8 changed files with 4 additions and 772 deletions
--- a/.gitignore
+++ b/.gitignore
@ -34,4 +34,4 @@ SOURCES/setuptools_scm-6.3.2.tar.gz
 SOURCES/six-1.16.0.tar.gz
 SOURCES/tomli-1.0.1.tar.gz
 SOURCES/urllib3-1.26.18.tar.gz
-SOURCES/websocket-client-1.2.1.tar.gz
+SOURCES/websocket-client-1.2.1.tar.gz
--- a/SOURCES/RHEL-35655-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch
+++ b/SOURCES/RHEL-35655-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch
@ -1,65 +0,0 @@
-From d655030770081e2dfe46f90e27620472a502289d Mon Sep 17 00:00:00 2001
-From: David Lord <davidism@gmail.com>
-Date: Thu, 2 May 2024 09:14:00 -0700
-Subject: [PATCH] disallow invalid characters in keys to xmlattr filter
-
---
- CHANGES.rst           |  6 ++++++
- src/jinja2/filters.py | 22 +++++++++++++++++-----
- tests/test_filters.py | 11 ++++++-----
- 3 files changed, 29 insertions(+), 10 deletions(-)
-
-diff --git a/kubevirt/jinja2/filters.py b/kubevirt/jinja2/filters.py
-index 4cf3c11fb..acd11976e 100644
--- a/kubevirt/jinja2/filters.py
-+++ b/kubevirt/jinja2/filters.py
-@@ -250,7 +250,9 @@ def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K
-     yield from value.items()
- 
- 
-_space_re = re.compile(r"\s", flags=re.ASCII)
-+# Check for characters that would move the parser state from key to value.
-+# https://html.spec.whatwg.org/#attribute-name-state
-+_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
- 
- 
- @pass_eval_context
-@@ -259,8 +261,14 @@ def do_xmlattr(
- ) -> str:
-     """Create an SGML/XML attribute string based on the items in a dict.
- 
-    If any key contains a space, this fails with a ``ValueError``. Values that
-    are neither ``none`` nor ``undefined`` are automatically escaped.
-+    **Values** that are neither ``none`` nor ``undefined`` are automatically
-+    escaped, safely allowing untrusted user input.
-+
-+    User input should not be used as **keys** to this filter. If any key
-+    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
-+    sign, this fails with a ``ValueError``. Regardless of this, user input
-+    should never be used as keys to this filter, or must be separately validated
-+    first.
- 
-     .. sourcecode:: html+jinja
- 
-@@ -280,6 +288,10 @@ def do_xmlattr(
-     As you can see it automatically prepends a space in front of the item
-     if the filter returned something unless the second parameter is false.
- 
-+    .. versionchanged:: 3.1.4
-+        Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
-+        are not allowed.
-+
-     .. versionchanged:: 3.1.3
-         Keys with spaces are not allowed.
-     """
-@@ -289,8 +301,8 @@ def do_xmlattr(
-         if value is None or isinstance(value, Undefined):
-             continue
- 
-        if _space_re.search(key) is not None:
-            raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
-+        if _attr_key_re.search(key) is not None:
-+            raise ValueError(f"Invalid character in attribute name: {key!r}")
- 
-         items.append(f'{escape(key)}="{escape(value)}"')
- 
--- a/SOURCES/RHEL-43568-1-kubevirt-fix-bundled-urllib3-CVE-2024-37891.patch
+++ b/SOURCES/RHEL-43568-1-kubevirt-fix-bundled-urllib3-CVE-2024-37891.patch
@ -1,32 +0,0 @@
-From accff72ecc2f6cf5a76d9570198a93ac7c90270e Mon Sep 17 00:00:00 2001
-From: Quentin Pradet <quentin.pradet@gmail.com>
-Date: Mon, 17 Jun 2024 11:09:06 +0400
-Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf
-
-* Strip Proxy-Authorization header on redirects
-
-* Fix test_retry_default_remove_headers_on_redirect
-
-* Set release date
---
- CHANGES.rst                               |  5 +++++
- src/urllib3/util/retry.py                 |  4 +++-
- test/test_retry.py                        |  6 ++++-
- test/with_dummyserver/test_poolmanager.py | 27 ++++++++++++++++++++---
- 4 files changed, 37 insertions(+), 5 deletions(-)
-
-diff --git a/kubevirt/urllib3/util/retry.py b/kubevirt/urllib3/util/retry.py
-index 7a76a4a6ad..0456cceba4 100644
--- a/kubevirt/urllib3/util/retry.py
-+++ b/kubevirt/urllib3/util/retry.py
-@@ -189,7 +189,9 @@ class Retry:
-     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
- 
-     #: Default headers to be used for ``remove_headers_on_redirect``
-    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
-+    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
-+        ["Cookie", "Authorization", "Proxy-Authorization"]
-+    )
- 
-     #: Default maximum backoff time.
