diff --git a/fence-agents.spec b/fence-agents.spec index 8436453..0b4b38c 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -28,7 +28,7 @@ %global pyasn1 pyasn1 %global pyasn1_version 0.4.8 %global dateutil dateutil -%global dateutil_version 2.8.2 +%global dateutil_version 2.8.1 %global pyyaml PyYAML %global pyyaml_version 5.1 %global six six @@ -57,7 +57,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 95%{?alphatag:.%{alphatag}}%{?dist} +Release: 96%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -92,7 +92,7 @@ Source2002: aliyun-cli-go-vendor.tar.gz # aws Source1007: boto3-1.17.102-py2.py3-none-any.whl Source1008: botocore-1.20.102-py2.py3-none-any.whl -Source1009: python_dateutil-2.8.1-py2.py3-none-any.whl +Source1009: python_%{dateutil}-%{dateutil_version}-py2.py3-none-any.whl Source1010: s3transfer-0.4.2-py2.py3-none-any.whl Source1011: %{urllib3}-%{urllib3_version}.tar.gz # azure @@ -157,29 +157,28 @@ Source1064: %{googleauth}-%{googleauth_version}.tar.gz Source1065: %{cachetools}-%{cachetools_version}.tar.gz Source1066: %{pyasn1modules}-%{pyasn1modules_version}.tar.gz Source1067: %{pyasn1}-%{pyasn1_version}.tar.gz -Source1068: python-%{dateutil}-%{dateutil_version}.tar.gz -Source1069: %{pyyaml}-%{pyyaml_version}.tar.gz +Source1068: %{pyyaml}-%{pyyaml_version}.tar.gz ## rsa is dependency for "pip install", ## but gets removed to use cryptography lib instead -Source1070: rsa-4.7.2.tar.gz -Source1071: %{six}-%{six_version}.tar.gz -Source1072: %{websocketclient}-%{websocketclient_version}.tar.gz -Source1073: %{jinja2}-%{jinja2_version}.tar.gz -Source1074: %{markupsafe}-%{markupsafe_version}.tar.gz -Source1075: python-%{stringutils}-%{stringutils_version}.tar.gz -Source1076: %{requests}-%{requests_version}.tar.gz -Source1077: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz -Source1078: %{idna}-%{idna_version}.tar.gz -Source1079: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz -Source1080: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz +Source1069: rsa-4.7.2.tar.gz +Source1070: %{six}-%{six_version}.tar.gz +Source1071: %{websocketclient}-%{websocketclient_version}.tar.gz +Source1072: %{jinja2}-%{jinja2_version}.tar.gz +Source1073: %{markupsafe}-%{markupsafe_version}.tar.gz +Source1074: python-%{stringutils}-%{stringutils_version}.tar.gz +Source1075: %{requests}-%{requests_version}.tar.gz +Source1076: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz +Source1077: %{idna}-%{idna_version}.tar.gz +Source1078: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz +Source1079: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz ## required for installation -Source1081: setuptools_scm-8.1.0.tar.gz -Source1082: packaging-21.2-py3-none-any.whl -Source1083: poetry-core-1.0.7.tar.gz -Source1084: pyparsing-3.0.1.tar.gz -Source1085: tomli-2.0.1.tar.gz -Source1086: flit_core-3.9.0.tar.gz -Source1087: wheel-0.37.0-py2.py3-none-any.whl +Source1080: setuptools_scm-8.1.0.tar.gz +Source1081: packaging-21.2-py3-none-any.whl +Source1082: poetry-core-1.0.7.tar.gz +Source1083: pyparsing-3.0.1.tar.gz +Source1084: tomli-2.0.1.tar.gz +Source1085: flit_core-3.9.0.tar.gz +Source1086: wheel-0.37.0-py2.py3-none-any.whl ### END Patch0: ha-cloud-support-aliyun.patch @@ -645,7 +644,7 @@ Provides: bundled(aliyun-openapi-meta) = 5cf98b660 # aws Provides: bundled(python-boto3) = 1.17.102 Provides: bundled(python-botocore) = 1.20.102 -Provides: bundled(python-dateutil) = 2.8.1 +Provides: bundled(python-%{dateutil}) = %{dateutil_version} Provides: bundled(python-s3transfer) = 0.4.2 Provides: bundled(python-urllib3) = 1.26.18 # azure @@ -660,7 +659,7 @@ Provides: bundled(python-chardet) = 4.0.0 Provides: bundled(python-cffi) = 1.14.5 Provides: bundled(python-%{chrstnormalizer}) = %{chrstnormalizer_version} Provides: bundled(python-cryptography) = 3.3.2 -Provides: bundled(python-dateutil) = 2.8.1 +Provides: bundled(python-%{dateutil}) = %{dateutil_version} Provides: bundled(python-%{idna}) = %{idna_version} Provides: bundled(python-isodate) = 0.6.1 Provides: bundled(python-msal) = 1.31.1 @@ -1565,11 +1564,13 @@ are located on corosync cluster nodes. %endif %changelog +* Thu Jun 26 2025 Oyvind Albrigtsen - 4.10.0-96 +- bundled setuptools: fix CVE-2025-47273 + Resolves: RHEL-95901 + * Thu Jun 12 2025 Oyvind Albrigtsen - 4.10.0-95 - fence_kubevirt: use hard poweroff Resolves: RHEL-82193 -- bundled setuptools: fix CVE-2025-47273 - Resolves: RHEL-95901 * Wed May 21 2025 Oyvind Albrigtsen - 4.10.0-92 - fence_sbd: improve error handling diff --git a/sources b/sources index 37a3097..f9f7608 100644 --- a/sources +++ b/sources @@ -75,7 +75,6 @@ SHA512 (google-auth-2.3.0.tar.gz) = cf0040d238880ea4bbad64f0a47311f2ed3922a7301a SHA512 (cachetools-4.2.4.tar.gz) = 29a6bb3a064e5603cd3e3882d8e5a6a6ef95ba3029716692c9a82d7186a0befcfb8ed4a0ee3ecb591fdff93a46836d5b25acca7ba5eab1ba837e86404aea8fcf SHA512 (pyasn1-modules-0.2.8.tar.gz) = fdfcaa065deffdd732deaa1fa30dec2fc4a90ffe15bd12de40636ce0212f447611096d2f4e652ed786b5c47544439e6a93721fabe121f3320f13965692a1ca5b SHA512 (pyasn1-0.4.8.tar.gz) = e64e70b325c8067f87ace7c0673149e82fe564aa4b0fa146d29b43cb588ecd6e81b1b82803b8cfa7a17d3d0489b6d88b4af5afb3aa0052bf92e8a1769fe8f7b0 -SHA512 (python-dateutil-2.8.2.tar.gz) = 6538858e4a3e2d1de1bf25b6d8b25e3a8d20bf60fb85e32d07ac491c90ce193e268bb5641371b8a79fb0f033a184bac9896b3bc643c1aca9ee9c6478286ac20c SHA512 (PyYAML-5.1.tar.gz) = 8f27f92bdfa310a99dd6d83947332cc033fa18f0011998bb585ad5c4340a2da20d8c20bfdb53beaae15651198d1240c986818379b0a05b230f74d1f30f53e7fd SHA512 (rsa-4.7.2.tar.gz) = 63f561774dbaa10511167cba31e0f852e32b3250f2803edaa2729dc2b28baa2c42cb79dfbd49e38eb42ce82f665ed4c3d9dcc810c37380401e2c62202b1c7948 SHA512 (six-1.16.0.tar.gz) = 076fe31c8f03b0b52ff44346759c7dc8317da0972403b84dfe5898179f55acdba6c78827e0f8a53ff20afe8b76432c6fe0d655a75c24259d9acbaa4d9e8015c0