From 6fbe4aa99cacb7d5889c2eaf86e87445cddc565d Mon Sep 17 00:00:00 2001 From: Oyvind Albrigtsen Date: Wed, 27 Sep 2023 14:50:24 +0200 Subject: [PATCH] - fence_scsi: fix registration handling if ISID conflicts Resolves: RHEL-5396 - bundled certifi: fix CVE-2023-37920 Resolves: RHEL-9446 --- ...6-fence_scsi-1-fix-ISID-reg-handling.patch | 68 +++++ ...nce_scsi-2-fix-ISID-reg-handling-off.patch | 103 +++++++ fence-agents.spec | 251 +++++++++--------- sources | 3 +- 4 files changed, 302 insertions(+), 123 deletions(-) create mode 100644 RHEL-5396-fence_scsi-1-fix-ISID-reg-handling.patch create mode 100644 RHEL-5396-fence_scsi-2-fix-ISID-reg-handling-off.patch diff --git a/RHEL-5396-fence_scsi-1-fix-ISID-reg-handling.patch b/RHEL-5396-fence_scsi-1-fix-ISID-reg-handling.patch new file mode 100644 index 0000000..9641fd7 --- /dev/null +++ b/RHEL-5396-fence_scsi-1-fix-ISID-reg-handling.patch @@ -0,0 +1,68 @@ +From 9d0d0d013c7edae43a4ebc5f46bf2e7a4f127654 Mon Sep 17 00:00:00 2001 +From: "sreejit.mohanan" +Date: Fri, 17 Feb 2023 18:04:03 -0800 +Subject: [PATCH] fence_scsi: fix registration handling if ISID conflicts ISID + (Initiator Session ID) belonging to I_T Nexus changes for RHEL based on the + session ID. This means that the connection to the device can be set up with + different ISID on reconnects. + +fence_scsi treats same key as a tip to ignore issuing registration +to the device but if the device was registered using a different +ISID, the key would be the same but the I_T Nexus (new ISID) would +not have access to the device. + +Fixing this by preempting the old key and replacing with the current +one. +--- + agents/scsi/fence_scsi.py | 35 ++++++++++++++++++++++++++++++++--- + 1 file changed, 32 insertions(+), 3 deletions(-) + +diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py +index f9e6823b2..85e4f29e6 100644 +--- a/agents/scsi/fence_scsi.py ++++ b/agents/scsi/fence_scsi.py +@@ -137,12 +137,41 @@ def register_dev(options, dev): + for slave in get_mpath_slaves(dev): + register_dev(options, slave) + return True +- if get_reservation_key(options, dev, False) == options["--key"]: +- return True ++ ++ # Check if any registration exists for the key already. We track this in ++ # order to decide whether the existing registration needs to be cleared. ++ # This is needed since the previous registration could be for a ++ # different I_T nexus (different ISID). ++ registration_key_exists = False ++ if options["--key"] in get_registration_keys(options, dev): ++ registration_key_exists = True ++ if not register_helper(options, options["--key"], dev): ++ return False ++ ++ if registration_key_exists: ++ # If key matches, make sure it matches with the connection that ++ # exists right now. To do this, we can issue a preempt with same key ++ # which should replace the old invalid entries from the target. ++ if not preempt(options, options["--key"], dev): ++ return False ++ ++ # If there was no reservation, we need to issue another registration ++ # since the previous preempt would clear registration made above. ++ if get_reservation_key(options, dev, False) != options["--key"]: ++ return