Import from CS git

2025-10-07 07:48:57 +00:00 · 2025-08-27 15:05:20 +00:00 · 2025-08-26 09:25:15 +00:00
8 changed files with 534 additions and 1 deletions
--- a/SOURCES/RHEL-104741-1-kubevirt-fix-bundled-requests-CVE-2024-47081.patch
+++ b/SOURCES/RHEL-104741-1-kubevirt-fix-bundled-requests-CVE-2024-47081.patch
@ -0,0 +1,28 @@
+From 57acb7c26d809cf864ec439b8bcd6364702022d5 Mon Sep 17 00:00:00 2001
+From: Nate Prewitt <nate.prewitt@gmail.com>
+Date: Wed, 25 Sep 2024 08:03:20 -0700
+Subject: [PATCH] Only use hostname to do netrc lookup instead of netloc
+
+---
+ src/requests/utils.py | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/kubevirt/requests/utils.py b/kubevirt/requests/utils.py
+index 699683e5d9..8a307ca8a0 100644
+--- a/kubevirt/requests/utils.py
+++ b/kubevirt/requests/utils.py
+@@ -236,13 +236,7 @@ def get_netrc_auth(url, raise_errors=False):
+             return
+ 
+         ri = urlparse(url)
+-
+-        # Strip port numbers from netloc. This weird `if...encode`` dance is
+-        # used for Python 3.2, which doesn't support unicode literals.
+-        splitstr = b':'
+-        if isinstance(url, str):
+-            splitstr = splitstr.decode('ascii')
+-        host = ri.netloc.split(splitstr)[0]
+        host = ri.hostname
+ 
+         try:
+             _netrc = netrc(netrc_path).authenticators(host)
--- a/SOURCES/RHEL-104741-2-aliyun-aws-azure-fix-bundled-requests-CVE-2024-47081.patch
+++ b/SOURCES/RHEL-104741-2-aliyun-aws-azure-fix-bundled-requests-CVE-2024-47081.patch
@ -0,0 +1,66 @@
+From 57acb7c26d809cf864ec439b8bcd6364702022d5 Mon Sep 17 00:00:00 2001
+From: Nate Prewitt <nate.prewitt@gmail.com>
+Date: Wed, 25 Sep 2024 08:03:20 -0700
+Subject: [PATCH] Only use hostname to do netrc lookup instead of netloc
+
+---
+ src/requests/utils.py | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/aliyun/aliyunsdkcore/vendored/requests/utils.py b/aliyun/aliyunsdkcore/vendored/requests/utils.py
+index 699683e5d9..8a307ca8a0 100644
+--- a/aliyun/aliyunsdkcore/vendored/requests/utils.py
+++ b/aliyun/aliyunsdkcore/vendored/requests/utils.py
+@@ -182,13 +182,7 @@
+             return
+ 
+         ri = urlparse(url)
+-
+-        # Strip port numbers from netloc. This weird `if...encode`` dance is
+-        # used for Python 3.2, which doesn't support unicode literals.
+-        splitstr = b':'
+-        if isinstance(url, str):
+-            splitstr = splitstr.decode('ascii')
+-        host = ri.netloc.split(splitstr)[0]
+        host = ri.hostname
+ 
+         try:
+             _netrc = netrc(netrc_path).authenticators(host)
+diff --git a/aws/requests/utils.py b/aws/requests/utils.py
+index 699683e5d9..8a307ca8a0 100644
+--- a/aws/requests/utils.py
+++ b/aws/requests/utils.py
+@@ -236,13 +236,7 @@ def get_netrc_auth(url, raise_errors=False):
+             return
+ 
+         ri = urlparse(url)
+-
+-        # Strip port numbers from netloc. This weird `if...encode`` dance is
+-        # used for Python 3.2, which doesn't support unicode literals.
