Import from AlmaLinux stable repository

SOURCES/RHEL-14030-2-fence_cisco_mds-undo-metadata-change.patch

@@ -0,0 +1,35 @@
+From 639732ddca765b2f147ef0c0a896968e3304ca49 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Mon, 23 Oct 2023 09:28:55 +0200
+Subject: [PATCH] fence_cisco_mds: undo metadata change, as it is an I/O agent
+
+---
+ agents/cisco_mds/fence_cisco_mds.py     | 2 +-
+ tests/data/metadata/fence_cisco_mds.xml | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/agents/cisco_mds/fence_cisco_mds.py b/agents/cisco_mds/fence_cisco_mds.py
+index 04cd1f842..fbb876a94 100644
+--- a/agents/cisco_mds/fence_cisco_mds.py
++++ b/agents/cisco_mds/fence_cisco_mds.py
+@@ -77,7 +77,7 @@ def main():
+ 
+ 	docs = {}
+ 	docs["shortdesc"] = "Fence agent for Cisco MDS"
+-	docs["longdesc"] = "fence_cisco_mds is a Power Fencing agent \
++	docs["longdesc"] = "fence_cisco_mds is an I/O Fencing agent \
+ which can be used with any Cisco MDS 9000 series with SNMP enabled device."
+ 	docs["vendorurl"] = "http://www.cisco.com"
+ 	show_docs(options, docs)
+diff --git a/tests/data/metadata/fence_cisco_mds.xml b/tests/data/metadata/fence_cisco_mds.xml
+index 2105ecccc..829c9dcbe 100644
+--- a/tests/data/metadata/fence_cisco_mds.xml
++++ b/tests/data/metadata/fence_cisco_mds.xml
+@@ -1,6 +1,6 @@
+ <?xml version="1.0" ?>
+ <resource-agent name="fence_cisco_mds" shortdesc="Fence agent for Cisco MDS" >
+-<longdesc>fence_cisco_mds is a Power Fencing agent which can be used with any Cisco MDS 9000 series with SNMP enabled device.</longdesc>
++<longdesc>fence_cisco_mds is an I/O Fencing agent which can be used with any Cisco MDS 9000 series with SNMP enabled device.</longdesc>
+ <vendor-url>http://www.cisco.com</vendor-url>
+ <parameters>
+ 	<parameter name="action" unique="0" required="1">

