6-py2.py3-none-any.whl -SOURCES/urllib3-1.26.7.tar.gz +SOURCES/urllib3-1.26.18.tar.gz SOURCES/wcwidth-0.1.9-py2.py3-none-any.whl SOURCES/websocket-client-1.2.1.tar.gz SOURCES/wheel-0.37.0-py2.py3-none-any.whl diff --git a/SOURCES/RHEL-12425-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch b/SOURCES/RHEL-12425-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch deleted file mode 100644 index f7e5004..0000000 --- a/SOURCES/RHEL-12425-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001 -From: Quentin Pradet -Date: Mon, 2 Oct 2023 19:46:16 +0400 -Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f - ---- - CHANGES.rst | 5 ++++ - docs/user-guide.rst | 3 +++ - src/urllib3/util/retry.py | 2 +- - test/test_retry.py | 4 +-- - test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++----- - 5 files changed, 35 insertions(+), 9 deletions(-) - -diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py -index ea48afe3ca..7572bfd26a 100644 ---- a/kubevirt/urllib3/util/retry.py -+++ b/kubevirt/urllib3/util/retry.py -@@ -187,7 +187,7 @@ class Retry: - RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) - - #: Default headers to be used for ``remove_headers_on_redirect`` -- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"]) -+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) - - #: Default maximum backoff time. - DEFAULT_BACKOFF_MAX = 120 diff --git a/SOURCES/RHEL-12425-2-aws-awscli-azure-google-fix-bundled-urllib3-CVE-2023-43804.patch b/SOURCES/RHEL-12425-2-aws-awscli-azure-google-fix-bundled-urllib3-CVE-2023-43804.patch deleted file mode 100644 index 1d6feb9..0000000 --- a/SOURCES/RHEL-12425-2-aws-awscli-azure-google-fix-bundled-urllib3-CVE-2023-43804.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001 -From: Quentin Pradet -Date: Mon, 2 Oct 2023 19:46:16 +0400 -Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f - ---- - CHANGES.rst | 5 ++++ - docs/user-guide.rst | 3 +++ - src/urllib3/util/retry.py | 2 +- - test/test_retry.py | 4 +-- - test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++----- - 5 files changed, 35 insertions(+), 9 deletions(-) - -diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py -index ea48afe3ca..7572bfd26a 100644 ---- a/aws/urllib3/util/retry.py -+++ b/aws/urllib3/util/retry.py -@@ -187,7 +187,7 @@ class Retry: - RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) - - #: Default headers to be used for ``remove_headers_on_redirect`` -- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"]) -+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) - - #: Default maximum backoff time. - DEFAULT_BACKOFF_MAX = 120 ---- a/awscli/urllib3/util/retry.py -+++ b/awscli/urllib3/util/retry.py -@@ -187,7 +187,7 @@ class Retry: - RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) - - #: Default headers to be used for ``remove_headers_on_redirect`` -- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"]) -+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) - - #: Default maximum backoff time. - DEFAULT_BACKOFF_MAX = 120 ---- a/azure/urllib3/util/retry.py -+++ b/azure/urllib3/util/retry.py -@@ -187,7 +187,7 @@ class Retry: - RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) - - #: Default headers to be used for ``remove_headers_on_redirect`` -- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"]) -+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) - - #: Default maximum backoff time. - DEFAULT_BACKOFF_MAX = 120 ---- a/google/urllib3/util/retry.py -+++ b/google/urllib3/util/retry.py -@@ -187,7 +187,7 @@ class Retry: - RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) - - #: Default headers to be used for ``remove_headers_on_redirect`` -- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"]) -+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) - - #: Default maximum backoff time. - DEFAULT_BACKOFF_MAX = 120 diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec index d585c3f..65dead9 100644 --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -33,12 +33,12 @@ %global pyyaml_version 5.1 %global six six %global six_version 1.16.0 -%global urllib3 urllib3 -%global urllib3_version 1.26.7 -%global websocketclient websocket-client -%global websocketclient_version 1.2.1 +%global urllib3 urllib3 +%global urllib3_version 1.26.18 +%global websocketclient websocket-client +%global websocketclient_version 1.2.1 %global jinja2 Jinja2 -%global jinja2_version 3.0.2 +%global jinja2_version 3.1.3 %global markupsafe MarkupSafe %global markupsafe_version 2.0.1 %global stringutils string-utils @@ -59,7 +59,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 55%{?alphatag:.%{alphatag}}%{?dist}.2 +Release: 55%{?alphatag:.