+-        splitstr = b':'
+-        if isinstance(url, str):
+-            splitstr = splitstr.decode('ascii')
+-        host = ri.netloc.split(splitstr)[0]
+        host = ri.hostname
+ 
+         try:
+             _netrc = netrc(netrc_path).authenticators(host)
+diff --git a/azure/requests/utils.py b/azure/requests/utils.py
+index 699683e5d9..8a307ca8a0 100644
+--- a/azure/requests/utils.py
+++ b/azure/requests/utils.py
+@@ -236,13 +236,7 @@ def get_netrc_auth(url, raise_errors=False):
+             return
+ 
+         ri = urlparse(url)
+-
+-        # Strip port numbers from netloc. This weird `if...encode`` dance is
+-        # used for Python 3.2, which doesn't support unicode literals.
+-        splitstr = b':'
+-        if isinstance(url, str):
+-            splitstr = splitstr.decode('ascii')
+-        host = ri.netloc.split(splitstr)[0]
+        host = ri.hostname
+ 
+         try:
+             _netrc = netrc(netrc_path).authenticators(host)
--- a/SOURCES/RHEL-107506-fence_ibm_vpc-add-apikey-file-support.patch
+++ b/SOURCES/RHEL-107506-fence_ibm_vpc-add-apikey-file-support.patch
@ -0,0 +1,50 @@
+From 9460728b18c648e390390d888ac856628366a521 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 7 Aug 2025 14:53:30 +0200
+Subject: [PATCH] fence_ibm_vpc: add apikey file support
+
+---
+ agents/ibm_vpc/fence_ibm_vpc.py | 23 ++++++++++++++++++++++-
+ 1 file changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/agents/ibm_vpc/fence_ibm_vpc.py b/agents/ibm_vpc/fence_ibm_vpc.py
+index efda5eed7..a87e9e6dc 100755
+--- a/agents/ibm_vpc/fence_ibm_vpc.py
+++ b/agents/ibm_vpc/fence_ibm_vpc.py
+@@ -7,7 +7,7 @@
+ import hashlib
+ sys.path.append("@FENCEAGENTSLIBDIR@")
+ from fencing import *
+-from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS, EC_GENERIC_ERROR
+from fencing import fail, run_delay, EC_BAD_ARGS, EC_LOGIN_DENIED, EC_STATUS, EC_GENERIC_ERROR
+ 
+ state = {
+ 	 "running": "on",
+@@ -315,6 +315,27 @@ def main():
+ 	####
+ 	run_delay(options)
+ 
+	if options["--apikey"][0] == '@':
+		key_file = options["--apikey"][1:]
+		try:
+			# read the API key from a file
+			with open(key_file, "r") as f:
+				try:
+					keys = json.loads(f.read())
+					# data seems to be in json format
+					# return the value of the item with the key 'Apikey'
+					options["--apikey"] = keys.get("Apikey", "")
+					if not options["--apikey"]:
+						# backward compatibility: former key name was 'apikey'
+						options["--apikey"] = keys.get("apikey", "")
+				# data is text, return as is
+				except ValueError:
+					f.seek(0)
+					options["--apikey"] = f.read().strip()
+		except FileNotFoundError:
+			logging.error("Failed: Cannot open file {}".format(key_file))
+			sys.exit(EC_BAD_ARGS)
+
+ 	conn = connect(options)
+ 	atexit.register(disconnect, conn)
+ 
--- a/SOURCES/RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch
+++ b/SOURCES/RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch
@ -0,0 +1,92 @@
+From 5cf006ffa3a948ccded3a55c15669f1d5efef5f5 Mon Sep 17 00:00:00 2001
+From: gguifelixamz <45173771+gguifelixamz@users.noreply.github.com>
+Date: Tue, 19 Aug 2025 02:04:53 -0700
+Subject: [PATCH] fence_aws: Add new skip_os_shutdown flag (#632)
+
+---
+ agents/aws/fence_aws.py           | 29 ++++++++++++++++++++++++++---
+ tests/data/metadata/fence_aws.xml |  5 +++++
+ 2 files changed, 31 insertions(+), 3 deletions(-)
+
+diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py
+index 5459a06c4..cddca4580 100644
+--- a/agents/aws/fence_aws.py
+++ b/agents/aws/fence_aws.py