SOURCES/RHEL-14344-fence_zvmip-1-document-user-permissions.patch

@@ -0,0 +1,159 @@
+From dcb8ddd13c3dfad02e00c07f283251e0c2a60c46 Mon Sep 17 00:00:00 2001
+From: Reid Wahl <nrwahl@protonmail.com>
+Date: Mon, 16 Aug 2021 17:44:13 -0700
+Subject: [PATCH] fence_zvmip: Update longdesc to document all required
+ functions
+
+In RHBZ#1935641, IBM explained that the requesting user needs
+authorization for more functions than what is currently documented.
+
+They said:
+"""
+What we found is that you need rights from three different NICKS:
+SERVER_MANAGEMENT, IMAGE_CHARACTERISTICS and IMAGE_OPERATIONS.
+You won't be able to give a user all three NICKS.
+Therefore, you have to create a new NICK with all capabilities from all
+three NICKS together and then assign the new NICK to the USER
+"ZCLUSTER".
+Even better is to just use the needed Subset with a new NICK.
+We found five commands which are used in the fencing code and on the
+z/VM Log which should be enough for fencing to work.
+
+We suggest creating following files:
+
+File VSMWORK1 NAMELIST:
+```
+:nick.ZVM_FENCE
+:list.
+IMAGE_ACTIVATE
+IMAGE_DEACTIVATE
+IMAGE_STATUS_QUERY
+CHECK_AUTHENTICATION
+IMAGE_NAME_QUERY_DM
+```
+
+File VSMWORK1 AUTHLIST:
+```
+ZCLUSTER                            ALL                              ZVM_FENCE
+```
+
+For details, we suggest adding a link to the current z/VM docu:
+ - NAMELIST: https://www.ibm.com/support/knowledgecenter/de/SSB27U_7.2.0/com.ibm.zvm.v720.dmse6/namelst.htm
+ - AUTHLIST: https://www.ibm.com/support/knowledgecenter/de/SSB27U_7.2.0/com.ibm.zvm.v720.dmse6/auf.htm
+"""
+
+Resolves: RHBZ1935641
+
+Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
+---
+ agents/zvm/fence_zvmip.py           | 37 ++++++++++++++++++++++-------
+ tests/data/metadata/fence_zvmip.xml | 37 ++++++++++++++++++++++-------
+ 2 files changed, 56 insertions(+), 18 deletions(-)
+
+diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
+index 4f538e10d..c37950a20 100644
+--- a/agents/zvm/fence_zvmip.py
++++ b/agents/zvm/fence_zvmip.py
+@@ -199,21 +199,40 @@ def main():
+ 
+ 	docs = {}
+ 	docs["shortdesc"] = "Fence agent for use with z/VM Virtual Machines"
+-	docs["longdesc"] = """The fence_zvm agent is intended to be used with with z/VM SMAPI service via TCP/IP
++	docs["longdesc"] = """The fence_zvmip agent is intended to be used with the
++z/VM SMAPI service via TCP/IP.
+ 
+-To  use this agent the z/VM SMAPI service needs to be configured to allow the virtual machine running this agent to connect to it and issue
+-the image_recycle operation.  This involves updating the VSMWORK1 AUTHLIST VMSYS:VSMWORK1. file. The entry should look something similar to
+-this:
++The z/VM SMAPI service must be configured so that the virtual machine running
++the agent can connect to the service, access the system's directory manager,
++and shortly thereafter run image_deactivate and image_activate. This involves
++updating the VSMWORK1 NAMELIST and VSMWORK1 AUTHLIST VMSYS:VSMWORK1 files.
++
++The NAMELIST entry assigns all the required functions to one nick and should
++look similar to this:
++
++:nick.ZVM_FENCE
++:list.
++IMAGE_ACTIVATE
++IMAGE_DEACTIVATE
++IMAGE_STATUS_QUERY
++CHECK_AUTHENTICATION
++IMAGE_NAME_QUERY_DM
++
++
++The AUTHLIST entry authorizes the user to perform all the functions associated
++with the nick, and should look similar to this:
+ 
+ Column 1                   Column 66                Column 131
+ 
+-   |                          |                        |
+-   V                          V                        V
++|                          |                        |
++V                          V                        V
++
++XXXXXXXX                   ALL                      ZVM_FENCE
+ 
+-XXXXXXXX                      ALL                      IMAGE_CHARACTERISTICS
++where XXXXXXXX is the name of the user in the authuser field of the request.
+ 
+-Where XXXXXXX is the name of the virtual machine used in the authuser field of the request. This virtual machine also has to be authorized
+-to access the system's directory manager.
++Refer to the official z/VM documentation for complete instructions and
++reference materials.
+ """
+ 	docs["vendorurl"] = "http://www.ibm.com"
+ 	show_docs(options, docs)
+diff --git a/tests/data/metadata/fence_zvmip.xml b/tests/data/metadata/fence_zvmip.xml
+index 6996ab736..96393bdfa 100644
+--- a/tests/data/metadata/fence_zvmip.xml
++++ b/tests/data/metadata/fence_zvmip.xml
+@@ -1,20 +1,39 @@
+ <?xml version="1.0" ?>
+ <resource-agent name="fence_zvmip" shortdesc="Fence agent for use with z/VM Virtual Machines" >
+-<longdesc>The fence_zvm agent is intended to be used with with z/VM SMAPI service via TCP/IP
++<longdesc>The fence_zvmip agent is intended to be used with the
++z/VM SMAPI service via TCP/IP.
+ 
+-To  use this agent the z/VM SMAPI service needs to be configured to allow the virtual machine running this agent to connect to it and issue
+-the image_recycle operation.  This involves updating the VSMWORK1 AUTHLIST VMSYS:VSMWORK1. file. The entry should look something similar to
+-this:
++The z/VM SMAPI service must be configured so that the virtual machine running
++the agent can connect to the service, access the system's directory manager,
++and shortly thereafter run image_deactivate and image_activate. This involves
++updating the VSMWORK1 NAMELIST and VSMWORK1 AUTHLIST VMSYS:VSMWORK1 files.
++
++The NAMELIST entry assigns all the required functions to one nick and should
++look similar to this:
++
++:nick.ZVM_FENCE
++:list.
++IMAGE_ACTIVATE
++IMAGE_DEACTIVATE
++IMAGE_STATUS_QUERY
++CHECK_AUTHENTICATION
++IMAGE_NAME_QUERY_DM
++
++
++The AUTHLIST entry authorizes the user to perform all the functions associated
++with the nick, and should look similar to this:
+ 
+ Column 1                   Column 66                Column 131
+ 
+-   |                          |                        |
+-   V                          V                        V
++|                          |                        |
++V                          V                        V
++
++XXXXXXXX                   ALL                      ZVM_FENCE
+ 
+-XXXXXXXX                      ALL                      IMAGE_CHARACTERISTICS
++where XXXXXXXX is the name of the user in the authuser field of the request.
+ 
+-Where XXXXXXX is the name of the virtual machine used in the authuser field of the request. This virtual machine also has to be authorized
+-to access the system's directory manager.
++Refer to the official z/VM documentation for complete instructions and
++reference materials.
+ </longdesc>
+ <vendor-url>http://www.ibm.com</vendor-url>
+ <parameters>

