- Fix CVE-2023-43804.patch

- Update certifi to 2023.07.22
This commit is contained in:
eabdullin 2023-12-14 17:21:57 +03:00
parent 35e97c4bc2
commit fa59ce97fd
4 changed files with 85 additions and 9 deletions

View File

@ -19,8 +19,7 @@ e20df6c9635f1db9a3c891b9239b4319d88b1747 SOURCES/azure_mgmt_core-1.2.2-py2.py3-n
6ef53a76455b377b02b4774c32a04e241cdb24eb SOURCES/botocore-2.0.0dev123.zip
c953dcd6e69587e5b182d77255ed836172fea70a SOURCES/cachetools-4.2.2-py3-none-any.whl
0d12f48faa727f0979e9ad5c4c80dfa32b73caff SOURCES/cachetools-4.2.4.tar.gz
b13e22d55867e2ca5f92e5289cfdc21ba6e343aa SOURCES/certifi-2021.10.8.tar.gz
2fcaa39108a9c99700c6f3f4198fcaa47b8ed707 SOURCES/certifi-2021.5.30-py2.py3-none-any.whl
e8217d20c809f93bf1df6c57f38c9c56f406e1bb SOURCES/certifi-2023.7.22.tar.gz
17953cc85717e0f4501dbc7b5fb8e75d67dcdcd3 SOURCES/cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl
96faab7de7e9a71b37f22adb64daf2898e967e3e SOURCES/chardet-3.0.4-py2.py3-none-any.whl
e9eb83c71c09b3c8249bd7d6d2619b65fff03874 SOURCES/chardet-4.0.0-py2.py3-none-any.whl

3
.gitignore vendored
View File

@ -19,8 +19,7 @@ SOURCES/botocore-1.20.102-py2.py3-none-any.whl
SOURCES/botocore-2.0.0dev123.zip
SOURCES/cachetools-4.2.2-py3-none-any.whl
SOURCES/cachetools-4.2.4.tar.gz
SOURCES/certifi-2021.10.8.tar.gz
SOURCES/certifi-2021.5.30-py2.py3-none-any.whl
SOURCES/certifi-2023.7.22.tar.gz
SOURCES/cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl
SOURCES/chardet-3.0.4-py2.py3-none-any.whl
SOURCES/chardet-4.0.0-py2.py3-none-any.whl

View File

@ -0,0 +1,70 @@
From 644124ecd0b6e417c527191f866daa05a5a2056d Mon Sep 17 00:00:00 2001
From: Quentin Pradet <quentin.pradet@gmail.com>
Date: Mon, 2 Oct 2023 19:46:16 +0400
Subject: [PATCH] Merge pull request from GHSA-v845-jxx5-vc9f
---
CHANGES.rst | 5 ++++
docs/user-guide.rst | 3 +++
src/urllib3/util/retry.py | 2 +-
test/test_retry.py | 4 +--
test/with_dummyserver/test_poolmanager.py | 30 ++++++++++++++++++-----
5 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/kubevirt/urllib3/util/retry.py b/kubevirt/urllib3/util/retry.py
index ea48afe3ca..7572bfd26a 100644
--- a/kubevirt/urllib3/util/retry.py
+++ b/kubevirt/urllib3/util/retry.py
@@ -187,7 +187,7 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
#: Default maximum backoff time.
DEFAULT_BACKOFF_MAX = 120
--- a/aws/urllib3/util/retry.py
+++ b/aws/urllib3/util/retry.py
@@ -187,7 +187,7 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
#: Default maximum backoff time.
DEFAULT_BACKOFF_MAX = 120
--- a/awscli/urllib3/util/retry.py
+++ b/awscli/urllib3/util/retry.py
@@ -187,7 +187,7 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
#: Default maximum backoff time.
DEFAULT_BACKOFF_MAX = 120
--- a/azure/urllib3/util/retry.py
+++ b/azure/urllib3/util/retry.py
@@ -187,7 +187,7 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
#: Default maximum backoff time.
DEFAULT_BACKOFF_MAX = 120
--- a/google/urllib3/util/retry.py
+++ b/google/urllib3/util/retry.py
@@ -187,7 +187,7 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
#: Default maximum backoff time.
DEFAULT_BACKOFF_MAX = 120

View File

@ -18,7 +18,7 @@
%global kubernetes kubernetes
%global kubernetes_version 12.0.1
%global certifi certifi
%global certifi_version 2021.10.8
%global certifi_version 2023.7.22
%global googleauth google-auth
%global googleauth_version 2.3.0
%global cachetools cachetools
@ -59,7 +59,7 @@
Name: fence-agents
Summary: Set of unified programs capable of host isolation ("fencing")
Version: 4.10.0
Release: 55%{?alphatag:.%{alphatag}}%{?dist}
Release: 55%{?alphatag:.%{alphatag}}%{?dist}.2.alma.1
License: GPLv2+ and LGPLv2+
URL: https://github.com/ClusterLabs/fence-agents
Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
@ -109,7 +109,6 @@ Source1025: azure_mgmt_compute-21.0.0-py2.py3-none-any.whl
Source1026: azure_mgmt_core-1.2.2-py2.py3-none-any.whl
Source1027: azure_mgmt_network-19.0.0-py2.py3-none-any.whl
Source1028: azure-identity-1.10.0.zip
Source1029: certifi-2021.5.30-py2.py3-none-any.whl
Source1030: chardet-4.0.0-py2.py3-none-any.whl
Source1031: idna-2.10-py2.py3-none-any.whl
Source1032: isodate-0.6.0-py2.py3-none-any.whl
@ -242,6 +241,10 @@ Patch46: bz2224267-fence_ipmilan-fix-typos-in-metadata.patch
Patch1000: bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
Patch1001: bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
# Patches were taken from:
# https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d
Patch1002: CVE-2023-43804.patch
%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
%ifarch x86_64
%global testagents virsh heuristics_ping aliyun aws azure_arm gce openstack virt
@ -440,9 +443,10 @@ popd
%{__python3} -m pip install --user --no-index --find-links %{_sourcedir} setuptools-scm
%{__python3} -m pip install --target support/kubevirt --no-index --find-links %{_sourcedir} openshift
rm -rf kubevirt/rsa*
# Patch1001
pushd support
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1002}
popd
./autogen.sh
@ -600,7 +604,7 @@ Provides: bundled(python-azure-core) = 1.15.0
Provides: bundled(python-azure-mgmt-compute) = 21.0.0
Provides: bundled(python-azure-mgmt-core) = 1.2.2
Provides: bundled(python-azure-mgmt-network) = 19.0.0
Provides: bundled(python-certifi) = 2021.5.30
Provides: bundled(python-certifi) = %{certifi_version}
Provides: bundled(python-chardet) = 4.0.0
Provides: bundled(python-idna) = 2.10
Provides: bundled(python-isodate) = 0.6.0
@ -1477,6 +1481,10 @@ are located on corosync cluster nodes.
%endif
%changelog
* Thu Dec 14 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.10.0-55.2.alma.1
- Fix CVE-2023-43804.patch
- Update certifi to 2023.07.22
* Thu Aug 3 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-55
- bundled dateutil: fix tarfile CVE-2007-4559
Resolves: rhbz#2217902