rpms/fence-agents
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import EuroLinux fence-agents-4.2.1-121.el8_9.4

Browse Source
This commit is contained in:
eabdullin 2024-02-22 07:03:17 +00:00
parent 782c400bf2
commit 7c5ab86882
6 changed files with 88 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.fence-agents.metadata
View File

@ -20,7 +20,7 @@ f6efa66f6106b069b5c0e0cf8cc677e4e96c91ca SOURCES/oauthlib-3.1.1.tar.gz
bccbc1bf76a9db46998eb8e1ffa2f2a2baf9237a SOURCES/packaging-21.2-py3-none-any.whl bccbc1bf76a9db46998eb8e1ffa2f2a2baf9237a SOURCES/packaging-21.2-py3-none-any.whl
e0fa19f8fda46a1fa2253477499b116b33f67175 SOURCES/pyasn1-0.4.8.tar.gz e0fa19f8fda46a1fa2253477499b116b33f67175 SOURCES/pyasn1-0.4.8.tar.gz
43b89feb6864fe359aae89120627165219de313b SOURCES/pyasn1-modules-0.2.8.tar.gz 43b89feb6864fe359aae89120627165219de313b SOURCES/pyasn1-modules-0.2.8.tar.gz
326a73f58a62ebee00c11a12cfdd838b196e0e8e SOURCES/pycryptodome-3.6.4.tar.gz c55d177e9484d974c95078d4ae945f89ba2c7251 SOURCES/pycryptodome-3.20.0.tar.gz
c8307f47e3b75a2d02af72982a2dfefa3f56e407 SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl c8307f47e3b75a2d02af72982a2dfefa3f56e407 SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
c2ba10c775b7a52a4b57cac4d4110a0c0f812a82 SOURCES/python-dateutil-2.8.2.tar.gz c2ba10c775b7a52a4b57cac4d4110a0c0f812a82 SOURCES/python-dateutil-2.8.2.tar.gz
1dc2fa004aa6517f1620e55d8a7b8e68a9cf2a47 SOURCES/python-string-utils-1.0.0.tar.gz 1dc2fa004aa6517f1620e55d8a7b8e68a9cf2a47 SOURCES/python-string-utils-1.0.0.tar.gz
@ -33,5 +33,5 @@ d5354718cb8c9330d3abc27445467ce8a5ed9d70 SOURCES/setuptools-58.3.0.tar.gz
a4f02fddae697614e356cadfddb6241cc7737f38 SOURCES/setuptools_scm-6.3.2.tar.gz a4f02fddae697614e356cadfddb6241cc7737f38 SOURCES/setuptools_scm-6.3.2.tar.gz
06fa0bb50f2a4e2917fd14c21e9d2d5508ce0163 SOURCES/six-1.16.0.tar.gz 06fa0bb50f2a4e2917fd14c21e9d2d5508ce0163 SOURCES/six-1.16.0.tar.gz
b42b7960047441db7dc021cc20e14279bd836f8d SOURCES/tomli-1.0.1.tar.gz b42b7960047441db7dc021cc20e14279bd836f8d SOURCES/tomli-1.0.1.tar.gz
eb35c3fd8b0867ae988a15917d6b80e8bdf60222 SOURCES/urllib3-1.26.7.tar.gz 84e2852d8da1655373f7ce5e7d5d3e256b62b4e4 SOURCES/urllib3-1.26.18.tar.gz
540f083782c584989c1a0f69ffd69ba7aae07db6 SOURCES/websocket-client-1.2.1.tar.gz 540f083782c584989c1a0f69ffd69ba7aae07db6 SOURCES/websocket-client-1.2.1.tar.gz

4
.gitignore vendored
View File

@ -20,7 +20,7 @@ SOURCES/openshift-0.12.1.tar.gz
SOURCES/packaging-21.2-py3-none-any.whl SOURCES/packaging-21.2-py3-none-any.whl
SOURCES/pyasn1-0.4.8.tar.gz SOURCES/pyasn1-0.4.8.tar.gz
SOURCES/pyasn1-modules-0.2.8.tar.gz SOURCES/pyasn1-modules-0.2.8.tar.gz
SOURCES/pycryptodome-3.6.4.tar.gz SOURCES/pycryptodome-3.20.0.tar.gz
SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
SOURCES/python-dateutil-2.8.2.tar.gz SOURCES/python-dateutil-2.8.2.tar.gz
SOURCES/python-string-utils-1.0.0.tar.gz SOURCES/python-string-utils-1.0.0.tar.gz
@ -33,5 +33,5 @@ SOURCES/setuptools-58.3.0.tar.gz
SOURCES/setuptools_scm-6.3.2.tar.gz SOURCES/setuptools_scm-6.3.2.tar.gz
SOURCES/six-1.16.0.tar.gz SOURCES/six-1.16.0.tar.gz
SOURCES/tomli-1.0.1.tar.gz SOURCES/tomli-1.0.1.tar.gz
SOURCES/urllib3-1.26.7.tar.gz SOURCES/urllib3-1.26.18.tar.gz
SOURCES/websocket-client-1.2.1.tar.gz SOURCES/websocket-client-1.2.1.tar.gz