SOURCES/RHEL-14344-fence_zvmip-2-fix-manpage-formatting.patch

@@ -0,0 +1,41 @@
+From adac1d81c5758235b6df46d0a91f1e948655848a Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Wed, 3 Jan 2024 10:17:50 +0100
+Subject: [PATCH] fence_zvmip: fix manpage formatting
+
+---
+ agents/zvm/fence_zvmip.py | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
+index f1cea2652..bd8273c49 100644
+--- a/agents/zvm/fence_zvmip.py
++++ b/agents/zvm/fence_zvmip.py
+@@ -210,12 +210,12 @@ def main():
+ The NAMELIST entry assigns all the required functions to one nick and should
+ look similar to this:
+ 
+-:nick.ZVM_FENCE
+-:list.
+-IMAGE_ACTIVATE
+-IMAGE_DEACTIVATE
+-IMAGE_STATUS_QUERY
+-CHECK_AUTHENTICATION
++:nick.ZVM_FENCE\n.br\n\
++:list.\n.br\n\
++IMAGE_ACTIVATE\n.br\n\
++IMAGE_DEACTIVATE\n.br\n\
++IMAGE_STATUS_QUERY\n.br\n\
++CHECK_AUTHENTICATION\n.br\n\
+ IMAGE_NAME_QUERY_DM
+ 
+ 
+@@ -224,7 +224,7 @@ def main():
+ 
+ Column 1                   Column 66                Column 131
+ 
+-|                          |                        |
++|                          |                        |\n.br\n\
+ V                          V                        V
+ 
+ XXXXXXXX                   ALL                      ZVM_FENCE

SOURCES/RHEL-5396-fence_scsi-1-fix-ISID-reg-handling.patch

@@ -0,0 +1,68 @@
+From 9d0d0d013c7edae43a4ebc5f46bf2e7a4f127654 Mon Sep 17 00:00:00 2001
+From: "sreejit.mohanan" <sreejit.mohanan@nutanix.com>
+Date: Fri, 17 Feb 2023 18:04:03 -0800
+Subject: [PATCH] fence_scsi: fix registration handling if ISID conflicts ISID
+ (Initiator Session ID) belonging to I_T Nexus changes for RHEL based on the
+ session ID. This means that the connection to the device can be set up with
+ different ISID on reconnects.
+
+fence_scsi treats same key as a tip to ignore issuing registration
+to the device but if the device was registered using a different
+ISID, the key would be the same but the I_T Nexus (new ISID) would
+not have access to the device.
+
+Fixing this by preempting the old key and replacing with the current
+one.
+---
+ agents/scsi/fence_scsi.py | 35 ++++++++++++++++++++++++++++++++---
+ 1 file changed, 32 insertions(+), 3 deletions(-)
+
+diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
+index f9e6823b2..85e4f29e6 100644
+--- a/agents/scsi/fence_scsi.py
++++ b/agents/scsi/fence_scsi.py
+@@ -137,12 +137,41 @@ def register_dev(options, dev):
+ 		for slave in get_mpath_slaves(dev):
+ 			register_dev(options, slave)
+ 		return True
+-	if get_reservation_key(options, dev, False) == options["--key"]:
+-		return True
++
++	# Check if any registration exists for the key already. We track this in
++	# order to decide whether the existing registration needs to be cleared.
++	# This is needed since the previous registration could be for a
++	# different I_T nexus (different ISID).
++	registration_key_exists = False
++	if options["--key"] in get_registration_keys(options, dev):
++		registration_key_exists = True
++	if not register_helper(options, options["--key"], dev):
++		return False
++
++	if registration_key_exists:
++		# If key matches, make sure it matches with the connection that
++		# exists right now. To do this, we can issue a preempt with same key
++		# which should replace the old invalid entries from the target.
++		if not preempt(options, options["--key"], dev):
++			return False
++
++		# If there was no reservation, we need to issue another registration
++		# since the previous preempt would clear registration made above.
++		if get_reservation_key(options, dev, False) != options["--key"]:
++			return register_helper(options, options["--key"], dev)
++	return True
++
++# cancel registration without aborting tasks
++def preempt(options, host, dev):
++	reset_dev(options,dev)
++	cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
++	return not bool(run_cmd(options, cmd)["rc"])
++
++# helper function to send the register command
++def register_helper(options, host, dev):
+ 	reset_dev(options, dev)
+ 	cmd = options["--sg_persist-path"] + " -n -o -I -S " + options["--key"] + " -d " + dev
+ 	cmd += " -Z" if "--aptpl" in options else ""
+-	#cmd return code != 0 but registration can be successful
+ 	return not bool(run_cmd(options, cmd)["rc"])
+ 
+ 

