- bundled urllib3: fix CVE-2023-45803
Resolves: RHEL-18139 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20917 - bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-21345
This commit is contained in:
Oyvind Albrigtsen
parent
755b87f94b
commit
193cba6cc4
@ -1,26 +0,0 @@
|
||||
From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001
|
||||
From: Quentin Pradet <quentin.pradet@gmail.com>
|
||||
Date: Mon, 2 Oct 2023 19:46:16 +0400
|
||||
Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f
|
||||
|
||||
---
|
||||
CHANGES.rst | 5 ++++
|
||||
docs/user-guide.rst | 3 +++
|
||||
src/urllib3/util/retry.py | 2 +-
|
||||
test/test_retry.py | 4 +--
|
||||
test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++-----
|
||||
5 files changed, 35 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
|
||||
index ea48afe3ca..7572bfd26a 100644
|
||||
--- a/kubevirt/urllib3/util/retry.py
|
||||
+++ b/kubevirt/urllib3/util/retry.py
|
||||
@@ -187,7 +187,7 @@ class Retry:
|
||||
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||
|
||||
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
|
||||
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||
|
||||
#: Default maximum backoff time.
|
||||
DEFAULT_BACKOFF_MAX = 120
|
||||
@ -1,59 +0,0 @@
|
||||
From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001
|
||||
From: Quentin Pradet <quentin.pradet@gmail.com>
|
||||
Date: Mon, 2 Oct 2023 19:46:16 +0400
|
||||
Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f
|
||||
|
||||
---
|
||||
CHANGES.rst | 5 ++++
|
||||
docs/user-guide.rst | 3 +++
|
||||
src/urllib3/util/retry.py | 2 +-
|
||||
test/test_retry.py | 4 +--
|
||||
test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++-----
|
||||
5 files changed, 35 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
|
||||
index ea48afe3ca..7572bfd26a 100644
|
||||
--- a/aws/urllib3/util/retry.py
|
||||
+++ b/aws/urllib3/util/retry.py
|
||||
@@ -187,7 +187,7 @@ class Retry:
|
||||
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||
|
||||
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
|
||||
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||
|
||||
#: Default maximum backoff time.
|
||||
DEFAULT_BACKOFF_MAX = 120
|
||||
--- a/awscli/urllib3/util/retry.py
|
||||
+++ b/awscli/urllib3/util/retry.py
|
||||
@@ -187,7 +187,7 @@ class Retry:
|
||||
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||
|
||||
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
|
||||
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||
|
||||
#: Default maximum backoff time.
|
||||
DEFAULT_BACKOFF_MAX = 120
|
||||
--- a/azure/urllib3/util/retry.py
|
||||
+++ b/azure/urllib3/util/retry.py
|
||||
@@ -187,7 +187,7 @@ class Retry:
|
||||
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||
|
||||
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
|
||||
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||
|
||||
#: Default maximum backoff time.
|
||||
DEFAULT_BACKOFF_MAX = 120
|
||||
--- a/google/urllib3/util/retry.py
|
||||
+++ b/google/urllib3/util/retry.py
|
||||
@@ -187,7 +187,7 @@ class Retry:
|
||||
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||
|
||||
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
|
||||
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||
|
||||
#: Default maximum backoff time.