register_helper(options, options["--key"], dev) ++ return True ++ ++# cancel registration without aborting tasks ++def preempt(options, host, dev): ++ reset_dev(options,dev) ++ cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev ++ return not bool(run_cmd(options, cmd)["rc"]) ++ ++# helper function to send the register command ++def register_helper(options, host, dev): + reset_dev(options, dev) + cmd = options["--sg_persist-path"] + " -n -o -I -S " + options["--key"] + " -d " + dev + cmd += " -Z" if "--aptpl" in options else "" +- #cmd return code != 0 but registration can be successful + return not bool(run_cmd(options, cmd)["rc"]) + + diff --git a/RHEL-5396-fence_scsi-2-fix-ISID-reg-handling-off.patch b/RHEL-5396-fence_scsi-2-fix-ISID-reg-handling-off.patch new file mode 100644 index 0000000..cfafaa7 --- /dev/null +++ b/RHEL-5396-fence_scsi-2-fix-ISID-reg-handling-off.patch @@ -0,0 +1,103 @@ +From 34baef58db442148b8e067509d2cdd37b7a91ef4 Mon Sep 17 00:00:00 2001 +From: "sreejit.mohanan" +Date: Thu, 7 Sep 2023 15:57:51 -0700 +Subject: [PATCH] fence_scsi: fix registration handling in device 'off' + workflows + +ISID (Initiator Session ID) belonging to I_T Nexus changes for +RHEL based on the session ID. This means that the connection to +the device can be set up with different ISID on reconnects. + +When a device is powered off, fence_scsi assumes that the client +has a registration to the device and sends a preempt-and-abort +request which ends up failing due to reservation conflict. + +Fixing this by registering the host key with the device and preempting +the old registration (if it exists). This should make sure that the +host is able to preempt the other key successfully. +--- + agents/scsi/fence_scsi.py | 29 +++++++++++++++-------------- + 1 file changed, 15 insertions(+), 14 deletions(-) + +diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py +index 42530ceb5..519319bf5 100644 +--- a/agents/scsi/fence_scsi.py ++++ b/agents/scsi/fence_scsi.py +@@ -41,7 +41,7 @@ def set_status(conn, options): + for dev in options["devices"]: + is_block_device(dev) + +- register_dev(options, dev) ++ register_dev(options, dev, options["--key"]) + if options["--key"] not in get_registration_keys(options, dev): + count += 1 + logging.debug("Failed to register key "\ +@@ -62,7 +62,7 @@ def set_status(conn, options): + fail_usage("Failed: keys cannot be same. You can not fence yourself.") + for dev in options["devices"]: + is_block_device(dev) +- ++ register_dev(options, dev, host_key) + if options["--key"] in get_registration_keys(options, dev): + preempt_abort(options, host_key, dev) + +@@ -131,11 +131,11 @@ def reset_dev(options, dev): + return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"] + + +-def register_dev(options, dev): ++def register_dev(options, dev, key): + dev = os.path.realpath(dev) + if re.search(r"^dm", dev[5:]): + for slave in get_mpath_slaves(dev): +- register_dev(options, slave) ++ register_dev(options, slave, key) + return True + + # Check if any registration exists for the key already. We track this in +@@ -143,34 +143,35 @@ def register_dev(options, dev): + # This is needed since