SOURCES/RHEL-5396-fence_scsi-2-fix-ISID-reg-handling-off.patch

@@ -0,0 +1,103 @@
+From 34baef58db442148b8e067509d2cdd37b7a91ef4 Mon Sep 17 00:00:00 2001
+From: "sreejit.mohanan" <sreejit.mohanan@nutanix.com>
+Date: Thu, 7 Sep 2023 15:57:51 -0700
+Subject: [PATCH] fence_scsi: fix registration handling in device 'off'
+ workflows
+
+ISID (Initiator Session ID) belonging to I_T Nexus changes for
+RHEL based on the session ID. This means that the connection to
+the device can be set up with different ISID on reconnects.
+
+When a device is powered off, fence_scsi assumes that the client
+has a registration to the device and sends a preempt-and-abort
+request which ends up failing due to reservation conflict.
+
+Fixing this by registering the host key with the device and preempting
+the old registration (if it exists). This should make sure that the
+host is able to preempt the other key successfully.
+---
+ agents/scsi/fence_scsi.py | 29 +++++++++++++++--------------
+ 1 file changed, 15 insertions(+), 14 deletions(-)
+
+diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
+index 42530ceb5..519319bf5 100644
+--- a/agents/scsi/fence_scsi.py
++++ b/agents/scsi/fence_scsi.py
+@@ -41,7 +41,7 @@ def set_status(conn, options):
+ 		for dev in options["devices"]:
+ 			is_block_device(dev)
+ 
+-			register_dev(options, dev)
++			register_dev(options, dev, options["--key"])
+ 			if options["--key"] not in get_registration_keys(options, dev):
+ 				count += 1
+ 				logging.debug("Failed to register key "\
+@@ -62,7 +62,7 @@ def set_status(conn, options):
+ 			fail_usage("Failed: keys cannot be same. You can not fence yourself.")
+ 		for dev in options["devices"]:
+ 			is_block_device(dev)
+-
++			register_dev(options, dev, host_key)
+ 			if options["--key"] in get_registration_keys(options, dev):
+ 				preempt_abort(options, host_key, dev)
+ 
+@@ -131,11 +131,11 @@ def reset_dev(options, dev):
+ 	return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"]
+ 
+ 
+-def register_dev(options, dev):
++def register_dev(options, dev, key):
+ 	dev = os.path.realpath(dev)
+ 	if re.search(r"^dm", dev[5:]):
+ 		for slave in get_mpath_slaves(dev):
+-			register_dev(options, slave)
++			register_dev(options, slave, key)
+ 		return True
+ 
+ 	# Check if any registration exists for the key already. We track this in
+@@ -143,34 +143,35 @@ def register_dev(options, dev):
+ 	# This is needed since the previous registration could be for a
+ 	# different I_T nexus (different ISID).
+ 	registration_key_exists = False
+-	if options["--key"] in get_registration_keys(options, dev):
++	if key in get_registration_keys(options, dev):
++		logging.debug("Registration key exists for device " + dev)
+ 		registration_key_exists = True
+-	if not register_helper(options, options["--key"], dev):
++	if not register_helper(options, dev, key):
+ 		return False
+ 
+ 	if registration_key_exists:
+ 		# If key matches, make sure it matches with the connection that
+ 		# exists right now. To do this, we can issue a preempt with same key
+ 		# which should replace the old invalid entries from the target.
+-		if not preempt(options, options["--key"], dev):
++		if not preempt(options, key, dev, key):
+ 			return False
+ 
+ 		# If there was no reservation, we need to issue another registration
+ 		# since the previous preempt would clear registration made above.
+-		if get_reservation_key(options, dev, False) != options["--key"]:
+-			return register_helper(options, options["--key"], dev)
++		if get_reservation_key(options, dev, False) != key:
++			return register_helper(options, dev, key)
+ 	return True
+ 
+-# cancel registration without aborting tasks
+-def preempt(options, host, dev):
++# helper function to preempt host with 'key' using 'host_key' without aborting tasks
++def preempt(options, host_key, dev, key):
+ 	reset_dev(options,dev)
+-	cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
++	cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host_key + " -S " + key + " -d " + dev
+ 	return not bool(run_cmd(options, cmd)["rc"])
+ 
+ # helper function to send the register command
+-def register_helper(options, host, dev):
++def register_helper(options, dev, key):
+ 	reset_dev(options, dev)
+-	cmd = options["--sg_persist-path"] + " -n -o -I -S " + options["--key"] + " -d " + dev
++	cmd = options["--sg_persist-path"] + " -n -o -I -S " + key + " -d " + dev
+ 	cmd += " -Z" if "--aptpl" in options else ""
+ 	return not bool(run_cmd(options, cmd)["rc"])
+ 