+@@ -12,7 +12,7 @@
+ import requests
+ import boto3
+ from requests import HTTPError
+-from botocore.exceptions import ConnectionError, ClientError, EndpointConnectionError, NoRegionError
+from botocore.exceptions import ConnectionError, ClientError, EndpointConnectionError, NoRegionError, ParamValidationError
+ 
+ logger = logging.getLogger()
+ logger.propagate = False
+@@ -120,14 +120,28 @@ def get_self_power_status(conn, instance_id):
+ def set_power_status(conn, options):
+ 	my_instance = get_instance_id(options)
+ 	try:
+		if options.get("--skip-os-shutdown", "false").lower() in ["1", "yes", "on", "true"]:
+			shutdown_option = {
+				"SkipOsShutdown": True,
+				"Force": True
+			}
+		else:
+			shutdown_option = {
+				"SkipOsShutdown": False,
+				"Force": True
+			}
+ 		if (options["--action"]=="off"):
+ 			if "--skip-race-check" in options or get_self_power_status(conn,my_instance) == "ok":
+-				conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True)
+				conn.instances.filter(InstanceIds=[options["--plug"]]).stop(**shutdown_option)
+ 				logger.debug("Called StopInstance API call for %s", options["--plug"])
+ 			else:
+ 				logger.debug("Skipping fencing as instance is not in running status")
+ 		elif (options["--action"]=="on"):
+ 			conn.instances.filter(InstanceIds=[options["--plug"]]).start()
+	except ParamValidationError:
+		if (options["--action"] == "off"):
+			logger.warning(f"SkipOsShutdown not supported with the current boto3 version {boto3.__version__} - falling back to graceful shutdown")
+			conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True)
+ 	except Exception as e:
+ 		logger.debug("Failed to power %s %s: %s", \
+ 				options["--action"], options["--plug"], e)
+@@ -183,12 +197,21 @@ def define_new_opts():
+ 		"required": "0",
+ 		"order": 7
+ 	}
+	all_opt["skip_os_shutdown"] = {
+		"getopt" : ":",
+		"longopt" : "skip-os-shutdown",
+		"help" : "--skip-os-shutdown=[true|false]    Uses SkipOsShutdown flag",
+		"shortdesc" : "Use SkipOsShutdown flag to stop the EC2 instance",
+		"required" : "0",
+		"default" : "false",
+		"order" : 8
+	}
+ 
+ # Main agent method
+ def main():
+ 	conn = None
+ 
+-	device_opt = ["port", "no_password", "region", "access_key", "secret_key", "filter", "boto3_debug", "skip_race_check"]
+	device_opt = ["port", "no_password", "region", "access_key", "secret_key", "filter", "boto3_debug", "skip_race_check", "skip_os_shutdown"]
+ 
+ 	atexit.register(atexit_handler)
+ 
+diff --git a/tests/data/metadata/fence_aws.xml b/tests/data/metadata/fence_aws.xml
+index ad471c797..c53873bbe 100644
+--- a/tests/data/metadata/fence_aws.xml
+++ b/tests/data/metadata/fence_aws.xml
+@@ -51,6 +51,11 @@ For instructions see: https://boto3.readthedocs.io/en/latest/guide/quickstart.ht
+ 		<content type="boolean"  />
+ 		<shortdesc lang="en">Skip race condition check</shortdesc>
+ 	</parameter>
+	<parameter name="skip_os_shutdown" unique="0" required="0">
+		<getopt mixed="--skip-os-shutdown=[true|false]" />
+		<content type="string" default="false"  />
+		<shortdesc lang="en">Use SkipOsShutdown flag to stop the EC2 instance</shortdesc>
+	</parameter>
+ 	<parameter name="quiet" unique="0" required="0">
+ 		<getopt mixed="-q, --quiet" />
+ 		<content type="boolean"  />
--- a/SOURCES/RHEL-109814-2-botocore-add-SkipOsShutdown.patch
+++ b/SOURCES/RHEL-109814-2-botocore-add-SkipOsShutdown.patch
@ -0,0 +1,31 @@
+diff -uNr a/aws/botocore/data/ec2/2016-11-15/service-2.json b/aws/botocore/data/ec2/2016-11-15/service-2.json