the previous registration could be for a + # different I_T nexus (different ISID). + registration_key_exists = False +- if options["--key"] in get_registration_keys(options, dev): ++ if key in get_registration_keys(options, dev): ++ logging.debug("Registration key exists for device " + dev) + registration_key_exists = True +- if not register_helper(options, options["--key"], dev): ++ if not register_helper(options, dev, key): + return False + + if registration_key_exists: + # If key matches, make sure it matches with the connection that + # exists right now. To do this, we can issue a preempt with same key + # which should replace the old invalid entries from the target. +- if not preempt(options, options["--key"], dev): ++ if not preempt(options, key, dev, key): + return False + + # If there was no reservation, we need to issue another registration + # since the previous preempt would clear registration made above. +- if get_reservation_key(options, dev, False) != options["--key"]: +- return register_helper(options, options["--key"], dev) ++ if get_reservation_key(options, dev, False) != key: ++ return register_helper(options, dev, key) + return True + +-# cancel registration without aborting tasks +-def preempt(options, host, dev): ++# helper function to preempt host with 'key' using 'host_key' without aborting tasks ++def preempt(options, host_key, dev, key): + reset_dev(options,dev) +- cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev ++ cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host_key + " -S " + key + " -d " + dev + return not bool(run_cmd(options, cmd)["rc"]) + + # helper function to send the register command +-def register_helper(options, host, dev): ++def register_helper(options, dev, key): + reset_dev(options, dev) +- cmd = options["--sg_persist-path"] + " -n -o -I -S " + options["--key"] + " -d " + dev ++ cmd = options["--sg_persist-path"] + " -n -o -I -S " + key + " -d " + dev + cmd += " -Z" if "--aptpl" in options else "" + return not bool(run_cmd(options, cmd)["rc"]) + diff --git a/fence-agents.spec b/fence-agents.spec index 20fe6e2..aa2ab3e 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -17,8 +17,8 @@ %global ruamelyamlclib_version 0.2.6 %global kubernetes kubernetes %global kubernetes_version 12.0.1 -%global certifi certifi -%global certifi_version 2021.10.8 +%global certifi certifi +%global certifi_version 2023.7.22 %global googleauth google-auth %global googleauth_version 2.3.0 %global cachetools cachetools @@ -59,7 +59,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 55%{?alphatag:.%{alphatag}}%{?dist} +Release: 56%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -109,85 +109,84 @@ Source1025: azure_mgmt_compute-21.0.0-py2.py3-none-any.whl Source1026: azure_mgmt_core-1.2.2-py2.py3-none-any.whl Source1027: azure_mgmt_network-19.0.0-py2.py3-none-any.whl Source1028: azure-identity-1.10.0.zip -Source1029: certifi-2021.5.30-py2.py3-none-any.whl -Source1030: chardet-4.0.0-py2.py3-none-any.whl -Source1031: idna-2.10-py2.py3-none-any.whl -Source1032: isodate-0.6.0-py2.py3-none-any.whl -Source1033: msrest-0.6.21-py2.py3-none-any.whl -Source1034: msrestazure-0.6.4-py2.py3-none-any.whl -Source1035: %{oauthlib}-%{oauthlib_version}.tar.gz -Source1036: PyJWT-2.1.0-py3-none-any.whl -Source1037: requests-2.25.1-py2.py3-none-any.whl -Source1038: requests_oauthlib-1.3.0-py2.py3-none-any.whl -Source1139: msal-1.18.0.tar.gz -Source1140: msal-extensions-1.0.0.tar.gz -Source1141: portalocker-2.5.1.tar.gz +Source1029: chardet-4.0.0-py2.py3-none-any.whl +Source1030: idna-2.10-py2.py3-none-any.whl +Source1031: isodate-0.6.0-py2.py3-none-any.whl +Source1032: msrest-0.6.21-py2.py3-none-any.whl +Source1033: msrestazure-0.6.4-py2.py3-none-any.whl +Source1034: %{oauthlib}-%{oauthlib_version}.tar.gz +Source1035: PyJWT-2.1.0-py3-none-any.whl +Source1036: requests-2.25.1-py2.py3-none-any.whl +Source1037: requests_oauthlib-1.3.0-py2.py3-none-any.whl +Source1038: msal-1.18.0.tar.gz +Source1039: msal-extensions-1.0.0.tar.gz +Source1040: portalocker-2.5.1.tar.gz # google -Source1042: cachetools-4.2.2-py3-none-any.whl -Source1043: chardet-3.0.4-py2.py3-none-any.whl -Source1044: google_api_core-1.30.0-py2.py3-none-any.whl -Source1045: google_api_python_client-1.12.8-py2.py3-none-any.whl -Source1046: googleapis_common_protos-1.53.0-py2.py3-none-any.whl -Source1047: google_auth-1.32.0-py2.py3-none-any.whl -Source1048: google_auth_httplib2-0.1.0-py2.py3-none-any.whl -Source1049: httplib2-0.19.1-py3-none-any.whl -Source1050: packaging-20.9-py2.py3-none-any.whl -Source1051: protobuf-3.17.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl -Source1052: pyasn1-0.4.8-py2.py3-none-any.whl -Source1053: pyasn1_modules-0.2.8-py2.py3-none-any.whl -Source1054: pyparsing-2.4.7-py2.py3-none-any.whl -Source1055: pyroute2-0.6.4.tar.gz -Source1056: pyroute2.core-0.6.4.tar.gz -Source1057: pyroute2.ethtool-0.6.4.tar.gz -Source1058: pyroute2.ipdb-0.6.4.tar.gz -Source1059: pyroute2.ipset-0.6.4.tar.gz -Source1060: pyroute2.ndb-0.6.4.tar.gz -Source1061: pyroute2.nftables-0.6.4.tar.gz -Source1062: pyroute2.nslink-0.6.4.tar.gz -Source1063: pytz-2021.1-py2.py3-none-any.whl -Source1064: rsa-4.7.2-py3-none-any.whl -Source1065: setuptools-57.0.0-py3-none-any.whl -Source1066: uritemplate-3.0.1-py2.py3-none-any.whl +Source1041: cachetools-4.2.2-py3-none-any.whl +Source1042: chardet-3.0.4-py2.py3-none-any.whl +Source1043: google_api_core-1.30.0-py2.py3-none-any.whl +Source1044: google_api_python_client-1.12.8-py2.py3-none-any.whl +Source1045: googleapis_common_protos-1.53.0-py2.py3-none-any.whl +Source1046: google_auth-1.32.0-py2.py3-none-any.whl +Source1047: google_auth_httplib2-0.1.0-py2.py3-none-any.whl +Source1048: httplib2-0.19.1-py3-none-any.whl +Source1049: packaging-20.9-py2.py3-none-any.whl +Source1050: protobuf-3.17.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl +Source1051: pyasn1-0.4.8-py2.py3-none-any.whl +Source1052: pyasn1_modules-0.2.8-py2.py3-none-any.whl +Source1053: pyparsing-2.4.7-py2.py3-none-any.whl +Source1054: pyroute2-0.6.4.tar.gz +Source1055: pyroute2.core-0.6.4.tar.gz +Source1056: pyroute2.ethtool-0.6.4.tar.gz +Source1057: pyroute2.ipdb-0.6.4.tar.gz +Source1058: pyroute2.ipset-0.6.4.tar.gz +Source1059: pyroute2.ndb-0.6.4.tar.gz +Source1060: pyroute2.nftables-0.6.4.tar.gz +Source1061: pyroute2.nslink-0.6.4.tar.gz +Source1062: pytz-2021.1-py2.py3-none-any.whl +Source1063: rsa-4.7.2-py3-none-any.whl +Source1064: setuptools-57.0.0-py3-none-any.whl +Source1065: uritemplate-3.0.1-py2.py3-none-any.whl # common (pexpect / suds) -Source1067: pexpect-4.8.0-py2.py3-none-any.whl -Source1068: ptyprocess-0.7.0-py2.py3-none-any.whl -Source1069: suds_community-0.8.5-py3-none-any.whl +Source1066: pexpect-4.8.0-py2.py3-none-any.whl +Source1067: ptyprocess-0.7.0-py2.py3-none-any.whl +Source1068: suds_community-0.8.5-py3-none-any.whl ### END ### # kubevirt ## pip download --no-binary :all: openshift "ruamel.yaml.clib>=0.1.2" ### BEGIN -Source1070: %{openshift}-%{openshift_version}.tar.gz -Source1071: %{ruamelyamlclib}-%{ruamelyamlclib_version}.tar.gz -Source1072: %{kubernetes}-%{kubernetes_version}.tar.gz -Source1073: %{certifi}-%{certifi_version}.tar.gz -Source1074: %{googleauth}-%{googleauth_version}.tar.gz -Source1075: %{cachetools}-%{cachetools_version}.tar.gz -Source1076: %{pyasn1modules}-%{pyasn1modules_version}.tar.gz -Source1077: %{pyasn1}-%{pyasn1_version}.tar.gz -Source1078: python-%{dateutil}-%{dateutil_version}.tar.gz -Source1079: %{pyyaml}-%{pyyaml_version}.tar.gz +Source1069: %{openshift}-%{openshift_version}.tar.gz +Source1070: %{ruamelyamlclib}-%{ruamelyamlclib_version}.tar.gz +Source1071: %{kubernetes}-%{kubernetes_version}.tar.gz +Source1072: %{certifi}-%{certifi_version}.tar.gz +Source1073: %{googleauth}-%{googleauth_version}.tar.gz +Source1074: %{cachetools}-%{cachetools_version}.tar.gz +Source1075: %{pyasn1modules}-%{pyasn1modules_version}.tar.gz +Source1076: %{pyasn1}-%{pyasn1_version}.tar.gz +Source1077: python-%{dateutil}-%{dateutil_version}.tar.gz +Source1078: %{pyyaml}-%{pyyaml_version}.tar.gz ## rsa is dependency for "pip install", ## but gets removed to use cryptography lib instead -Source1080: rsa-4.7.2.tar.gz -Source1081: %{six}-%{six_version}.tar.gz -Source1082: %{urllib3}-%{urllib3_version}.tar.gz -Source1083: %{websocketclient}-%{websocketclient_version}.tar.gz -Source1084: %{jinja2}-%{jinja2_version}.tar.gz -Source1085: %{markupsafe}-%{markupsafe_version}.tar.gz -Source1086: python-%{stringutils}-%{stringutils_version}.tar.gz -Source1087: %{requests}-%{requests_version}.tar.gz -Source1088: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz -Source1089: %{idna}-%{idna_version}.tar.gz -Source1090: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz -Source1091: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz -Source1092: %{setuptools}-%{setuptools_version}.tar.gz +Source1079: rsa-4.7.2.tar.gz +Source1080: %{six}-%{six_version}.tar.gz +Source1081: %{urllib3}-%{urllib3_version}.tar.gz +Source1082: %{websocketclient}-%{websocketclient_version}.tar.gz +Source1083: %{jinja2}-%{jinja2_version}.tar.gz +Source1084: %{markupsafe}-%{markupsafe_version}.tar.gz +Source1085: python-%{stringutils}-%{stringutils_version}.tar.gz +Source1086: %{requests}-%{requests_version}.tar.gz +Source1087: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz +Source1088: %{idna}-%{idna_version}.tar.gz +Source1089: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz +Source1090: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz +Source1091: %{setuptools}-%{setuptools_version}.tar.gz ## required for installation -Source1093: setuptools_scm-6.3.2.tar.gz -Source1094: packaging-21.2-py3-none-any.whl -Source1095: poetry-core-1.0.7.tar.gz -Source1096: pyparsing-3.0.1.tar.gz -Source1097: tomli-1.0.1.tar.gz -Source1098: wheel-0.37.0-py2.py3-none-any.whl +Source1092: setuptools_scm-6.3.2.tar.gz +Source1093: packaging-21.2-py3-none-any.whl +Source1094: poetry-core-1.0.7.tar.gz +Source1095: pyparsing-3.0.1.tar.gz +Source1096: tomli-1.0.1.tar.gz +Source1097: wheel-0.37.0-py2.py3-none-any.whl ### END Patch0: ha-cloud-support-aliyun.patch @@ -237,6 +236,8 @@ Patch43: bz2187327-fence_scsi-2-support-space-separated-devices.patch Patch44: bz2211930-fence_azure-arm-stack-hub-support.patch Patch45: bz2221643-fence_ibm_powervs-performance-improvements.patch Patch46: bz2224267-fence_ipmilan-fix-typos-in-metadata.patch +Patch47: RHEL-5396-fence_scsi-1-fix-ISID-reg-handling.patch +Patch48: RHEL-5396-fence_scsi-2-fix-ISID-reg-handling-off.patch ### HA support libs/utils ### Patch1000: bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch @@ -351,53 +352,55 @@ BuildRequires: %{systemd_units} %prep %setup -q -n %{name}-%{version}%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}} -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -F2 -%patch15 -p1 -F1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 -%patch33 -p1 -%patch34 -p1 -%patch35 -p1 -%patch36 -p1 -%patch37 -p1 -%patch38 -p1 -%patch39 -p1 -%patch40 -p1 -%patch41 -p1 -%patch42 -p1 -%patch43 -p1 -%patch44 -p1 -%patch45 -p1 -%patch46 -p1 +%patch -p1 -P 0 +%patch -p1 -P 1 +%patch -p1 -P 2 +%patch -p1 -P 3 +%patch -p1 -P 4 +%patch -p1 -P 5 +%patch -p1 -P 6 +%patch -p1 -P 7 +%patch -p1 -P 8 +%patch -p1 -P 9 +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 12 +%patch -p1 -P 13 +%patch -p1 -P 14 -F2 +%patch -p1 -P 15 -F1 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 18 +%patch -p1 -P 19 +%patch -p1 -P 20 +%patch -p1 -P 21 +%patch -p1 -P 22 +%patch -p1 -P 23 +%patch -p1 -P 24 +%patch -p1 -P 25 +%patch -p1 -P 26 +%patch -p1 -P 27 +%patch -p1 -P 28 +%patch -p1 -P 29 +%patch -p1 -P 30 +%patch -p1 -P 31 +%patch -p1 -P 32 +%patch -p1 -P 33 +%patch -p1 -P 34 +%patch -p1 -P 35 +%patch -p1 -P 36 +%patch -p1 -P 37 +%patch -p1 -P 38 +%patch -p1 -P 39 +%patch -p1 -P 40 +%patch -p1 -P 41 +%patch -p1 -P 42 +%patch -p1 -P 43 +%patch -p1 -P 44 +%patch -p1 -P 45 +%patch -p1 -P 46 +%patch -p1 -P 47 +%patch -p1 -P 48 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -600,7 +603,7 @@ Provides: bundled(python-azure-core) = 1.15.0 Provides: bundled(python-azure-mgmt-compute) = 21.0.0 Provides: bundled(python-azure-mgmt-core) = 1.2.2 Provides: bundled(python-azure-mgmt-network) = 19.0.0 -Provides: bundled(python-certifi) = 2021.5.30 +Provides: bundled(python-certifi) = %{certifi_version} Provides: bundled(python-chardet) = 4.0.0 Provides: bundled(python-idna) = 2.10 Provides: bundled(python-isodate) = 0.6.0 @@ -1477,6 +1480,12 @@ are located on corosync cluster nodes. %endif %changelog +* Wed Sep 