SPECS/fence-agents.spec

@@ -17,8 +17,8 @@
 %global ruamelyamlclib_version	0.2.6
 %global kubernetes		kubernetes
 %global kubernetes_version	12.0.1
-%global certifi			certifi
+%global certifi 		certifi
-%global certifi_version		2023.7.22
+%global certifi_version 	2023.7.22
 %global googleauth		google-auth
 %global googleauth_version	2.3.0
 %global cachetools		cachetools
@@ -59,7 +59,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.10.0
-Release: 55%{?alphatag:.%{alphatag}}%{?dist}.3
+Release: 62%{?alphatag:.%{alphatag}}%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: https://github.com/ClusterLabs/fence-agents
 Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
@@ -109,83 +109,83 @@ Source1025: azure_mgmt_compute-21.0.0-py2.py3-none-any.whl
 Source1026: azure_mgmt_core-1.2.2-py2.py3-none-any.whl
 Source1027: azure_mgmt_network-19.0.0-py2.py3-none-any.whl
 Source1028: azure-identity-1.10.0.zip
-Source1030: chardet-4.0.0-py2.py3-none-any.whl
+Source1029: chardet-4.0.0-py2.py3-none-any.whl
-Source1031: idna-2.10-py2.py3-none-any.whl
+Source1030: idna-2.10-py2.py3-none-any.whl
-Source1032: isodate-0.6.0-py2.py3-none-any.whl
+Source1031: isodate-0.6.0-py2.py3-none-any.whl
-Source1033: msrest-0.6.21-py2.py3-none-any.whl
+Source1032: msrest-0.6.21-py2.py3-none-any.whl
-Source1034: msrestazure-0.6.4-py2.py3-none-any.whl
+Source1033: msrestazure-0.6.4-py2.py3-none-any.whl
-Source1035: %{oauthlib}-%{oauthlib_version}.tar.gz
+Source1034: %{oauthlib}-%{oauthlib_version}.tar.gz
-Source1036: PyJWT-2.1.0-py3-none-any.whl
+Source1035: PyJWT-2.1.0-py3-none-any.whl
-Source1037: requests-2.25.1-py2.py3-none-any.whl
+Source1036: requests-2.25.1-py2.py3-none-any.whl
-Source1038: requests_oauthlib-1.3.0-py2.py3-none-any.whl
+Source1037: requests_oauthlib-1.3.0-py2.py3-none-any.whl
-Source1139: msal-1.18.0.tar.gz
+Source1038: msal-1.18.0.tar.gz
-Source1140: msal-extensions-1.0.0.tar.gz
+Source1039: msal-extensions-1.0.0.tar.gz
-Source1141: portalocker-2.5.1.tar.gz
+Source1040: portalocker-2.5.1.tar.gz
 # google
-Source1042: cachetools-4.2.2-py3-none-any.whl
+Source1041: cachetools-4.2.2-py3-none-any.whl
-Source1043: chardet-3.0.4-py2.py3-none-any.whl
+Source1042: chardet-3.0.4-py2.py3-none-any.whl
-Source1044: google_api_core-1.30.0-py2.py3-none-any.whl
+Source1043: google_api_core-1.30.0-py2.py3-none-any.whl
-Source1045: google_api_python_client-1.12.8-py2.py3-none-any.whl
+Source1044: google_api_python_client-1.12.8-py2.py3-none-any.whl
-Source1046: googleapis_common_protos-1.53.0-py2.py3-none-any.whl
+Source1045: googleapis_common_protos-1.53.0-py2.py3-none-any.whl
-Source1047: google_auth-1.32.0-py2.py3-none-any.whl
+Source1046: google_auth-1.32.0-py2.py3-none-any.whl
-Source1048: google_auth_httplib2-0.1.0-py2.py3-none-any.whl
+Source1047: google_auth_httplib2-0.1.0-py2.py3-none-any.whl
-Source1049: httplib2-0.19.1-py3-none-any.whl
+Source1048: httplib2-0.19.1-py3-none-any.whl
-Source1050: packaging-20.9-py2.py3-none-any.whl
+Source1049: packaging-20.9-py2.py3-none-any.whl
-Source1051: protobuf-3.17.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl
+Source1050: protobuf-3.17.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl
-Source1052: pyasn1-0.4.8-py2.py3-none-any.whl
+Source1051: pyasn1-0.4.8-py2.py3-none-any.whl
-Source1053: pyasn1_modules-0.2.8-py2.py3-none-any.whl
+Source1052: pyasn1_modules-0.2.8-py2.py3-none-any.whl
-Source1054: pyparsing-2.4.7-py2.py3-none-any.whl
+Source1053: pyparsing-2.4.7-py2.py3-none-any.whl
-Source1055: pyroute2-0.6.4.tar.gz
+Source1054: pyroute2-0.6.4.tar.gz
-Source1056: pyroute2.core-0.6.4.tar.gz
+Source1055: pyroute2.core-0.6.4.tar.gz
-Source1057: pyroute2.ethtool-0.6.4.tar.gz
+Source1056: pyroute2.ethtool-0.6.4.tar.gz
-Source1058: pyroute2.ipdb-0.6.4.tar.gz
+Source1057: pyroute2.ipdb-0.6.4.tar.gz
-Source1059: pyroute2.ipset-0.6.4.tar.gz
+Source1058: pyroute2.ipset-0.6.4.tar.gz
-Source1060: pyroute2.ndb-0.6.4.tar.gz
+Source1059: pyroute2.ndb-0.6.4.tar.gz
-Source1061: pyroute2.nftables-0.6.4.tar.gz