26
SOURCES/RHEL-11988-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch
View File

@ -1,26 +0,0 @@
From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001
From: Quentin Pradet <quentin.pradet@gmail.com>
Date: Mon, 2 Oct 2023 19:46:16 +0400
Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f
---
CHANGES.rst | 5 ++++
docs/user-guide.rst | 3 +++
src/urllib3/util/retry.py | 2 +-
test/test_retry.py | 4 +--
test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++-----
5 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
index ea48afe3ca..7572bfd26a 100644
--- a/kubevirt/urllib3/util/retry.py
+++ b/kubevirt/urllib3/util/retry.py
@@ -187,7 +187,7 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
#: Maximum backoff time.
BACKOFF_MAX = 120

26
SOURCES/RHEL-11988-2-aws-fix-bundled-urllib3-CVE-2023-43804.patch
View File

@ -1,26 +0,0 @@
From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001
From: Quentin Pradet <quentin.pradet@gmail.com>
Date: Mon, 2 Oct 2023 19:46:16 +0400
Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f
---
CHANGES.rst | 5 ++++
docs/user-guide.rst | 3 +++
src/urllib3/util/retry.py | 2 +-
test/test_retry.py | 4 +--
test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++-----
5 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
index ea48afe3ca..7572bfd26a 100644
--- a/aws/urllib3/util/retry.py
+++ b/aws/urllib3/util/retry.py
@@ -187,7 +187,7 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
#: Maximum backoff time.
BACKOFF_MAX = 120

63
SOURCES/RHEL-22179-kubevirt-fix-bundled-jinja2-CVE-2024-22195.patch Normal file
View File

@ -0,0 +1,63 @@
From 7dd3680e6eea0d77fde024763657aa4d884ddb23 Mon Sep 17 00:00:00 2001
From: Calum Hutton <calum.hutton@snyk.io>
Date: Thu, 26 Oct 2023 12:08:53 +0100
Subject: [PATCH] xmlattr filter disallows keys with spaces
---
CHANGES.rst | 1 +
src/jinja2/filters.py | 28 +++++++++++++++++++++-------
tests/test_filters.py | 6 ++++++
3 files changed, 28 insertions(+), 7 deletions(-)
diff --git a/src/jinja2/filters.py b/src/jinja2/filters.py
index ed07c4c0e..c7ecc9bb6 100644
--- a/kubevirt/jinja2/filters.py
+++ b/kubevirt/jinja2/filters.py
@@ -248,13 +248,17 @@ def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K
yield from value.items()
+_space_re = re.compile(r"\s", flags=re.ASCII)
+
+
@pass_eval_context
def do_xmlattr(
eval_ctx: "EvalContext", d: t.Mapping[str, t.Any], autospace: bool = True
) -> str:
"""Create an SGML/XML attribute string based on the items in a dict.
- All values that are neither `none` nor `undefined` are automatically
- escaped:
+
+ If any key contains a space, this fails with a ``ValueError``. Values that
+ are neither ``none`` nor ``undefined`` are automatically escaped.
.. sourcecode:: html+jinja
@@ -273,12 +277,22 @@ def do_xmlattr(
As you can see it automatically prepends a space in front of the item
if the filter returned something unless the second parameter is false.
+
+ .. versionchanged:: 3.1.3
+ Keys with spaces are not allowed.
"""
- rv = " ".join(
- f'{escape(key)}="{escape(value)}"'
- for key, value in d.items()
- if value is not None and not isinstance(value, Undefined)
- )
+ items = []
+
+ for key, value in d.items():
+ if value is None or isinstance(value, Undefined):
+ continue
+
+ if _space_re.search(key) is not None:
+ raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
+
+ items.append(f'{escape(key)}="{escape(value)}"')
+
+ rv = " ".join(items)
if autospace and rv:
rv = " " + rv