|
||||
DEFAULT_BACKOFF_MAX = 120
|
||||
@ -33,12 +33,12 @@
|
||||
%global pyyaml_version 5.1
|
||||
%global six six
|
||||
%global six_version 1.16.0
|
||||
%global urllib3 urllib3
|
||||
%global urllib3_version 1.26.7
|
||||
%global websocketclient websocket-client
|
||||
%global websocketclient_version 1.2.1
|
||||
%global urllib3 urllib3
|
||||
%global urllib3_version 1.26.18
|
||||
%global websocketclient websocket-client
|
||||
%global websocketclient_version 1.2.1
|
||||
%global jinja2 Jinja2
|
||||
%global jinja2_version 3.0.2
|
||||
%global jinja2_version 3.1.3
|
||||
%global markupsafe MarkupSafe
|
||||
%global markupsafe_version 2.0.1
|
||||
%global stringutils string-utils
|
||||
@ -59,7 +59,7 @@
|
||||
Name: fence-agents
|
||||
Summary: Set of unified programs capable of host isolation ("fencing")
|
||||
Version: 4.10.0
|
||||
Release: 61%{?alphatag:.%{alphatag}}%{?dist}
|
||||
Release: 62%{?alphatag:.%{alphatag}}%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
URL: https://github.com/ClusterLabs/fence-agents
|
||||
Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
|
||||
@ -83,7 +83,7 @@ Source1002: aliyuncli-2.1.10-py2.py3-none-any.whl
|
||||
Source1003: cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl
|
||||
Source1004: colorama-0.3.3.tar.gz
|
||||
Source1005: jmespath-0.7.1-py2.py3-none-any.whl
|
||||
Source1006: pycryptodome-3.10.1-cp35-abi3-manylinux2010_x86_64.whl
|
||||
Source1006: pycryptodome-3.20.0.tar.gz
|
||||
Source1007: pycparser-2.20-py2.py3-none-any.whl
|
||||
# awscli
|
||||
Source1008: awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl
|
||||
@ -100,7 +100,7 @@ Source1017: boto3-1.17.102-py2.py3-none-any.whl
|
||||
Source1018: botocore-1.20.102-py2.py3-none-any.whl
|
||||
Source1019: python_dateutil-2.8.1-py2.py3-none-any.whl
|
||||
Source1020: s3transfer-0.4.2-py2.py3-none-any.whl
|
||||
Source1021: urllib3-1.26.6-py2.py3-none-any.whl
|
||||
Source1021: urllib3-1.26.18.tar.gz
|
||||
# azure
|
||||
Source1022: adal-1.2.7-py2.py3-none-any.whl
|
||||
Source1023: azure_common-1.1.27-py2.py3-none-any.whl
|
||||
@ -169,24 +169,23 @@ Source1078: %{pyyaml}-%{pyyaml_version}.tar.gz
|
||||
## but gets removed to use cryptography lib instead
|
||||
Source1079: rsa-4.7.2.tar.gz
|
||||
Source1080: %{six}-%{six_version}.tar.gz
|
||||
Source1081: %{urllib3}-%{urllib3_version}.tar.gz
|
||||
Source1082: %{websocketclient}-%{websocketclient_version}.tar.gz
|
||||
Source1083: %{jinja2}-%{jinja2_version}.tar.gz
|
||||
Source1084: %{markupsafe}-%{markupsafe_version}.tar.gz
|
||||
Source1085: python-%{stringutils}-%{stringutils_version}.tar.gz
|
||||
Source1086: %{requests}-%{requests_version}.tar.gz
|
||||
Source1087: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz
|
||||
Source1088: %{idna}-%{idna_version}.tar.gz
|
||||
Source1089: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz
|
||||
Source1090: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz
|
||||
Source1091: %{setuptools}-%{setuptools_version}.tar.gz
|
||||
Source1081: %{websocketclient}-%{websocketclient_version}.tar.gz
|
||||