+Source1060: pyroute2.nftables-0.6.4.tar.gz
-Source1062: pyroute2.nslink-0.6.4.tar.gz
+Source1061: pyroute2.nslink-0.6.4.tar.gz
-Source1063: pytz-2021.1-py2.py3-none-any.whl
+Source1062: pytz-2021.1-py2.py3-none-any.whl
-Source1064: rsa-4.7.2-py3-none-any.whl
+Source1063: rsa-4.7.2-py3-none-any.whl
-Source1065: setuptools-57.0.0-py3-none-any.whl
+Source1064: setuptools-57.0.0-py3-none-any.whl
-Source1066: uritemplate-3.0.1-py2.py3-none-any.whl
+Source1065: uritemplate-3.0.1-py2.py3-none-any.whl
 # common (pexpect / suds)
-Source1067: pexpect-4.8.0-py2.py3-none-any.whl
+Source1066: pexpect-4.8.0-py2.py3-none-any.whl
-Source1068: ptyprocess-0.7.0-py2.py3-none-any.whl
+Source1067: ptyprocess-0.7.0-py2.py3-none-any.whl
-Source1069: suds_community-0.8.5-py3-none-any.whl
+Source1068: suds_community-0.8.5-py3-none-any.whl
 ### END ###
 # kubevirt
 ## pip download --no-binary :all: openshift "ruamel.yaml.clib>=0.1.2"
 ### BEGIN
-Source1070: %{openshift}-%{openshift_version}.tar.gz
+Source1069: %{openshift}-%{openshift_version}.tar.gz
-Source1071: %{ruamelyamlclib}-%{ruamelyamlclib_version}.tar.gz
+Source1070: %{ruamelyamlclib}-%{ruamelyamlclib_version}.tar.gz
-Source1072: %{kubernetes}-%{kubernetes_version}.tar.gz
+Source1071: %{kubernetes}-%{kubernetes_version}.tar.gz
-Source1073: %{certifi}-%{certifi_version}.tar.gz
+Source1072: %{certifi}-%{certifi_version}.tar.gz
-Source1074: %{googleauth}-%{googleauth_version}.tar.gz
+Source1073: %{googleauth}-%{googleauth_version}.tar.gz
-Source1075: %{cachetools}-%{cachetools_version}.tar.gz
+Source1074: %{cachetools}-%{cachetools_version}.tar.gz
-Source1076: %{pyasn1modules}-%{pyasn1modules_version}.tar.gz
+Source1075: %{pyasn1modules}-%{pyasn1modules_version}.tar.gz
-Source1077: %{pyasn1}-%{pyasn1_version}.tar.gz
+Source1076: %{pyasn1}-%{pyasn1_version}.tar.gz
-Source1078: python-%{dateutil}-%{dateutil_version}.tar.gz
+Source1077: python-%{dateutil}-%{dateutil_version}.tar.gz
-Source1079: %{pyyaml}-%{pyyaml_version}.tar.gz
+Source1078: %{pyyaml}-%{pyyaml_version}.tar.gz
 ## rsa is dependency for "pip install",
 ## but gets removed to use cryptography lib instead
-Source1080: rsa-4.7.2.tar.gz
+Source1079: rsa-4.7.2.tar.gz
-Source1081: %{six}-%{six_version}.tar.gz
+Source1080: %{six}-%{six_version}.tar.gz
-Source1082: %{websocketclient}-%{websocketclient_version}.tar.gz
+Source1081: %{websocketclient}-%{websocketclient_version}.tar.gz
-Source1083: %{jinja2}-%{jinja2_version}.tar.gz
+Source1082: %{jinja2}-%{jinja2_version}.tar.gz
-Source1084: %{markupsafe}-%{markupsafe_version}.tar.gz
+Source1083: %{markupsafe}-%{markupsafe_version}.tar.gz
-Source1085: python-%{stringutils}-%{stringutils_version}.tar.gz
+Source1084: python-%{stringutils}-%{stringutils_version}.tar.gz
-Source1086: %{requests}-%{requests_version}.tar.gz
+Source1085: %{requests}-%{requests_version}.tar.gz
-Source1087: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz
+Source1086: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz
-Source1088: %{idna}-%{idna_version}.tar.gz
+Source1087: %{idna}-%{idna_version}.tar.gz
-Source1089: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz
+Source1088: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz
-Source1090: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz
+Source1089: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz
-Source1091: %{setuptools}-%{setuptools_version}.tar.gz
+Source1090: %{setuptools}-%{setuptools_version}.tar.gz
 ## required for installation
-Source1092: setuptools_scm-6.3.2.tar.gz
+Source1091: setuptools_scm-6.3.2.tar.gz
-Source1093: packaging-21.2-py3-none-any.whl
+Source1092: packaging-21.2-py3-none-any.whl
-Source1094: poetry-core-1.0.7.tar.gz
+Source1093: poetry-core-1.0.7.tar.gz
-Source1095: pyparsing-3.0.1.tar.gz
+Source1094: pyparsing-3.0.1.tar.gz
-Source1096: tomli-1.0.1.tar.gz
+Source1095: tomli-1.0.1.tar.gz
-Source1097: wheel-0.37.0-py2.py3-none-any.whl
+Source1096: wheel-0.37.0-py2.py3-none-any.whl
 ### END
 