+--- a/aws/botocore/data/ec2/2016-11-15/service-2.json	2025-08-19 11:21:50.328630448 +0200
+++ b/aws/botocore/data/ec2/2016-11-15/service-2.json	2025-08-19 11:25:37.767261040 +0200
+@@ -45844,7 +45844,11 @@
+         },
+         "Hibernate":{
+           "shape":"Boolean",
+-          "documentation":"<p>Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html\">Hibernate your instance</a> in the <i>Amazon EC2 User Guide</i>.</p> <p> Default: <code>false</code> </p>"
+          "documentation":"<p>Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html\">Hibernate your Amazon EC2 instance</a> in the <i>Amazon EC2 User Guide</i>.</p> <p> Default: <code>false</code> </p>"
+        },
+        "SkipOsShutdown":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether to bypass the graceful OS shutdown process when the instance is stopped.</p> <important> <p>Bypassing the graceful OS shutdown might result in data loss or corruption (for example, memory contents not flushed to disk or loss of in-flight IOs) or skipped shutdown scripts.</p> </important> <p>Default: <code>false</code> </p>"
+         },
+         "DryRun":{
+           "shape":"Boolean",
+@@ -46648,6 +46652,14 @@
+           "documentation":"<p>The IDs of the instances.</p> <p>Constraints: Up to 1000 instance IDs. We recommend breaking up this request into smaller batches.</p>",
+           "locationName":"InstanceId"
+         },
+        "Force":{
+          "shape":"Boolean",
+          "documentation":"<p>Forces the instances to terminate. The instance will first attempt a graceful shutdown, which includes flushing file system caches and metadata. If the graceful shutdown fails to complete within the timeout period, the instance shuts down forcibly without flushing the file system caches and metadata.</p>"
+        },
+        "SkipOsShutdown":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether to bypass the graceful OS shutdown process when the instance is terminated.</p> <p>Default: <code>false</code> </p>"
+        },
+         "DryRun":{
+           "shape":"Boolean",
+           "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>",
--- a/SOURCES/RHEL-96179-fence_kubevirt-force-off.patch
+++ b/SOURCES/RHEL-96179-fence_kubevirt-force-off.patch
@ -0,0 +1,23 @@
+From b6e05c57a73e5d9bdde7d133ba7ec43737a7c6b7 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Tue, 25 Feb 2025 16:11:32 +0100
+Subject: [PATCH] fence_kubevirt: set grace_period_seconds=0 to immediately
+ power off the node
+
+---
+ agents/kubevirt/fence_kubevirt.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/agents/kubevirt/fence_kubevirt.py b/agents/kubevirt/fence_kubevirt.py
+index e3817b0fb..8ba8ce8db 100755
+--- a/agents/kubevirt/fence_kubevirt.py
+++ b/agents/kubevirt/fence_kubevirt.py
+@@ -108,7 +108,7 @@ def define_new_opts():
+ def virtctl_vm_action(conn, action, namespace, name, apiversion):
+     path = '/apis/subresources.{api_version}/namespaces/{namespace}/virtualmachines/{name}/{action}'
+     path = path.format(api_version=apiversion, namespace=namespace, name=name, action=action)
+-    return conn.request('put', path, header_params={'accept': '*/*'})
+    return conn.request('put', path, header_params={'accept': '*/*'}, body={'gracePeriod': 0} if action == 'stop' else None)
+ 
+ # Main agent method
+ def main():
--- a/SOURCES/RHEL-99338-fence_aliyun-update.patch
+++ b/SOURCES/RHEL-99338-fence_aliyun-update.patch
@ -0,0 +1,209 @@
+--- a/agents/aliyun/fence_aliyun.py	2025-06-23 12:03:30.176181831 +0200