27 2023 Oyvind Albrigtsen - 4.10.0-56 +- fence_scsi: fix registration handling if ISID conflicts + Resolves: RHEL-5396 +- bundled certifi: fix CVE-2023-37920 + Resolves: RHEL-9446 + * Thu Aug 3 2023 Oyvind Albrigtsen - 4.10.0-55 - bundled dateutil: fix tarfile CVE-2007-4559 Resolves: rhbz#2217902 diff --git a/sources b/sources index eebeba2..a74872c 100644 --- a/sources +++ b/sources @@ -35,7 +35,7 @@ SHA512 (azure_mgmt_compute-21.0.0-py2.py3-none-any.whl) = e02fe9e100d898f4bbc14f SHA512 (azure_mgmt_core-1.2.2-py2.py3-none-any.whl) = ea0b4062314de37d048cf6d9e40757372e050291a8861719dda2f1446c2e9a932050d0c0f732a8afb182993b7f700b5d6053217801199a4257b6269f5c7e47e5 SHA512 (azure_mgmt_network-19.0.0-py2.py3-none-any.whl) = aa18ed97f167a1abf60c8fd7ae81b6777565c13f8ace06c81cdc70bf16c9fc2efad1984b8f159877ba3118312d2b81759df3b8e42b6f874cea5214943e8b054d SHA512 (azure-identity-1.10.0.zip) = 66551765ac0a4d43dc95cb755be3bfc31e2e7afa7eebf72c061c6c7d1dd0cf88988d88a39c2c1463fe27caced7ccd72da6520a9e977bfed0ee5f495fe00fab6a -SHA512 (certifi-2021.5.30-py2.py3-none-any.whl) = 395c349cef4f8247af20a763a1927fe243e52d7fe846874f100b33e46119e48a3b7b681d3f3e879fe18a07ae81ba791ac7d0ed61017990d722f29d17e2573811 +SHA512 (certifi-2023.7.22.tar.gz) = 220ec0a4251f301f057b4875e5966a223085b0c764c911450b43df7f49dbc5af50f14eeb692d935c0baa95d7c800055fa03efa4aaabba397a82c7b07c042bd90 SHA512 (chardet-4.0.0-py2.py3-none-any.whl) = cc8cdd5e73b4eace0131bbeaf6099e322ba5c2f827f26ad3316c674c60529d77f39f68d9fb83199ab78d16902021ab1ae58d74ab62d770cf95ceb804b9242e90 SHA512 (idna-2.10-py2.py3-none-any.whl) = 7b7be129e1a99288aa74a15971377cb17bee1618843c03c8f782e287d0f3ecf3b8f26e3ea736444eb358f1d6079131a7eb291446f3279874eb8e00b624d9471c SHA512 (isodate-0.6.0-py2.py3-none-any.whl) = 6d39a350ff4af87c74ae3226e6627f9c254205bfd2a761a5bf956883667bbe6d4678e1830b629c899a6f0fe67a9603cb4890c5a1fa6c8d245fe4fdbddddde870 @@ -79,7 +79,6 @@ SHA512 (suds_community-0.8.5-py3-none-any.whl) = 0719c3c2988ff96bd8698df326fb332 SHA512 (openshift-0.12.1.tar.gz) = 35a0ecfbc12d657f5f79d4c752a7c023a2a5e3fc5e7b377d9f11ce4a7d5f666ca5c6296f31adb44b7680d051af42d3638ced1092fb7e9146d2cc998f2c3a7b80 SHA512 (ruamel.yaml.clib-0.2.6.tar.gz) = 12307a3c3bae09cf65d9672894c9a869a7ed5483ca3afb9ee39d8bcbf1948b012a0dbf570e315cc8b9a8b55184de9e10324953ec4819d214379e01522ee13b20 SHA512 (kubernetes-12.0.1.tar.gz) = ff4739dc185dbf46050e53382b9260a0a69c55b43820ccb1df498718c78d1bf42842f4ab1b6d0c3520c5edab45d9c9c9527aea9ccb0b6347f34e18202f9155a2 -SHA512 (certifi-2021.10.8.tar.gz) = 06dc41a471f16f6c52751854e82fb42011c9388651cff55761298b86ba437d431e6325ab039ef330f2b2c5f69f5ba43dc468e7ca3df205a8bb31468f43711fbe SHA512 (google-auth-2.3.0.tar.gz) = cf0040d238880ea4bbad64f0a47311f2ed3922a7301a0d5287319b39ea8e76dca66dc78fd860cc12386b078bd2147a1cba01de97381420ef94cc44fca0c90ad1 SHA512 (cachetools-4.2.4.tar.gz) = 29a6bb3a064e5603cd3e3882d8e5a6a6ef95ba3029716692c9a82d7186a0befcfb8ed4a0ee3ecb591fdff93a46836d5b25acca7ba5eab1ba837e86404aea8fcf SHA512 (pyasn1-modules-0.2.8.tar.gz) = fdfcaa065deffdd732deaa1fa30dec2fc4a90ffe15bd12de40636ce0212f447611096d2f4e652ed786b5c47544439e6a93721fabe121f3320f13965692a1ca5b