From de78b22115747f00d70c9a815da2e6fcf8b58ee6 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 18 Sep 2024 12:19:04 +0000 Subject: [PATCH 1/2] import OL fence-agents-4.10.0-62.el9_4.5 --- .fence-agents.metadata | 9 +- .gitignore | 9 +- ...6-fix-bundled-urllib3-CVE-2024-37891.patch | 96 +++++++++++++++++++ SPECS/fence-agents.spec | 40 +++++--- 4 files changed, 131 insertions(+), 23 deletions(-) create mode 100644 SOURCES/RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch diff --git a/.fence-agents.metadata b/.fence-agents.metadata index d58a621..a0863d1 100644 --- a/.fence-agents.metadata +++ b/.fence-agents.metadata @@ -30,6 +30,7 @@ a8ee91adf4644bbdccfc73ead88f4cd0df7e3552 SOURCES/colorama-0.3.3.tar.gz 4b50bebad4c5036c030a78cbb869d039bc91c4ec SOURCES/distro-1.5.0-py2.py3-none-any.whl aafeddc912b74557754b2aaece3f1364be8e9f6a SOURCES/docutils-0.15.2-py3-none-any.whl 1ec823f807b73a377cdd47d12e2e34f046bfc889 SOURCES/fence-agents-4.10.0.tar.gz +05d6d7a3df5bdbd9df1b37a65662e5dbe94f23fd SOURCES/flit_core-3.9.0.tar.gz f4e578dc0ed68d6667d7b36cdfc2647d55e9858f SOURCES/google-auth-2.3.0.tar.gz ac160113ba8b78b0688edda9f9a088c0b4b5ded2 SOURCES/google_api_core-1.30.0-py2.py3-none-any.whl 4fd1eb2b927767158e91e369de441fd9221a82d9 SOURCES/google_api_python_client-1.12.8-py2.py3-none-any.whl @@ -86,13 +87,13 @@ abf532a0cc31ea224e3895f60025e7466b16d7ae SOURCES/ruamel.yaml-0.15.100.tar.gz d1011ff44cd5a045de0460c1b79ec65592e86860 SOURCES/ruamel.yaml-0.17.16.tar.gz 27de97227bbbde5a9f571f9fad223578d7bdf7cc SOURCES/ruamel.yaml.clib-0.2.6.tar.gz d7eb0ced8b9f12005ad6f13035689d5611f8a81a SOURCES/s3transfer-0.4.2-py2.py3-none-any.whl -0b0fcb339be89ae1b6360dbfb2be2075ae9f84c9 SOURCES/setuptools-57.0.0-py3-none-any.whl -d5354718cb8c9330d3abc27445467ce8a5ed9d70 SOURCES/setuptools-58.3.0.tar.gz -a4f02fddae697614e356cadfddb6241cc7737f38 SOURCES/setuptools_scm-6.3.2.tar.gz +54a0d57b77b6030aaca8992282189f4b7b627bc0 SOURCES/setuptools-71.1.0.tar.gz +749fa3bff5be78c80ac6d6d313c38c73d679542c SOURCES/setuptools_scm-8.1.0.tar.gz 79e6f2e4f9e24898f1896df379871b9c9922f147 SOURCES/six-1.16.0-py2.py3-none-any.whl 06fa0bb50f2a4e2917fd14c21e9d2d5508ce0163 SOURCES/six-1.16.0.tar.gz 47a980b20875d1a1714e921552b5bb0eda190f37 SOURCES/suds_community-0.8.5-py3-none-any.whl -b42b7960047441db7dc021cc20e14279bd836f8d SOURCES/tomli-1.0.1.tar.gz +3eae299137c59d6d6d30be01417366c57dd1adf5 SOURCES/tomli-2.0.1.tar.gz +1389615a3f0bd216e7db4440985d51fb3f2ea2c6 SOURCES/typing_extensions-4.12.2.tar.gz 83be56610e5f824bb05ff7a5618d6d4df9b6cc08 SOURCES/uritemplate-3.0.1-py2.py3-none-any.whl 84e2852d8da1655373f7ce5e7d5d3e256b62b4e4 SOURCES/urllib3-1.26.18.tar.gz 7126323614cada181bc8b06436e80ef372ff8656 SOURCES/wcwidth-0.1.9-py2.py3-none-any.whl diff --git a/.gitignore b/.gitignore index eb2f17e..e0d9e2d 100644 --- a/.gitignore +++ b/.gitignore @@ -30,6 +30,7 @@ SOURCES/cryptography-3.3.2-cp36-abi3-manylinux2010_x86_64.whl SOURCES/distro-1.5.0-py2.py3-none-any.whl SOURCES/docutils-0.15.2-py3-none-any.whl SOURCES/fence-agents-4.10.0.tar.gz +SOURCES/flit_core-3.9.0.tar.gz SOURCES/google-auth-2.3.0.tar.gz SOURCES/google_api_core-1.30.0-py2.py3-none-any.whl SOURCES/google_api_python_client-1.12.8-py2.py3-none-any.whl @@ -86,13 +87,13 @@ SOURCES/ruamel.yaml-0.15.100.tar.gz SOURCES/ruamel.yaml-0.17.16.tar.gz SOURCES/ruamel.yaml.clib-0.2.6.tar.gz SOURCES/s3transfer-0.4.2-py2.py3-none-any.whl -SOURCES/setuptools-57.0.0-py3-none-any.whl -SOURCES/setuptools-58.3.0.tar.gz -SOURCES/setuptools_scm-6.3.2.tar.gz +SOURCES/setuptools-71.1.0.tar.gz +SOURCES/setuptools_scm-8.1.0.tar.gz SOURCES/six-1.16.0-py2.py3-none-any.whl SOURCES/six-1.16.0.tar.gz SOURCES/suds_community-0.8.5-py3-none-any.whl -SOURCES/tomli-1.0.1.tar.gz +SOURCES/tomli-2.0.1.tar.gz +SOURCES/typing_extensions-4.12.2.tar.gz SOURCES/uritemplate-3.0.1-py2.py3-none-any.whl SOURCES/urllib3-1.26.18.tar.gz SOURCES/wcwidth-0.1.9-py2.py3-none-any.whl diff --git a/SOURCES/RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch b/SOURCES/RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch new file mode 100644 index 0000000..2c2de0e --- /dev/null +++ b/SOURCES/RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch @@ -0,0 +1,96 @@ +From accff72ecc2f6cf5a76d9570198a93ac7c90270e Mon Sep 17 00:00:00 2001 +From: Quentin Pradet +Date: Mon, 17 Jun 2024 11:09:06 +0400 +Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf + +* Strip Proxy-Authorization header on redirects + +* Fix test_retry_default_remove_headers_on_redirect + +* Set release date +--- + CHANGES.rst | 5 +++++ + src/urllib3/util/retry.py | 4 +++- + test/test_retry.py | 6 ++++- + test/with_dummyserver/test_poolmanager.py | 27 ++++++++++++++++++++--- + 4 files changed, 37 insertions(+), 5 deletions(-) + +diff --git a/awscli/urllib3/util/retry.py b/awscli/urllib3/util/retry.py +index 