Source1082: %{jinja2}-%{jinja2_version}.tar.gz
|
||||
Source1083: %{markupsafe}-%{markupsafe_version}.tar.gz
|
||||
Source1084: python-%{stringutils}-%{stringutils_version}.tar.gz
|
||||
Source1085: %{requests}-%{requests_version}.tar.gz
|
||||
Source1086: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz
|
||||
Source1087: %{idna}-%{idna_version}.tar.gz
|
||||
Source1088: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz
|
||||
Source1089: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz
|
||||
Source1090: %{setuptools}-%{setuptools_version}.tar.gz
|
||||
## required for installation
|
||||
Source1092: setuptools_scm-6.3.2.tar.gz
|
||||
Source1093: packaging-21.2-py3-none-any.whl
|
||||
Source1094: poetry-core-1.0.7.tar.gz
|
||||
Source1095: pyparsing-3.0.1.tar.gz
|
||||
Source1096: tomli-1.0.1.tar.gz
|
||||
Source1097: wheel-0.37.0-py2.py3-none-any.whl
|
||||
Source1091: setuptools_scm-6.3.2.tar.gz
|
||||
Source1092: packaging-21.2-py3-none-any.whl
|
||||
Source1093: poetry-core-1.0.7.tar.gz
|
||||
Source1094: pyparsing-3.0.1.tar.gz
|
||||
Source1095: tomli-1.0.1.tar.gz
|
||||
Source1096: wheel-0.37.0-py2.py3-none-any.whl
|
||||
### END
|
||||
|
||||
Patch0: ha-cloud-support-aliyun.patch
|
||||
@ -246,10 +245,8 @@ Patch52: RHEL-14344-fence_zvmip-2-fix-manpage-formatting.patch
|
||||
### HA support libs/utils ###
|
||||
# all archs
|
||||
Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||
Patch1001: RHEL-11999-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch
|
||||
# cloud (x86_64 only)
|
||||
Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||
Patch2001: RHEL-11999-2-aws-awscli-azure-google-fix-bundled-urllib3-CVE-2023-43804.patch
|
||||
|
||||
%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
|
||||
%ifarch x86_64
|
||||
@ -451,11 +448,9 @@ rm -rf kubevirt/rsa*
|
||||
# regular patch doesnt work in build-section
|
||||
pushd support
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000}
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1001}
|
||||
|
||||
%ifarch x86_64
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000}
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2001}
|
||||
%endif
|
||||
popd
|
||||
|
||||
@ -588,7 +583,7 @@ Provides: bundled(aliyuncli) = 2.1.10
|
||||
Provides: bundled(python-cffi) = 1.14.5
|
||||
Provides: bundled(python-colorama) = 0.3.3
|
||||
Provides: bundled(python-jmespath) = 0.7.1
|
||||
Provides: bundled(python-pycryptodome) = 3.10.1
|
||||
Provides: bundled(python-pycryptodome) = 3.20.0
|
||||
Provides: bundled(python-pycparser) = 2.20
|
||||
# awscli
|
||||
Provides: bundled(awscli) = 2.2.15
|
||||
@ -606,7 +601,7 @@ Provides: bundled(python-boto3) = 1.17.102
|
||||
Provides: bundled(python-botocore) = 1.20.102
|
||||
Provides: bundled(python-dateutil) = 2.8.1
|
||||
Provides: bundled(python-s3transfer) = 0.4.2
|
||||
Provides: bundled(python-urllib3) = 1.26.6
|
||||
Provides: bundled(python-urllib3) = 1.26.18
|
||||
# azure
|
||||
Provides: bundled(python-adal) = 1.2.7
|
||||
Provides: bundled(python-azure-common) = 1.1.27
|
||||
@ -1491,6 +1486,14 @@ are located on corosync cluster nodes.