 Patch0: ha-cloud-support-aliyun.patch
@@ -235,10 +235,18 @@ Patch43: bz2187327-fence_scsi-2-support-space-separated-devices.patch
 Patch44: bz2211930-fence_azure-arm-stack-hub-support.patch
 Patch45: bz2221643-fence_ibm_powervs-performance-improvements.patch
 Patch46: bz2224267-fence_ipmilan-fix-typos-in-metadata.patch
+Patch47: RHEL-5396-fence_scsi-1-fix-ISID-reg-handling.patch
+Patch48: RHEL-5396-fence_scsi-2-fix-ISID-reg-handling-off.patch
+Patch49: RHEL-14344-fence_zvmip-1-document-user-permissions.patch
+Patch50: RHEL-14030-1-all-agents-metadata-update-IO-Power-Network.patch
+Patch51: RHEL-14030-2-fence_cisco_mds-undo-metadata-change.patch
+Patch52: RHEL-14344-fence_zvmip-2-fix-manpage-formatting.patch
 
 ### HA support libs/utils ###
-Patch1000: bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
+# all archs
-Patch1001: bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
+Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
+# cloud (x86_64 only)
+Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
 
 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
 %ifarch x86_64
@@ -349,53 +357,59 @@ BuildRequires: %{systemd_units}
 