%{alphatag}}%{?dist}.3 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -83,7 +83,7 @@ Source1002: aliyuncli-2.1.10-py2.py3-none-any.whl Source1003: cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl Source1004: colorama-0.3.3.tar.gz Source1005: jmespath-0.7.1-py2.py3-none-any.whl -Source1006: pycryptodome-3.10.1-cp35-abi3-manylinux2010_x86_64.whl +Source1006: pycryptodome-3.20.0.tar.gz Source1007: pycparser-2.20-py2.py3-none-any.whl # awscli Source1008: awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl @@ -100,7 +100,7 @@ Source1017: boto3-1.17.102-py2.py3-none-any.whl Source1018: botocore-1.20.102-py2.py3-none-any.whl Source1019: python_dateutil-2.8.1-py2.py3-none-any.whl Source1020: s3transfer-0.4.2-py2.py3-none-any.whl -Source1021: urllib3-1.26.6-py2.py3-none-any.whl +Source1021: urllib3-1.26.18.tar.gz # azure Source1022: adal-1.2.7-py2.py3-none-any.whl Source1023: azure_common-1.1.27-py2.py3-none-any.whl @@ -169,24 +169,23 @@ Source1078: %{pyyaml}-%{pyyaml_version}.tar.gz ## but gets removed to use cryptography lib instead Source1079: rsa-4.7.2.tar.gz Source1080: %{six}-%{six_version}.tar.gz -Source1081: %{urllib3}-%{urllib3_version}.tar.gz -Source1082: %{websocketclient}-%{websocketclient_version}.tar.gz -Source1083: %{jinja2}-%{jinja2_version}.tar.gz -Source1084: %{markupsafe}-%{markupsafe_version}.tar.gz -Source1085: python-%{stringutils}-%{stringutils_version}.tar.gz -Source1086: %{requests}-%{requests_version}.tar.gz -Source1087: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz -Source1088: %{idna}-%{idna_version}.tar.gz -Source1089: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz -Source1090: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz -Source1091: %{setuptools}-%{setuptools_version}.tar.gz +Source1081: %{websocketclient}-%{websocketclient_version}.tar.gz +Source1082: %{jinja2}-%{jinja2_version}.tar.gz +Source1083: %{markupsafe}-%{markupsafe_version}.tar.gz +Source1084: python-%{stringutils}-%{stringutils_version}.tar.gz +Source1085: %{requests}-%{requests_version}.tar.gz +Source1086: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz +Source1087: %{idna}-%{idna_version}.tar.gz +Source1088: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz +Source1089: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz +Source1090: %{setuptools}-%{setuptools_version}.tar.gz ## required for installation -Source1092: setuptools_scm-6.3.2.tar.gz -Source1093: packaging-21.2-py3-none-any.whl -Source1094: poetry-core-1.0.7.tar.gz -Source1095: pyparsing-3.0.1.tar.gz -Source1096: tomli-1.0.1.tar.gz -Source1097: wheel-0.37.0-py2.py3-none-any.whl +Source1091: setuptools_scm-6.3.2.tar.gz +Source1092: packaging-21.2-py3-none-any.whl +Source1093: poetry-core-1.0.7.tar.gz +Source1094: pyparsing-3.0.1.tar.gz +Source1095: tomli-1.0.1.tar.gz +Source1096: wheel-0.37.0-py2.py3-none-any.whl ### END Patch0: ha-cloud-support-aliyun.patch @@ -240,10 +239,8 @@ Patch46: bz2224267-fence_ipmilan-fix-typos-in-metadata.patch ### HA support libs/utils ### # all archs Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch -Patch1001: RHEL-12425-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch # cloud (x86_64 only) Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch -Patch2001: RHEL-12425-2-aws-awscli-azure-google-fix-bundled-urllib3-CVE-2023-43804.patch %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 @@ -439,11 +436,9 @@ rm -rf kubevirt/rsa* # regular patch doesnt work in build-section pushd support /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000} -/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1001} %ifarch x86_64 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000} -/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2001} %endif popd @@ -576,7 +571,7 @@ Provides: bundled(aliyuncli) = 2.1.10 Provides: bundled(python-cffi) = 1.14.5 Provides: bundled(python-colorama) = 0.3.3 Provides: bundled(python-jmespath) = 0.7.1 -Provides: bundled(python-pycryptodome) = 3.10.1 +Provides: bundled(python-pycryptodome) = 3.20.0 Provides: bundled(python-pycparser) = 2.20 # awscli Provides: bundled(awscli) = 2.2.15 @@ -594,7 +589,7 @@ Provides: bundled(python-boto3) = 1.17.102 Provides: bundled(python-botocore) = 1.20.102 Provides: bundled(python-dateutil) = 2.8.1 Provides: bundled(python-s3transfer) = 0.4.2 -Provides: bundled(python-urllib3) = 1.26.6 +Provides: bundled(python-urllib3) = 1.26.18 # azure Provides: bundled(python-adal) = 1.2.7 Provides: bundled(python-azure-common) = 1.1.27 @@ -1479,6 +1474,14 @@ are located on corosync cluster nodes. %endif %changelog +* Thu Jan 18 2024 Oyvind Albrigtsen - 4.10.0-55.3 +- bundled urllib3: fix CVE-2023-45803 + Resolves: RHEL-21714 +- bundled pycryptodome: fix CVE-2023-52323 + Resolves: RHEL-21722 +- bundled jinja2: fix CVE-2024-22195 + Resolves: RHEL-21736 + * Wed Oct 11 2023 Oyvind Albrigtsen - 4.10.0-55.2 - bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-12425