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Jan 18 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-62
|
||||
- bundled urllib3: fix CVE-2023-45803
|
||||
Resolves: RHEL-18139
|
||||
- bundled pycryptodome: fix CVE-2023-52323
|
||||
Resolves: RHEL-20917
|
||||
- bundled jinja2: fix CVE-2024-22195
|
||||
Resolves: RHEL-21345
|
||||
|
||||
* Wed Jan 3 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-61
|
||||
- fence_zvmip: document required user permissions in metadata/manpage
|
||||
Resolves: RHEL-14344
|
||||
|
||||
7
sources
7
sources
@ -12,7 +12,7 @@ SHA512 (aliyuncli-2.1.10-py2.py3-none-any.whl) = d777881a0235986da7b8954b01a671a
|
||||
SHA512 (cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl) = 3c73e06bef8e9646beacc584d59ecf42de013034194d6eb59f1abf279e8fe5468e106fcd47802ce1d264d3c1d9122af3c66ea1229db78a768f7ea069ddc2fd72
|
||||
SHA512 (colorama-0.3.3.tar.gz) = 8e6177ea60ab8f1267ce982f23803a9d2eb0c4550d7eac4776416d62a99d1ce03254fc64cc959ca95e2409ceeff081d4d19359c383e969dfb921b44c56914495
|
||||
SHA512 (jmespath-0.7.1-py2.py3-none-any.whl) = e035bbd4e716066fc6a6282505a51dac8ec738a2794db958aef9edefb9871aa2424ead0ffb80d8cda75436b23ebc02f96201b3960e48d3ea3299e9b4aa8a6958
|
||||
SHA512 (pycryptodome-3.10.1-cp35-abi3-manylinux2010_x86_64.whl) = c016ccea0db39c04a4dac0ef4a8f1331049fbe0b34bab2791e42e9b5c9a20305bda482092af05940da3a641fac1e9aa95f76d982221bf9ca792114ff3efd4f4b
|
||||
SHA512 (pycryptodome-3.20.0.tar.gz) = 9fed02190db9ae71b6895af2525d7670858817acf213c494969104da81138dacb11bc00be83b308e070a2c90766cd763e25a611ada402b32f6160a8ac9283f85
|
||||
SHA512 (pycparser-2.20-py2.py3-none-any.whl) = 06dc9cefdcde6b97c96d0452a77db42a629c48ee545edd7ab241763e50e3b3c56d21f9fcce4e206817aa1a597763d948a10ccc73572490d739c89eea7fede0a1
|
||||
SHA512 (awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl) = f071293fd9710e8661f2a3a3ac4ad63748ab922fa8f9914be3b67844570c0b6f58696dd3335958369a828c35467312f1e77970039917923057624e5821cd68fa
|
||||
SHA512 (colorama-0.4.3-py2.py3-none-any.whl) = 7cb2e248fbda31049e23431a921c71d3ecca650011ba25290ce0bfabb616faa0f0185e49deda10a9a358d3b9355392864b51ef764a4020c33d0980af97a33024
|
||||
@ -27,7 +27,7 @@ SHA512 (boto3-1.17.102-py2.py3-none-any.whl) = 528b6d80aecca78076600f62f2cdcec3d
|
||||
SHA512 (botocore-1.20.102-py2.py3-none-any.whl) = 067d5828bfdafe72f5f641e2141fa61e1f995e6bbde6c68060028e33bd19f835c42d70b0fd519b0e6ac516ed5ab530af3b5a50154ab77a235bdb32bc8e9b5e8d
|
||||
SHA512 (python_dateutil-2.8.1-py2.py3-none-any.whl) = ff083825ef3c8a3c6887ceae79a4249b938f529b72d0b931b1e30c81856ec7c8ee0adf0e29e2a41d3c76ab4e1faabc1c4161fe977d14589d346a658e343aa122
|
||||
SHA512 (s3transfer-0.4.2-py2.py3-none-any.whl) = f0616baf3dff4a829e791593ed90406828b0a429690d5939a1bf216776fd35674d314175e8261627f707545f53f36d927458767517cac1d18066f02ff7b56681