 %prep
 %setup -q -n %{name}-%{version}%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}
-%patch0 -p1
+%patch -p1 -P 0
-%patch1 -p1
+%patch -p1 -P 1
-%patch2 -p1
+%patch -p1 -P 2
-%patch3 -p1
+%patch -p1 -P 3
-%patch4 -p1
+%patch -p1 -P 4
-%patch5 -p1
+%patch -p1 -P 5
-%patch6 -p1
+%patch -p1 -P 6
-%patch7 -p1
+%patch -p1 -P 7
-%patch8 -p1
+%patch -p1 -P 8
-%patch9 -p1
+%patch -p1 -P 9
-%patch10 -p1
+%patch -p1 -P 10
-%patch11 -p1
+%patch -p1 -P 11
-%patch12 -p1
+%patch -p1 -P 12
-%patch13 -p1
+%patch -p1 -P 13
-%patch14 -p1 -F2
+%patch -p1 -P 14 -F2
-%patch15 -p1 -F1
+%patch -p1 -P 15 -F1
-%patch16 -p1
+%patch -p1 -P 16
-%patch17 -p1
+%patch -p1 -P 17
-%patch18 -p1
+%patch -p1 -P 18
-%patch19 -p1
+%patch -p1 -P 19
-%patch20 -p1
+%patch -p1 -P 20
-%patch21 -p1
+%patch -p1 -P 21
-%patch22 -p1
+%patch -p1 -P 22
-%patch23 -p1
+%patch -p1 -P 23
-%patch24 -p1
+%patch -p1 -P 24
-%patch25 -p1
+%patch -p1 -P 25
-%patch26 -p1
+%patch -p1 -P 26
-%patch27 -p1
+%patch -p1 -P 27
-%patch28 -p1
+%patch -p1 -P 28
-%patch29 -p1
+%patch -p1 -P 29
-%patch30 -p1
+%patch -p1 -P 30
-%patch31 -p1
+%patch -p1 -P 31
-%patch32 -p1
+%patch -p1 -P 32
-%patch33 -p1
+%patch -p1 -P 33
-%patch34 -p1
+%patch -p1 -P 34
-%patch35 -p1
+%patch -p1 -P 35
-%patch36 -p1
+%patch -p1 -P 36
-%patch37 -p1
+%patch -p1 -P 37
-%patch38 -p1
+%patch -p1 -P 38
-%patch39 -p1
+%patch -p1 -P 39
-%patch40 -p1
+%patch -p1 -P 40
-%patch41 -p1
+%patch -p1 -P 41
-%patch42 -p1
+%patch -p1 -P 42
-%patch43 -p1
+%patch -p1 -P 43
-%patch44 -p1
+%patch -p1 -P 44
-%patch45 -p1
+%patch -p1 -P 45
-%patch46 -p1
+%patch -p1 -P 46
+%patch -p1 -P 47
+%patch -p1 -P 48
+%patch -p1 -P 49
+%patch -p1 -P 50
+%patch -p1 -P 51
+%patch -p1 -P 52
 
 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@@ -426,21 +440,18 @@ sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/aliyun/bin/
 sed -i -e "/^import awscli.clidriver/isys.path.insert(0, '/usr/lib/%{name}/support/awscli')" support/awscli/bin/aws
 %endif
 
-# regular patch doesnt work in build-section
-# Patch1000
-%ifarch x86_64
-pushd support
-/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
-popd
-%endif
-
 # kubevirt
 %{__python3} -m pip install --user --no-index --find-links %{_sourcedir} setuptools-scm
 %{__python3} -m pip install --target support/kubevirt --no-index --find-links %{_sourcedir} openshift
 rm -rf kubevirt/rsa*
-# Patch1001
+
+# regular patch doesnt work in build-section
 pushd support
-/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
+/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000}
+
+%ifarch x86_64
+/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000}
+%endif
 popd
 
 ./autogen.sh
@@ -598,7 +609,7 @@ Provides: bundled(python-azure-core) = 1.15.0
 Provides: bundled(python-azure-mgmt-compute) = 21.0.0
 Provides: bundled(python-azure-mgmt-core) = 1.2.2
 Provides: bundled(python-azure-mgmt-network) = 19.0.0
-Provides: bundled(python-certifi) = 2021.5.30
+Provides: bundled(python-certifi) = %{certifi_version}
 Provides: bundled(python-chardet) = 4.0.0
 Provides: bundled(python-idna) = 2.10
 Provides: bundled(python-isodate) = 0.6.0
@@ -1475,7 +1486,7 @@ are located on corosync cluster nodes.
 %endif
 
 %changelog
-* Thu Mar 07 2024 Akshata Konala <akshata.konala@oracle.com> - 4.10.0-55.3
+* Thu Jan 18 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-62
 - bundled urllib3: fix CVE-2023-45803
   Resolves: RHEL-18139
 - bundled pycryptodome: fix CVE-2023-52323
@@ -1483,9 +1494,24 @@ are located on corosync cluster nodes.
 - bundled jinja2: fix CVE-2024-22195
   Resolves: RHEL-21345
 
-* Tue Dec 12 2023 Alan Steinberg <alan.steinberg@oracle.com> - 4.10.0-55.2
+* Wed Jan  3 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-61
-- python-certifi: Removal of e-Tugra root certificate (CVE-2023-37920)
+- fence_zvmip: document required user permissions in metadata/manpage
-- python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)
+  Resolves: RHEL-14344
+
+* Mon Oct 23 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-60
+- all agents: update metadata in non-I/O agents to Power or Network
+  fencing
+  Resolves: RHEL-14030
+
+* Wed Oct 11 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-57
+- bundled urllib3: fix CVE-2023-43804
+  Resolves: RHEL-11999
+
+* Wed Sep 27 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-56
+- fence_scsi: fix registration handling if ISID conflicts
+  Resolves: RHEL-5396
+- bundled certifi: fix CVE-2023-37920
+  Resolves: RHEL-9446
 
 * Thu Aug  3 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-55
 - bundled dateutil: fix tarfile CVE-2007-4559