7a76a4a6ad..0456cceba4 100644 +--- a/awscli/urllib3/util/retry.py ++++ b/awscli/urllib3/util/retry.py +@@ -189,7 +189,9 @@ class Retry: + RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) + + #: Default headers to be used for ``remove_headers_on_redirect`` +- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) ++ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset( ++ ["Cookie", "Authorization", "Proxy-Authorization"] ++ ) + + #: Default maximum backoff time. + DEFAULT_BACKOFF_MAX = 120 + +diff --git a/aws/urllib3/util/retry.py b/aws/urllib3/util/retry.py +index 7a76a4a6ad..0456cceba4 100644 +--- a/aws/urllib3/util/retry.py ++++ b/aws/urllib3/util/retry.py +@@ -189,7 +189,9 @@ class Retry: + RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) + + #: Default headers to be used for ``remove_headers_on_redirect`` +- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) ++ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset( ++ ["Cookie", "Authorization", "Proxy-Authorization"] ++ ) + + #: Default maximum backoff time. + DEFAULT_BACKOFF_MAX = 120 + +diff --git a/azure/urllib3/util/retry.py b/azure/urllib3/util/retry.py +index 7a76a4a6ad..0456cceba4 100644 +--- a/azure/urllib3/util/retry.py ++++ b/azure/urllib3/util/retry.py +@@ -189,7 +189,9 @@ class Retry: + RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) + + #: Default headers to be used for ``remove_headers_on_redirect`` +- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) ++ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset( ++ ["Cookie", "Authorization", "Proxy-Authorization"] ++ ) + + #: Default maximum backoff time. + DEFAULT_BACKOFF_MAX = 120 + +diff --git a/google/urllib3/util/retry.py b/google/urllib3/util/retry.py +index 7a76a4a6ad..0456cceba4 100644 +--- a/google/urllib3/util/retry.py ++++ b/google/urllib3/util/retry.py +@@ -189,7 +189,9 @@ class Retry: + RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) + + #: Default headers to be used for ``remove_headers_on_redirect`` +- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) ++ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset( ++ ["Cookie", "Authorization", "Proxy-Authorization"] ++ ) + + #: Default maximum backoff time. + DEFAULT_BACKOFF_MAX = 120 + +diff --git a/kubevirt/urllib3/util/retry.py b/kubevirt/urllib3/util/retry.py +index 7a76a4a6ad..0456cceba4 100644 +--- a/kubevirt/urllib3/util/retry.py ++++ b/kubevirt/urllib3/util/retry.py +@@ -189,7 +189,9 @@ class Retry: + RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) + + #: Default headers to be used for ``remove_headers_on_redirect`` +- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"]) ++ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset( ++ ["Cookie", "Authorization", "Proxy-Authorization"] ++ ) + + #: Default maximum backoff time. + DEFAULT_BACKOFF_MAX = 120 diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec index e8bfe2b..b165234 100644 --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -53,13 +53,11 @@ %global reqstsoauthlib_version 1.3.0 %global ruamelyaml ruamel.yaml %global ruamelyaml_version 0.17.16 -%global setuptools setuptools -%global setuptools_version 58.3.0 Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 62%{?alphatag:.%{alphatag}}%{?dist}.3 +Release: 62%{?alphatag:.%{alphatag}}%{?dist}.5 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -145,7 +143,7 @@ Source1060: pyroute2.nftables-0.6.13.tar.gz Source1061: pyroute2.nslink-0.6.13.tar.gz Source1062: pytz-2021.1-py2.py3-none-any.whl Source1063: rsa-4.7.2-py3-none-any.whl -Source1064: setuptools-57.0.0-py3-none-any.whl +Source1064: setuptools-71.1.0.tar.gz Source1065: uritemplate-3.0.1-py2.py3-none-any.whl # common (pexpect / suds) Source1066: pexpect-4.8.0-py2.py3-none-any.whl @@ -178,14 +176,15 @@ Source1086: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz Source1087: %{idna}-%{idna_version}.tar.gz Source1088: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz Source1089: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz -Source1090: %{setuptools}-%{setuptools_version}.tar.gz ## required for installation -Source1091: setuptools_scm-6.3.2.tar.gz -Source1092: packaging-21.2-py3-none-any.whl -Source1093: poetry-core-1.0.7.tar.gz -Source1094: pyparsing-3.0.1.tar.gz -Source1095: tomli-1.0.1.tar.gz -Source1096: wheel-0.37.0-py2.py3-none-any.whl +Source1090: setuptools_scm-8.1.0.tar.gz +Source1091: packaging-21.2-py3-none-any.whl +Source1092: poetry-core-1.0.7.tar.gz +Source1093: pyparsing-3.0.1.tar.gz +Source1094: tomli-2.0.1.tar.gz +Source1095: flit_core-3.9.0.tar.gz +Source1096: typing_extensions-4.12.2.tar.gz +Source1097: wheel-0.37.0-py2.py3-none-any.whl ### END Patch0: ha-cloud-support-aliyun.patch @@ -249,6 +248,7 @@ Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch Patch1001: RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch # cloud (x86_64 only) Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch +Patch2001: RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 @@ -450,11 +450,12 @@ rm -rf kubevirt/rsa* # regular patch doesnt work in build-section pushd support -/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000} +/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1000} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1001} %ifarch x86_64 -/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000} +/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2000} +/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2001} %endif popd @@ -647,7 +648,7 @@ Provides: bundled(python-pyroute2-nftables) = 0.6.13 Provides: bundled(python-pyroute2-nslink) = 0.6.13 Provides: bundled(python-pytz) = 2021.1 Provides: bundled(python-rsa) = 4.7.2 -Provides: bundled(python-setuptools) = 57.0.0 +Provides: bundled(python3-setuptools) = 71.1.0 Provides: bundled(python-uritemplate) = 3.0.1 %description -n ha-cloud-support Support libraries for Fence Agents. @@ -1184,7 +1185,7 @@ Provides: bundled(python3-%{idna}) = %{idna_version} Provides: bundled(python3-%{reqstsoauthlib}) = %{reqstsoauthlib_version} Provides: bundled(python3-%{oauthlib}) = %{oauthlib_version} Provides: bundled(python3-%{ruamelyaml}) = %{ruamelyaml_version} -Provides: bundled(python3-%{setuptools}) = %{setuptools_version} +Provides: bundled(python3-setuptools) = 71.1.0 %description kubevirt Fence agent for KubeVirt platform. %files kubevirt @@ -1490,6 +1491,15 @@ are located on corosync cluster nodes. %endif %changelog +* Mon Aug 19 2024 Diaa Sami - 4.10.0-62.5 +- bundled setuptools: fix CVE-2024-6345 + + Resolves: RHEL-49657 + +* Mon Jun 24 2024 Oyvind Albrigtsen - 4.10.0-62.4 +- bundled urllib3: fix CVE-2024-37891 + Resolves: RHEL-43956 + * Thu May 16 2024 Oyvind Albrigtsen - 4.10.0-62.3 - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-36482 From fc82836a77901d01574e4c7c125e18686ef199c1 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 12 Nov 2024 13:53:34 +0000 Subject: [PATCH 2/2] import CS fence-agents-4.10.0-76.el9_5 --- .fence-agents.metadata | 4 +- .gitignore | 4 +- ...e_rest-detect-user-sufficient-rights.patch | 26 +++ ...31485-RHEL-31483-fence_aliyun-update.patch | 209 ++++++++++++++++++ ...epsr2-for-ePowerSwitch-R2-and-newer.patch} | 0 ...t-fix-bundled-jinja2-CVE-2024-34064.patch} | 0 ..._aws-1-list-add-instance-name-status.patch | 99 +++++++++ ...e_aws-2-log-error-for-unknown-states.patch | 41 ++++ ...-fix-bundled-urllib3-CVE-2024-37891.patch} | 0 SOURCES/requirements-aliyun.txt | 2 - SPECS/fence-agents.spec | 115 +++++++--- 11 files changed, 468 insertions(+), 32 deletions(-) create mode 100644 SOURCES/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch create mode 100644 SOURCES/RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch rename SOURCES/{RHEL-35273-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch => RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch} (100%) rename SOURCES/{RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch => RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch} (100%) create mode 100644 SOURCES/RHEL-43235-fence_aws-1-list-add-instance-name-status.patch create mode 100644 SOURCES/RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch rename SOURCES/{RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch => RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch} (100%) diff --git a/.fence-agents.metadata b/.fence-agents.metadata index a0863d1..7d9aaa5 100644 --- a/.fence-agents.metadata +++ b/.fence-agents.metadata @@ -3,9 +3,11 @@ e1b766b2b1601fde67b3b19ed2f13b9746bb1cca SOURCES/MarkupSafe-2.0.1.tar.gz e1fb5dc6f95a85e7d1f93c6701b331201e8b5479 SOURCES/PyJWT-2.1.0-py3-none-any.whl 53fc16036940089ceadd4127381e40fd6106a7ed SOURCES/PyYAML-5.1.tar.gz b53cba68215f389dffaa51ee2afe10c943278646 SOURCES/adal-1.2.7-py2.py3-none-any.whl +f524069cc0d499c78034b66cf0e8e45344e89791 SOURCES/aliyun-cli-3.0.198.tar.gz +c6a6dd2c97adb5a22856ce78ad9e3fdc1cbb9760 SOURCES/aliyun-cli-go-vendor.tar.gz +87ad43ef7b7e1cbcba1d743541b3118cffda63f8 SOURCES/aliyun-openapi-meta-5cf98b660.tar.gz bda476965c380701795849179ed91e9d8134ec7c SOURCES/aliyun-python-sdk-core-2.11.5.tar.gz 2a3e6ee5713a3cfb47e63a739cc9a05580d95dd6 SOURCES/aliyun_python_sdk_ecs-4.24.7-py2.py3-none-any.whl -32a9b6bff51343ab89221da66f6f67ba798ddcd6 SOURCES/aliyuncli-2.1.10-py2.py3-none-any.whl 459383a3bcb16956030e302008a0f140a5fec0fb SOURCES/awscli-2.2.15.tar.gz a08c16f613cb0b9a9f8ce7cae782ea20c40ce2af SOURCES/awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl 46d2d17d958ae305ced32fdd6aa847b0cdf31989 SOURCES/azure-identity-1.10.0.zip diff --git a/.gitignore b/.gitignore index e0d9e2d..300bb6d 100644 --- a/.gitignore +++ b/.gitignore @@ -3,9 +3,11 @@ SOURCES/MarkupSafe-2.0.1.tar.gz SOURCES/PyJWT-2.1.0-py3-none-any.whl SOURCES/PyYAML-5.1.tar.gz SOURCES/adal-1.2.7-py2.py3-none-any.whl +SOURCES/aliyun-cli-3.0.198.tar.gz +SOURCES/aliyun-cli-go-vendor.tar.gz +SOURCES/aliyun-openapi-meta-5cf98b660.tar.gz SOURCES/aliyun-python-sdk-core-2.11.5.tar.gz SOURCES/aliyun_python_sdk_ecs-4.24.7-py2.py3-none-any.whl -SOURCES/aliyuncli-2.1.10-py2.py3-none-any.whl SOURCES/awscli-2.2.15.tar.gz SOURCES/awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl SOURCES/azure-identity-1.10.0.zip diff --git a/SOURCES/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch b/SOURCES/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch new file mode 100644 index 0000000..5f2027a --- /dev/null +++ b/SOURCES/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch @@ -0,0 +1,26 @@ +From fc7d7c4baef64f510bd3332c9f008d3e1128dc7b Mon Sep 17 00:00:00 2001 +From: Peter Varkoly +Date: Sun, 11 Feb 2024 09:13:51 +0100 +Subject: [PATCH] fence_vmware_rest : monitoring is not detecting if the API + user has sufficient right to manage the fence device. The call + https://{api_host}/api/vcenter/vm is subject to permission checks. If the + delivered list is empty the user has no rights. + +--- + agents/vmware_rest/fence_vmware_rest.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/agents/vmware_rest/fence_vmware_rest.py b/agents/vmware_rest/fence_vmware_rest.py +index 378771863..9dc9a12f4 100644 +--- a/agents/vmware_rest/fence_vmware_rest.py ++++ b/agents/vmware_rest/fence_vmware_rest.py +@@ -60,6 +60,9 @@ def get_list(conn, options): + else: + fail(EC_STATUS) + ++ if options.get("--original-action") == "monitor" and not res["value"]: ++ logging.error("API user does not have sufficient rights to manage the power status.") ++ fail(EC_STATUS) + for r in res["value"]: + outlets[r["name"]] = ("", state[r["power_state"]]) + diff --git a/SOURCES/RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch b/SOURCES/RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch new file mode 100644 index 0000000..b9bb334 --- /dev/null +++ b/SOURCES/RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch @@ -0,0 +1,209 @@ +--- a/agents/aliyun/fence_aliyun.py 2024-04-04 10:22:53.720906183 +0200 ++++ b/agents/aliyun/fence_aliyun.py 2024-04-04 10:21:47.626425090 +0200 +@@ -1,53 +1,67 @@ + #!@PYTHON@ -tt + +-import sys, re ++import sys + import logging + import atexit + import json ++ + sys.path.append("@FENCEAGENTSLIBDIR@") + from fencing import * +-from fencing import fail, fail_usage, EC_TIMED_OUT, run_delay ++from fencing import fail_usage, run_delay ++ + + try: + sys.path.insert(0, '/usr/lib/fence-agents/support/aliyun') + from aliyunsdkcore import client + from aliyunsdkcore.auth.credentials import EcsRamRoleCredential ++ from aliyunsdkcore.profile import region_provider ++except ImportError as e: ++ logging.warn("The 'aliyunsdkcore' module has been not installed or is unavailable, try to execute the command 'pip install aliyun-python-sdk-core --upgrade' to solve. error: %s" % e) ++ ++ ++try: + from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest + from aliyunsdkecs.request.v20140526.StartInstanceRequest import StartInstanceRequest + from aliyunsdkecs.request.v20140526.StopInstanceRequest import StopInstanceRequest + from aliyunsdkecs.request.v20140526.RebootInstanceRequest import RebootInstanceRequest +- from aliyunsdkcore.profile import region_provider +-except ImportError: +- pass ++except ImportError as e: ++ logging.warn("The 'aliyunsdkecs' module has been not installed or is unavailable, try to execute the command 'pip install aliyun-python-sdk-ecs --upgrade' to solve. error: %s" % e) ++ + + def _send_request(conn, request): ++ logging.debug("send request action: %s" % request.get_action_name()) + request.set_accept_format('json') + try: + response_str = conn.do_action_with_exception(request) +- response_detail = json.loads(response_str) +- logging.debug("_send_request reponse: %s" % response_detail) +- return response_detail + except Exception as e: +- fail_usage("Failed: _send_request failed: %s" % e) ++ fail_usage("Failed: send request failed: Error: %s" % e) ++ ++ response_detail = json.loads(response_str) ++ logging.debug("reponse: %s" % response_detail) ++ return response_detail + + def start_instance(conn, instance_id): ++ logging.debug("start instance %s" % instance_id) + request = StartInstanceRequest() + request.set_InstanceId(instance_id) + _send_request(conn, request) + + def stop_instance(conn, instance_id): ++ logging.debug("stop instance %s" % instance_id) + request = StopInstanceRequest() + request.set_InstanceId(instance_id) + request.set_ForceStop('true') + _send_request(conn, request) + + def reboot_instance(conn, instance_id): ++ logging.debug("reboot instance %s" % instance_id) + request = RebootInstanceRequest() + request.set_InstanceId(instance_id) + request.set_ForceStop('true') + _send_request(conn, request) + + def get_status(conn, instance_id): ++ logging.debug("get instance %s status" % instance_id) + request = DescribeInstancesRequest() + request.set_InstanceIds(json.dumps([instance_id])) + response = _send_request(conn, request) +@@ -59,20 +73,30 @@ + return instance_status + + def get_nodes_list(conn, options): ++ logging.debug("start to get nodes list") + result = {} + request = DescribeInstancesRequest() + request.set_PageSize(100) ++ ++ if "--filter" in options: ++ filter_key = options["--filter"].split("=")[0].strip() ++ filter_value = options["--filter"].split("=")[1].strip() ++ params = request.get_query_params() ++ params[filter_key] = filter_value ++ request.set_query_params(params) ++ + response = _send_request(conn, request) +- instance_status = None + if response is not None: + instance_list = response.get('Instances').get('Instance') + for item in instance_list: + instance_id = item.get('InstanceId') + instance_name = item.get('InstanceName') + result[instance_id] = (instance_name, None) ++ logging.debug("get nodes list: %s" % result) + return result + + def get_power_status(conn, options): ++ logging.debug("start to get power(%s) status" % options["--plug"]) + state = get_status(conn, options["--plug"]) + + if state == "Running": +@@ -81,14 +105,11 @@ + status = "off" + else: + status = "unknown" +- +- logging.info("get_power_status: %s" % status) +- ++ logging.debug("the power(%s) status is %s" % (options["--plug"], status)) + return status + +- + def set_power_status(conn, options): +- logging.info("set_power_status: %s" % options["--action"]) ++ logging.info("start to set power(%s) status to %s" % (options["--plug"], options["--action"])) + + if (options["--action"]=="off"): + stop_instance(conn, options["--plug"]) +@@ -97,7 +118,6 @@ + elif (options["--action"]=="reboot"): + reboot_instance(conn, options["--plug"]) + +- + def define_new_opts(): + all_opt["region"] = { + "getopt" : "r:", +@@ -126,17 +146,42 @@ + all_opt["ram_role"] = { + "getopt": ":", + "longopt": "ram-role", +- "help": "--ram-role=[name] Ram Role", ++ "help": "--ram-role=[name] Ram Role", + "shortdesc": "Ram Role.", + "required": "0", + "order": 5 + } ++ all_opt["credentials_file"] = { ++ "getopt": ":", ++ "longopt": "credentials-file", ++ "help": "--credentials-file=[path] Path to aliyun-cli credentials file", ++ "shortdesc": "Path to credentials file", ++ "required": "0", ++ "order": 6 ++ } ++ all_opt["credentials_file_profile"] = { ++ "getopt": ":", ++ "longopt": "credentials-file-profile", ++ "help": "--credentials-file-profile=[profile] Credentials file profile", ++ "shortdesc": "Credentials file profile", ++ "required": "0", ++ "default": "default", ++ "order": 7 ++ } ++ all_opt["filter"] = { ++ "getopt": ":", ++ "longopt": "filter", ++ "help": "--filter=[key=value] Filter (e.g. InstanceIds=[\"i-XXYYZZAA1\",\"i-XXYYZZAA2\"]", ++ "shortdesc": "Filter for list-action.", ++ "required": "0", ++ "order": 8 ++ } + + # Main agent method + def main(): + conn = None + +- device_opt = ["port", "no_password", "region", "access_key", "secret_key", "ram_role"] ++ device_opt = ["port", "no_password", "region", "access_key", "secret_key", "ram_role", "credentials_file", "credentials_file_profile", "filter"] + + atexit.register(atexit_handler) + +@@ -164,8 +209,25 @@ + ram_role = options["--ram-role"] + role = EcsRamRoleCredential(ram_role) + conn = client.AcsClient(region_id=region, credential=role) +- region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region) +- ++ elif "--credentials-file" in options and "--credentials-file-profile" in options: ++ import os, configparser ++ try: ++ config = configparser.ConfigParser() ++ config.read(os.path.expanduser(options["--credentials-file"])) ++ access_key = config.get(options["--credentials-file-profile"], "aliyun_access_key_id") ++ secret_key = config.get(options["--credentials-file-profile"], "aliyun_access_key_secret") ++ conn = client.AcsClient(access_key, secret_key, region) ++ except Exception as e: ++ fail_usage("Failed: failed to read credentials file: %s" % e) ++ else: ++ fail_usage("Failed: User credentials are not set. Please set the Access Key and the Secret Key, or configure the RAM role.") ++ ++ # Use intranet endpoint to access ECS service ++ try: ++ region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region) ++ except Exception as e: ++ logging.warn("Failed: failed to modify endpoint to 'ecs.