+++ b/agents/aliyun/fence_aliyun.py	2025-06-23 12:04:38.243037392 +0200
+@@ -1,53 +1,67 @@
+ #!@PYTHON@ -tt
+ 
+-import sys, re
+import sys
+ import logging
+ import atexit
+ import json
+
+ sys.path.append("@FENCEAGENTSLIBDIR@")
+ from fencing import *
+-from fencing import fail, fail_usage, EC_TIMED_OUT, run_delay
+from fencing import fail_usage, run_delay
+
+ 
+ try:
+ 	sys.path.insert(0, '/usr/lib/fence-agents/bundled/aliyun')
+ 	from aliyunsdkcore import client
+ 	from aliyunsdkcore.auth.credentials import EcsRamRoleCredential
+	from aliyunsdkcore.profile import region_provider
+except ImportError as e:
+	logging.warning("The 'aliyunsdkcore' module has been not installed or is unavailable, try to execute the command 'pip install aliyun-python-sdk-core --upgrade' to solve. error: %s" % e)
+
+
+try:
+ 	from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest
+ 	from aliyunsdkecs.request.v20140526.StartInstanceRequest import StartInstanceRequest
+ 	from aliyunsdkecs.request.v20140526.StopInstanceRequest import StopInstanceRequest
+ 	from aliyunsdkecs.request.v20140526.RebootInstanceRequest import RebootInstanceRequest
+-	from aliyunsdkcore.profile import region_provider
+-except ImportError:
+-	pass
+except ImportError as e:
+	logging.warning("The 'aliyunsdkecs' module has been not installed or is unavailable, try to execute the command 'pip install aliyun-python-sdk-ecs --upgrade' to solve. error: %s" % e)
+
+ 
+ def _send_request(conn, request):
+	logging.debug("send request action: %s" % request.get_action_name())
+ 	request.set_accept_format('json')
+ 	try:
+ 		response_str = conn.do_action_with_exception(request)
+-		response_detail = json.loads(response_str)
+-		logging.debug("_send_request reponse: %s" % response_detail)
+-		return response_detail
+ 	except Exception as e:
+-		fail_usage("Failed: _send_request failed: %s" % e)
+		fail_usage("Failed: send request failed: Error: %s" % e)
+
+	response_detail = json.loads(response_str)
+	logging.debug("reponse: %s" % response_detail)
+	return response_detail
+ 
+ def start_instance(conn, instance_id):
+	logging.debug("start instance %s" % instance_id)
+ 	request = StartInstanceRequest()
+ 	request.set_InstanceId(instance_id)
+ 	_send_request(conn, request)
+ 
+ def stop_instance(conn, instance_id):
+	logging.debug("stop instance %s" % instance_id)
+ 	request = StopInstanceRequest()
+ 	request.set_InstanceId(instance_id)
+ 	request.set_ForceStop('true')
+ 	_send_request(conn, request)
+ 
+ def reboot_instance(conn, instance_id):
+	logging.debug("reboot instance %s" % instance_id)
+ 	request = RebootInstanceRequest()
+ 	request.set_InstanceId(instance_id)
+ 	request.set_ForceStop('true')
+ 	_send_request(conn, request)
+ 
+ def get_status(conn, instance_id):
+	logging.debug("get instance %s status" % instance_id)
+ 	request = DescribeInstancesRequest()
+ 	request.set_InstanceIds(json.dumps([instance_id]))
+ 	response = _send_request(conn, request)
+@@ -59,20 +73,30 @@
+ 	return instance_status
+ 
+ def get_nodes_list(conn, options):
+	logging.debug("start to get nodes list")
+ 	result = {}
+ 	request = DescribeInstancesRequest()
+ 	request.set_PageSize(100)
+
+	if "--filter" in options:
+		filter_key = options["--filter"].split("=")[0].strip()
+		filter_value = options["--filter"].split("=")[1].strip()
+		params = request.get_query_params()
+		params[filter_key] = filter_value
+		request.set_query_params(params)
+
+ 	response = _send_request(conn, request)
+-	instance_status = None
+ 	if response is not None:
+ 		instance_list = response.get('Instances').get('Instance')
+ 		for item in instance_list:
+ 			instance_id = item.get('InstanceId')
+ 			instance_name = item.get('InstanceName')
+ 			result[instance_id] = (instance_name, None)
+	logging.debug("get nodes list: %s" % result)
+ 	return result
+ 
+ def get_power_status(conn, options):
+	logging.debug("start to get power(%s) status" % options["--plug"])
+ 	state = get_status(conn, options["--plug"])
+ 
+ 	if state == "Running":
+@@ -81,14 +105,11 @@
+ 		status = "off"
+ 	else:
+ 		status = "unknown"
+-
+-	logging.info("get_power_status: %s" % status)
+-
+	logging.debug("the power(%s) status is %s" % (options["--plug"], status))
+ 	return status
+ 
+-
+ def set_power_status(conn, options):
+-	logging.info("set_power_status: %s" % options["--action"])
+	logging.info("start to set power(%s) status to %s" % (options["--plug"], options["--action"]))
+ 
+ 	if (options["--action"]=="off"):
+ 		stop_instance(conn, options["--plug"])
+@@ -97,7 +118,6 @@
+ 	elif (options["--action"]=="reboot"):
+ 		reboot_instance(conn, options["--plug"])
+ 
+-
+ def define_new_opts():
+ 	all_opt["region"] = {
+ 		"getopt" : "r:",
+@@ -126,17 +146,42 @@
+ 	all_opt["ram_role"] = {
+ 		"getopt": ":",
+ 		"longopt": "ram-role",
+-		"help": "--ram-role=[name]        Ram Role",
+		"help": "--ram-role=[name]              Ram Role",
+ 		"shortdesc": "Ram Role.",
+ 		"required": "0",
+ 		"order": 5
+ 	}
+	all_opt["credentials_file"] = {
+		"getopt": ":",
+		"longopt": "credentials-file",
+		"help": "--credentials-file=[path]            Path to aliyun-cli credentials file",
+		"shortdesc": "Path to credentials file",
+		"required": "0",
+		"order": 6
+	}
+	all_opt["credentials_file_profile"] = {
+		"getopt": ":",
+		"longopt": "credentials-file-profile",
+		"help": "--credentials-file-profile=[profile] Credentials file profile",
+		"shortdesc": "Credentials file profile",
+		"required": "0",
+		"default": "default",
+		"order": 7
+	}
+	all_opt["filter"] = {
+		"getopt": ":",
+		"longopt": "filter",
+		"help": "--filter=[key=value]           Filter (e.g. InstanceIds=[\"i-XXYYZZAA1\",\"i-XXYYZZAA2\"]",
+		"shortdesc": "Filter for list-action.",
+		"required": "0",
+		"order": 8
+	}
+ 
+ # Main agent method
+ def main():
+ 	conn = None
+ 
+-	device_opt = ["port", "no_password", "region", "access_key", "secret_key", "ram_role"]
+	device_opt = ["port", "no_password", "region", "access_key", "secret_key", "ram_role", "credentials_file", "credentials_file_profile", "filter"]
+ 
+ 	atexit.register(atexit_handler)
+ 
+@@ -164,8 +209,25 @@
+ 			ram_role = options["--ram-role"]
+ 			role = EcsRamRoleCredential(ram_role)
+ 			conn = client.AcsClient(region_id=region, credential=role)
+-		region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region)
+-		
+		elif "--credentials-file" in options and "--credentials-file-profile" in options:
+			import os, configparser
+			try:
+				config = configparser.ConfigParser()
+				config.read(os.path.expanduser(options["--credentials-file"]))
+				access_key = config.get(options["--credentials-file-profile"], "aliyun_access_key_id")
+				secret_key = config.get(options["--credentials-file-profile"], "aliyun_access_key_secret")
+				conn = client.AcsClient(access_key, secret_key, region)
+			except Exception as e:
+				fail_usage("Failed: failed to read credentials file: %s" % e)
+		else:
+			fail_usage("Failed: User credentials are not set. Please set the Access Key and the Secret Key, or configure the RAM role.")