36
SPECS/fence-agents.spec
View File

@ -11,7 +11,7 @@
# alibaba # alibaba
# python-pycryptodome bundle # python-pycryptodome bundle
%global pycryptodome pycryptodome %global pycryptodome pycryptodome
%global pycryptodome_version 3.6.4 %global pycryptodome_version 3.20.0
%global pycryptodome_dir %{bundled_lib_dir}/aliyun/%{pycryptodome} %global pycryptodome_dir %{bundled_lib_dir}/aliyun/%{pycryptodome}
# python-aliyun-sdk-core bundle # python-aliyun-sdk-core bundle
%global aliyunsdkcore aliyun-python-sdk-core %global aliyunsdkcore aliyun-python-sdk-core
@ -59,10 +59,10 @@
%global pyyaml_version 6.0 %global pyyaml_version 6.0
%global six six %global six six
%global six_version 1.16.0 %global six_version 1.16.0
%global urllib3 urllib3 %global urllib3 urllib3
%global urllib3_version 1.26.7 %global urllib3_version 1.26.18
%global websocketclient websocket-client %global websocketclient websocket-client
%global websocketclient_version 1.2.1 %global websocketclient_version 1.2.1
%global jinja2 Jinja2 %global jinja2 Jinja2
%global jinja2_version 3.0.2 %global jinja2_version 3.0.2
%global markupsafe MarkupSafe %global markupsafe MarkupSafe
@ -87,7 +87,7 @@
Name: fence-agents Name: fence-agents
Summary: Set of unified programs capable of host isolation ("fencing") Summary: Set of unified programs capable of host isolation ("fencing")
Version: 4.2.1 Version: 4.2.1
Release: 121%{?alphatag:.%{alphatag}}%{?dist}.2 Release: 121%{?alphatag:.%{alphatag}}%{?dist}.4
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
Group: System Environment/Base Group: System Environment/Base
URL: https://github.com/ClusterLabs/fence-agents URL: https://github.com/ClusterLabs/fence-agents
@ -278,10 +278,9 @@ Patch134: bz2155453-fence_ibm_powervs-performance-improvements.patch
### HA support libs/utils ### ### HA support libs/utils ###
# all archs # all archs
Patch1000: bz2218234-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch Patch1000: bz2218234-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
Patch1001: RHEL-11988-1-kubevirt-fix-bundled-urllib3-CVE-2023-43804.patch Patch1001: RHEL-22179-kubevirt-fix-bundled-jinja2-CVE-2024-22195.patch
# cloud (x86_64 only) # cloud (x86_64 only)
Patch2000: bz2218234-2-aws-fix-bundled-dateutil-CVE-2007-4559.patch Patch2000: bz2218234-2-aws-fix-bundled-dateutil-CVE-2007-4559.patch
Patch2001: RHEL-11988-2-aws-fix-bundled-urllib3-CVE-2023-43804.patch
%if 0%{?fedora} || 0%{?rhel} > 7 %if 0%{?fedora} || 0%{?rhel} > 7
%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
@ -607,11 +606,10 @@ rm -rf %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt/rsa*
# regular patch doesnt work in build-section # regular patch doesnt work in build-section
pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir} pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000}
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1001} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=1 < %{PATCH1001}
%ifarch x86_64 %ifarch x86_64
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000}
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2001}
%endif %endif
popd popd
@ -1502,13 +1500,21 @@ Fence agent for IBM z/VM over IP.
%endif %endif
%changelog %changelog
* Thu Oct 12 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-121.2 * Mon Jan 22 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-121.4
- bundled urllib3: fix CVE-2023-43804 - bundled urllib3: fix CVE-2023-45803
Resolves: RHEL-11988 Resolves: RHEL-21719
- bundled pycryptodome: fix CVE-2023-52323
Resolves: RHEL-21727
- bundled jinja2: fix CVE-2024-22195
Resolves: RHEL-22179
* Tue Sep 26 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-122 * Fri Oct 13 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-121.2
- bundled urllib3: fix CVE-2023-43804
Resolves: RHEL-12434
* Wed Sep 27 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-121.1
- bundled certifi: fix CVE-2023-37920 - bundled certifi: fix CVE-2023-37920
Resolves: RHEL-6972 Resolves: RHEL-9452
* Thu Aug 3 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-121 * Thu Aug 3 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-121
- bundled dateutil: fix tarfile CVE-2007-4559 - bundled dateutil: fix tarfile CVE-2007-4559