%s.aliyuncs.com': %s" % (region, e)) ++ + # Operate the fencing device + result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list) + sys.exit(result) diff --git a/SOURCES/RHEL-35273-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch b/SOURCES/RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch similarity index 100% rename from SOURCES/RHEL-35273-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch rename to SOURCES/RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch diff --git a/SOURCES/RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch b/SOURCES/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch similarity index 100% rename from SOURCES/RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch rename to SOURCES/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch diff --git a/SOURCES/RHEL-43235-fence_aws-1-list-add-instance-name-status.patch b/SOURCES/RHEL-43235-fence_aws-1-list-add-instance-name-status.patch new file mode 100644 index 0000000..0cf8961 --- /dev/null +++ b/SOURCES/RHEL-43235-fence_aws-1-list-add-instance-name-status.patch @@ -0,0 +1,99 @@ +From a4502b3bf15a3be2ebd64b6829cd4f6641f2506b Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 14 Jun 2024 15:28:28 +0200 +Subject: [PATCH 1/2] fencing: use formatted strings to avoid failing when plug + is int + +--- + lib/fencing.py.py | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/fencing.py.py b/lib/fencing.py.py +index 66e2ff156..9c090100d 100644 +--- a/lib/fencing.py.py ++++ b/lib/fencing.py.py +@@ -985,9 +985,9 @@ + status = status.upper() + + if options["--action"] == "list": +- print(outlet_id + options["--separator"] + alias) ++ print("{}{}{}".format(outlet_id, options["--separator"], alias)) + elif options["--action"] == "list-status": +- print(outlet_id + options["--separator"] + alias + options["--separator"] + status) ++ print("{}{}{}{}{}".format(outlet_id, options["--separator"], alias, options["--separator"], status)) + + return + + +From f1ef26c885cdedb17eb366e4c8922ffb01aefc7c Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 14 Jun 2024 15:29:12 +0200 +Subject: [PATCH 2/2] fence_aws: improve list, list-status and status actions + +--- + agents/aws/fence_aws.py | 31 +++++++++++++++++++------------ + 1 file changed, 19 insertions(+), 12 deletions(-) + +diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py +index a9308dd9c..b8d38462e 100644 +--- a/agents/aws/fence_aws.py ++++ b/agents/aws/fence_aws.py +@@ -22,6 +22,15 @@ + logger.addHandler(SyslogLibHandler()) + logging.getLogger('botocore.vendored').propagate = False + ++status = { ++ "running": "on", ++ "stopped": "off", ++ "pending": "unknown", ++ "stopping": "unknown", ++ "shutting-down": "unknown", ++ "terminated": "unknown" ++} ++ + def get_instance_id(options): + try: + token = requests.put('http://169.254.169.254/latest/api/token', headers={"X-aws-ec2-metadata-token-ttl-seconds" : "21600"}).content.decode("UTF-8") +@@ -45,11 +54,14 @@ def get_nodes_list(conn, options): + filter_key = options["--filter"].split("=")[0].strip() + filter_value = options["--filter"].split("=")[1].strip() + filter = [{ "Name": filter_key, "Values": [filter_value] }] +- for instance in conn.instances.filter(Filters=filter): +- result[instance.id] = ("", None) +- else: +- for instance in conn.instances.all(): +- result[instance.id] = ("", None) ++ logging.debug("Filter: {}".format(filter)) ++ ++ for instance in conn.instances.filter(Filters=filter if 'filter' in vars() else []): ++ instance_name = "" ++ for tag in instance.tags or []: ++ if tag.get("Key") == "Name": ++ instance_name = tag["Value"] ++ result[instance.id] = (instance_name, status[instance.state["Name"]]) + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") + except EndpointConnectionError: +@@ -67,12 +79,7 @@ def get_power_status(conn, options): + instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [options["--plug"]]}]) + state = list(instance)[0].state["Name"] + logger.debug("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper()) +- if state == "running": +- return "on" +- elif state == "stopped": +- return "off" +- else: +- return "unknown" ++ return status[state] + + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") +@@ -146,7 +153,7 @@ def define_new_opts(): + all_opt["filter"] = { + "getopt" : ":", + "longopt" : "filter", +- "help" : "--filter=[key=value] Filter (e.g. vpc-id=[vpc-XXYYZZAA]", ++ "help" : "--filter=[key=value] Filter (e.g. vpc-id=[vpc-XXYYZZAA])", + "shortdesc": "Filter for list-action", + "required": "0", + "order": 5 diff --git a/SOURCES/RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch b/SOURCES/RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch new file mode 100644 index 0000000..edc7d35 --- /dev/null +++ b/SOURCES/RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch @@ -0,0 +1,41 @@ +From c2753c1882b5892b8b7a0fd093baded4a359b2a5 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 17 Jun 2024 11:19:12 +0200 +Subject: [PATCH] fence_aws: log error if unknown state returned + +--- + agents/aws/fence_aws.py | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py +index b8d38462e..5459a06c4 100644 +--- a/agents/aws/fence_aws.py ++++ b/agents/aws/fence_aws.py +@@ -61,7 +61,12 @@ def get_nodes_list(conn, options): + for tag in instance.tags or []: + if tag.get("Key") == "Name": + instance_name = tag["Value"] +- result[instance.id] = (instance_name, status[instance.state["Name"]]) ++ try: ++ result[instance.id] = (instance_name, status[instance.state["Name"]]) ++ except KeyError as e: ++ if options.get("--original-action") == "list-status": ++ logger.error("Unknown status \"{}\" returned for {} ({})".format(instance.state["Name"], instance.id, instance_name)) ++ result[instance.id] = (instance_name, "unknown") + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") + except EndpointConnectionError: +@@ -79,8 +84,11 @@ def get_power_status(conn, options): + instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [options["--plug"]]}]) + state = list(instance)[0].state["Name"] + logger.debug("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper()) +- return status[state] +- ++ try: ++ return status[state] ++ except KeyError as e: ++ logger.error("Unknown status \"{}\" returned".format(state)) ++ return "unknown" + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") + except EndpointConnectionError: diff --git a/SOURCES/RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch b/SOURCES/RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch similarity index 100% rename from SOURCES/RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch rename to SOURCES/RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch diff --git a/SOURCES/requirements-aliyun.txt b/SOURCES/requirements-aliyun.txt index 3cf97ac..2ccf5b4 100644 --- a/SOURCES/requirements-aliyun.txt +++ b/SOURCES/requirements-aliyun.txt @@ -1,3 +1 @@ aliyun-python-sdk-ecs -# for resource-agents-cloud -aliyuncli>=2.1.5 diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec index b165234..7be5335 100644 --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -57,7 +57,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 62%{?alphatag:.%{alphatag}}%{?dist}.5 +Release: 76%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -77,12 +77,21 @@ Source901: botocore-2.0.0dev123.zip # aliyun Source1000: aliyun-python-sdk-core-2.11.5.tar.gz Source1001: aliyun_python_sdk_ecs-4.24.7-py2.py3-none-any.whl -Source1002: aliyuncli-2.1.10-py2.py3-none-any.whl -Source1003: cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl -Source1004: colorama-0.3.3.tar.gz -Source1005: jmespath-0.7.1-py2.py3-none-any.whl -Source1006: pycryptodome-3.20.0.tar.gz -Source1007: pycparser-2.20-py2.py3-none-any.whl +Source1002: cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl +Source1003: colorama-0.3.3.tar.gz +Source1004: jmespath-0.7.1-py2.py3-none-any.whl +Source1005: pycryptodome-3.20.0.tar.gz +Source1006: pycparser-2.20-py2.py3-none-any.whl +# aliyun-cli +Source2000: aliyun-cli-3.0.198.tar.gz +## TAG=$(git log --pretty="format:%h" -n 1) +## distdir="aliyun-openapi-meta-${TAG}" +## TARFILE="${distdir}.tar.gz" +## rm -rf $TARFILE $distdir +## git archive --prefix=$distdir/ HEAD | gzip > $TARFILE +Source2001: aliyun-openapi-meta-5cf98b660.tar.gz +## go mod vendor +Source2002: aliyun-cli-go-vendor.tar.gz # awscli Source1008: awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl Source1009: colorama-0.4.3-py2.py3-none-any.whl @@ -240,15 +249,19 @@ Patch49: RHEL-14344-fence_zvmip-1-document-user-permissions.patch Patch50: RHEL-14030-1-all-agents-metadata-update-IO-Power-Network.patch Patch51: RHEL-14030-2-fence_cisco_mds-undo-metadata-change.patch Patch52: RHEL-14344-fence_zvmip-2-fix-manpage-formatting.patch -Patch53: RHEL-35273-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch +Patch53: RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch +Patch54: RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch +Patch55: RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch +Patch56: RHEL-43235-fence_aws-1-list-add-instance-name-status.patch +Patch57: RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch ### HA support libs/utils ### # all archs Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch -Patch1001: RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch +Patch1001: RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch # cloud (x86_64 only) Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch -Patch2001: RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch +Patch2001: RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 @@ -319,9 +332,12 @@ BuildRequires: gcc BuildRequires: libxslt ## Python dependencies %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 || 0%{?suse_version} -BuildRequires: python3-devel python3-pip -# wheel for HA support subpackages -BuildRequires: python3-wheel +BuildRequires: python3-devel +# dependencies for building HA support subpackages +BuildRequires: python3-pip python3-wheel +%ifarch x86_64 +BuildRequires: golang git +%endif BuildRequires: python3-pycurl python3-requests %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 BuildRequires: openwsman-python3 @@ -412,7 +428,11 @@ BuildRequires: %{systemd_units} %patch -p1 -P 50 %patch -p1 -P 51 %patch -p1 -P 52 -%patch -p1 -P 53 -F2 +%patch -p1 -P 53 +%patch -p1 -P 54 -F2 +%patch -p1 -P 55 +%patch -p1 -P 56 +%patch -p1 -P 57 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -422,6 +442,24 @@ sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac export PYTHON="%{__python3}" %endif +# aliyun-cli +%ifarch x86_64 +tar zxf %SOURCE2000 +pushd aliyun-cli-* +git init +rmdir aliyun-openapi-meta +tar zxf %SOURCE2001 +tar zxf %SOURCE2002 +mv aliyun-openapi-meta-* aliyun-openapi-meta +%define aliyun_cli_version 3.0.198 +# based on https://github.com/containers/podman/blob/main/rpm/podman.spec +%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags' -X github.com/aliyun/aliyun-cli/cli.Version=%{aliyun_cli_version}" -a -v -x -mod=vendor %{?**}; +%gobuild -o out/aliyun main/main.go +mkdir -p ../support/aliyun/aliyun-cli +install -m 0755 out/aliyun ../support/aliyun/aliyun-cli/ +popd +%endif + # support libs %ifarch x86_64 LIBS="%{_sourcedir}/requirements-*.txt" @@ -436,7 +474,7 @@ done # fix incorrect #! detected by CI %ifarch x86_64 -sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/aliyun/bin/jp support/awscli/bin/jp +sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/awscli/bin/jp %endif %ifarch x86_64 @@ -535,7 +573,7 @@ network, storage, or similar. They operate through a unified interface (calling conventions) devised for the original Red Hat clustering solution. %package common -License: GPLv2+ and LGPLv2+ +License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-3.0-or-later AND ISC Summary: Common base for Fence Agents %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 || 0%{?suse_version} Requires: python3-pycurl @@ -579,17 +617,18 @@ This package contains support files including the Python fencing library. %ifarch x86_64 %package -n ha-cloud-support -License: GPLv2+ and LGPLv2+ +License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND Apache-2.0 AND MIT AND BSD-2-Clause AND BSD-3-Clause AND MPL-2.0 AND Apache-2.0 AND PSF-2.0 AND Unlicense AND ISC Summary: Support libraries for HA Cloud agents # aliyun Provides: bundled(python-aliyun-python-sdk-core) = 2.11.5 Provides: bundled(python-aliyun-python-sdk-ecs) = 4.24.7 -Provides: bundled(aliyuncli) = 2.1.10 Provides: bundled(python-cffi) = 1.14.5 Provides: bundled(python-colorama) = 0.3.3 Provides: bundled(python-jmespath) = 0.7.1 Provides: bundled(python-pycryptodome) = 3.20.0 Provides: bundled(python-pycparser) = 2.20 +Provides: bundled(aliyun-cli) = 3.0.198 +Provides: bundled(aliyun-openapi-meta) = 5cf98b660 # awscli Provides: bundled(awscli) = 2.2.15 Provides: bundled(python-awscrt) = 0.11.13 @@ -1491,27 +1530,47 @@ are located on corosync cluster nodes. %endif %changelog -* Mon Aug 19 2024 Diaa Sami - 4.10.0-62.5 +* Tue Jul 23 2024 Oyvind Albrigtsen - 4.10.0-76 - bundled setuptools: fix CVE-2024-6345 - Resolves: RHEL-49657 + Resolves: RHEL-49658 -* Mon Jun 24 2024 Oyvind Albrigtsen - 4.10.0-62.4 +* Fri Jun 21 2024 Oyvind Albrigtsen - 4.10.0-75 - bundled urllib3: fix CVE-2024-37891 - Resolves: RHEL-43956 + Resolves: RHEL-43562 -* Thu May 16 2024 Oyvind Albrigtsen - 4.10.0-62.3 +* Wed Jun 19 2024 Oyvind Albrigtsen - 4.10.0-74 +- fence_aws: add instance name and status to list/list-status actions + Resolves: RHEL-43235 + +* Thu May 23 2024 Oyvind Albrigtsen - 4.10.0-73 +- fence_vmware_rest: detect if the API user has sufficient rights to + manage the fence device + Resolves: RHEL-25256 + +* Wed May 15 2024 Oyvind Albrigtsen - 4.10.0-72 - bundled jinja2: fix CVE-2024-34064 - Resolves: RHEL-36482 + Resolves: RHEL-35649 -* Fri May 3 2024 Oyvind Albrigtsen - 4.10.0-62.2 +* Fri May 3 2024 Oyvind Albrigtsen - 4.10.0-71 - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer - Resolves: RHEL-35273 + Resolves: RHEL-35263 -* Thu Mar 21 2024 Oyvind Albrigtsen - 4.10.0-62.1 +* Thu Apr 4 2024 Oyvind Albrigtsen - 4.10.0-70 +- fence_aliyun: add credentials file support, filter parameter, and + optimize log output + Resolves: RHEL-31488, RHEL-31485, RHEL-31483 + +* Thu Mar 21 2024 Oyvind Albrigtsen - 4.10.0-69 - ha-cloud-support: upgrade bundled pyroute2 libs to fix issue in gcp-vpc-move-route's stop-action - Resolves: RHEL-29668 + Resolves: RHEL-29649 + +* Thu Mar 14 2024 Oyvind Albrigtsen - 4.10.0-66 +- Add missing licenses to spec-file + Resolves: RHEL-27929 +- ha-cloud-support: fix aliyun-cli + Resolves: RHEL-28097 * Thu Jan 18 2024 Oyvind Albrigtsen - 4.10.0-62 - bundled urllib3: fix CVE-2023-45803