+
+		# Use intranet endpoint to access ECS service
+		try:
+			region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region)
+		except Exception as e:
+			logging.warning("Failed: failed to modify endpoint to 'ecs.%s.aliyuncs.com': %s" % (region, e))
+
+ 	# Operate the fencing device
+ 	result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list)
+ 	sys.exit(result)
--- a/SPECS/fence-agents.spec
+++ b/SPECS/fence-agents.spec
@ -87,7 +87,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.2.1
-Release: 129%{?alphatag:.%{alphatag}}%{?dist}.8
+Release: 129%{?alphatag:.%{alphatag}}%{?dist}.15
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Base
 URL: https://github.com/ClusterLabs/fence-agents
@ -316,6 +316,10 @@ Patch143: RHEL-7734-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patc
 Patch144: RHEL-56840-fence_scsi-only-preempt-once-for-mpath-devices.patch
 Patch145: RHEL-76492-fence_azure_arm-use-azure-identity.patch
 Patch146: RHEL-65025-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch
+Patch147: RHEL-99338-fence_aliyun-update.patch
+Patch148: RHEL-107506-fence_ibm_vpc-add-apikey-file-support.patch
+Patch149: RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch
+Patch150: RHEL-96179-fence_kubevirt-force-off.patch

 ### HA support libs/utils ###
 # all archs
@ -324,9 +328,12 @@ Patch1001: RHEL-22174-kubevirt-fix-bundled-jinja2-CVE-2024-22195.patch
 Patch1002: RHEL-35655-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch
 Patch1003: RHEL-43568-1-kubevirt-fix-bundled-urllib3-CVE-2024-37891.patch
 Patch1004: RHEL-50223-setuptools-fix-CVE-2024-6345.patch
+Patch1005: RHEL-104741-1-kubevirt-fix-bundled-requests-CVE-2024-47081.patch
 # cloud (x86_64 only)
 Patch2000: bz2218234-2-aws-fix-bundled-dateutil-CVE-2007-4559.patch
 Patch2001: RHEL-43568-2-aws-fix-bundled-urllib3-CVE-2024-37891.patch
+Patch2002: RHEL-104741-2-aliyun-aws-azure-fix-bundled-requests-CVE-2024-47081.patch
+Patch2003: RHEL-109814-2-botocore-add-SkipOsShutdown.patch

 %if 0%{?fedora} || 0%{?rhel} > 7
 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
@ -551,6 +558,10 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja
 %patch -p1 -P 144
 %patch -p1 -P 145
 %patch -p1 -P 146
+%patch -p1 -P 147
+%patch -p1 -P 148
+%patch -p1 -P 149
+%patch -p1 -P 150

 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@ -673,10 +684,13 @@ pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=1 < %{PATCH1002}
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1003}
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1004}
+/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1005}

 %ifarch x86_64
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000}
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2001}
+/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2002}
+/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2003}
 %endif
 popd

@ -1597,6 +1611,26 @@ Fence agent for IBM z/VM over IP.
 %endif

 %changelog
+* Fri Sep 12 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.15
+- fence_kubevirt: use hard poweroff
+  Resolves: RHEL-96179
+
+* Thu Aug 21 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.14
+- fence_aws: add skip_os_shutdown parameter
+  Resolves: RHEL-109814
+
+* Fri Aug 15 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.13
+- bundled requests: fix CVE-2024-47081
+  Resolves: RHEL-104741
+
+* Tue Aug 12 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.12
+- fence_ibm_vpc: add apikey file support
+  Resolves: RHEL-107506
+
+* Tue Aug  5 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.11
+- fence_aliyun: add credentials file support
+  Resolves: RHEL-99338
+
 * Fri Apr 25 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.8
 - fence_ibm_powervs: add private endpoint and token file support
  Resolves: RHEL-65025
Author	SHA1	Message	Date
eabdullin	9929d5f165	Import from CS git	2025-10-07 07:48:57 +00:00
eabdullin	e1ef230404	Import from CS git	2025-08-27 15:05:20 +00:00
eabdullin	bf8a809d56	Import from CS git	2025-08-26 09:25:15 +00:00