|
||||
SHA512 (urllib3-1.26.6-py2.py3-none-any.whl) = a51e1d445735abbd264875bc8aaa46a939645419586fab399ce0e7cabd6d166efe79943a300b326d6a1f932609b03b0356bb4687d4a8c6e143757efa87328377
|
||||
SHA512 (urllib3-1.26.18.tar.gz) = c89e93a032bf6b11375c06ef7c5abc1868f93e7655cfdca09e9bd939ad415d206ea159fe151ecd2e5f725e0e18a831c7a5382ad01dbc32264154fc8af7aec156
|
||||
SHA512 (adal-1.2.7-py2.py3-none-any.whl) = 81e2b0b99fdb5b865ed8126a796e47f28032ed59d82da4ce1ca8743c4ea26afa58ad12bae25a22b0dc3baab80a369a08427fc688f1408e2fbc2b1a264819447b
|
||||
SHA512 (azure_common-1.1.27-py2.py3-none-any.whl) = 4871d9155c46d79b9f8851814c6a4aff4191ebf747e2157e195de9aff3a3a6cd674b18f93c497f5fd59ee3ac7b3e1d72501fc27ccac8b49b985f7ace70b92061
|
||||
SHA512 (azure_core-1.15.0-py2.py3-none-any.whl) = 89ea0646d3571841e841255e13f7f4b60838c96c39e8ecb1ae5336822d21307b592e1a1e5da413b2b484c51b51e5de5fb1a7031a10cec9698cc6472bcdc10406
|
||||
@ -87,9 +87,8 @@ SHA512 (python-dateutil-2.8.2.tar.gz) = 6538858e4a3e2d1de1bf25b6d8b25e3a8d20bf60
|
||||
SHA512 (PyYAML-5.1.tar.gz) = 8f27f92bdfa310a99dd6d83947332cc033fa18f0011998bb585ad5c4340a2da20d8c20bfdb53beaae15651198d1240c986818379b0a05b230f74d1f30f53e7fd
|
||||
SHA512 (rsa-4.7.2.tar.gz) = 63f561774dbaa10511167cba31e0f852e32b3250f2803edaa2729dc2b28baa2c42cb79dfbd49e38eb42ce82f665ed4c3d9dcc810c37380401e2c62202b1c7948
|
||||
SHA512 (six-1.16.0.tar.gz) = 076fe31c8f03b0b52ff44346759c7dc8317da0972403b84dfe5898179f55acdba6c78827e0f8a53ff20afe8b76432c6fe0d655a75c24259d9acbaa4d9e8015c0
|
||||
SHA512 (urllib3-1.26.7.tar.gz) = 6f5a5e6dd5ff99950fcc051495e0a698153b57e20b6c83d869b54c7fece9616909bcf2fe99efc40815f8722996ad93e430bf765ce5c629b912690c286014b86f
|
||||
SHA512 (websocket-client-1.2.1.tar.gz) = fdbeb7ac2add27478a17b388ac62e9378094a368f29749d8b63c274ee41836506369dddd083956f42f1f2d74948392b3ddd59b801c98f9e028c126bdb54c636b
|
||||
SHA512 (Jinja2-3.0.2.tar.gz) = cea7d24656bbc9117785886caee4eb28bc417bd7529152493ac2dd5041d798a1e30c0c5c619327817a708b1af8d08f13ae9125bbc7cb7d440045cb54d7bfbd9e
|
||||
SHA512 (Jinja2-3.1.3.tar.gz) = 5c36d0cd094b40626511f30c561176c095c49ef4066c2752a9edc3e6feb2430dafa866c17deebddcd0168aa1f0fd3944916d592c5c999639b8152e7c1009c700
|
||||
SHA512 (MarkupSafe-2.0.1.tar.gz) = 77249bda784111ece15d59eb3de1cbb37a58fb9f22902fe6b73fea9eb0f23857ccbe53dc55463278e3b91f78dc35e2b027fd823ca50d88d8985d5a98ce2327f1
|
||||
SHA512 (python-string-utils-1.0.0.tar.gz) = 23ee48053848edd74915a985ee9edec48bbba468e228745f7d27b6a855c67f6b7ddf1cf71049458bf0b1c6c4d4f905ebacfac960597cbadbbe2daa1fe9472280
|
||||
SHA512 (requests-2.26.0.tar.gz) = c3397d77f0d2f1afb05661c4b98adad6c1ddaf360906254150b33ab0d9479fd306905bd6d61b8cf8becd9a40bdcf9b03542e8267c644ef19f03f44bfca0bc461
|
||||
|
||||
Loading…
Reference in New Issue
Block a user