-     DEFAULT_BACKOFF_MAX = 120
--- a/SOURCES/RHEL-43568-2-aws-fix-bundled-urllib3-CVE-2024-37891.patch
+++ b/SOURCES/RHEL-43568-2-aws-fix-bundled-urllib3-CVE-2024-37891.patch
@ -1,32 +0,0 @@
-From accff72ecc2f6cf5a76d9570198a93ac7c90270e Mon Sep 17 00:00:00 2001
-From: Quentin Pradet <quentin.pradet@gmail.com>
-Date: Mon, 17 Jun 2024 11:09:06 +0400
-Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf
-
-* Strip Proxy-Authorization header on redirects
-
-* Fix test_retry_default_remove_headers_on_redirect
-
-* Set release date
---
- CHANGES.rst                               |  5 +++++
- src/urllib3/util/retry.py                 |  4 +++-
- test/test_retry.py                        |  6 ++++-
- test/with_dummyserver/test_poolmanager.py | 27 ++++++++++++++++++++---
- 4 files changed, 37 insertions(+), 5 deletions(-)
-
-diff --git a/aws/urllib3/util/retry.py b/aws/urllib3/util/retry.py
-index 7a76a4a6ad..0456cceba4 100644
--- a/aws/urllib3/util/retry.py
-+++ b/aws/urllib3/util/retry.py
-@@ -189,7 +189,9 @@ class Retry:
-     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
- 
-     #: Default headers to be used for ``remove_headers_on_redirect``
-    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
-+    DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
-+        ["Cookie", "Authorization", "Proxy-Authorization"]
-+    )
- 
-     #: Default maximum backoff time.
-     DEFAULT_BACKOFF_MAX = 120
--- a/SOURCES/RHEL-50223-setuptools-fix-CVE-2024-6345.patch
+++ b/SOURCES/RHEL-50223-setuptools-fix-CVE-2024-6345.patch
@ -1,203 +0,0 @@
-diff --color -uNr a/kubevirt/setuptools/package_index.py b/kubevirt/setuptools/package_index.py
--- a/kubevirt/setuptools/package_index.py	2021-10-22 22:55:51.000000000 +0200
-+++ b/kubevirt/setuptools/package_index.py	2024-07-24 14:06:14.833852463 +0200
-@@ -1,5 +1,6 @@
- """PyPI and direct package downloading"""
- import sys
-+import subprocess
- import os
- import re
- import io
-@@ -558,7 +559,7 @@
-             scheme = URL_SCHEME(spec)
-             if scheme:
-                 # It's a url, download it to tmpdir
-                found = self._download_url(scheme.group(1), spec, tmpdir)
-+                found = self._download_url(spec, tmpdir)
-                 base, fragment = egg_info_for_url(spec)
-                 if base.endswith('.py'):
-                     found = self.gen_setup(found, fragment, tmpdir)
-@@ -777,7 +778,7 @@
-                 raise DistutilsError("Download error for %s: %s"
-                                      % (url, v)) from v
- 
-    def _download_url(self, scheme, url, tmpdir):
-+    def _download_url(self, url, tmpdir):
-         # Determine download filename
-         #
-         name, fragment = egg_info_for_url(url)
-@@ -792,19 +793,59 @@
- 
-         filename = os.path.join(tmpdir, name)
- 
-        # Download the file
-        #
-        if scheme == 'svn' or scheme.startswith('svn+'):
-            return self._download_svn(url, filename)
-        elif scheme == 'git' or scheme.startswith('git+'):
-            return self._download_git(url, filename)
-        elif scheme.startswith('hg+'):
-            return self._download_hg(url, filename)
-        elif scheme == 'file':
-            return urllib.request.url2pathname(urllib.parse.urlparse(url)[2])
-        else:
-            self.url_ok(url, True)  # raises error if not allowed
-            return self._attempt_download(url, filename)
-+        return self._download_vcs(url, filename) or self._download_other(url, filename)
-+
-+    @staticmethod
-+    def _resolve_vcs(url):
-+        """
-+        >>> rvcs = PackageIndex._resolve_vcs
-+        >>> rvcs('git+http://foo/bar')
-+        'git'
-+        >>> rvcs('hg+https://foo/bar')
-+        'hg'
-+        >>> rvcs('git:myhost')
-+        'git'
-+        >>> rvcs('hg:myhost')
-+        >>> rvcs('http://foo/bar')
-+        """
-+        scheme = urllib.parse.urlsplit(url).scheme
-+        pre, sep, post = scheme.partition('+')
-+        # svn and git have their own protocol; hg does not
-+        allowed = set(['svn', 'git'] + ['hg'] * bool(sep))
-+        return next(iter({pre} & allowed), None)
-+
-+    def _download_vcs(self, url, spec_filename):
-+        vcs = self._resolve_vcs(url)
-+        if not vcs:
-+            return
-+        if vcs == 'svn':
-+            raise DistutilsError(
-+                f"Invalid config, SVN download is not supported: {url}"
-+            )
-+
-+        filename, _, _ = spec_filename.partition('#')
-+        url, rev = self._vcs_split_rev_from_url(url)
-+
-+        self.info(f"Doing {vcs} clone from {url} to {filename}")
-+        subprocess.check_call([vcs, 'clone', '--quiet', url, filename])
-+
-+        co_commands = dict(
-+            git=[vcs, '-C', filename, 'checkout', '--quiet', rev],
-+            hg=[vcs, '--cwd', filename, 'up', '-C', '-r', rev, '-q'],
-+        )
-+        if rev is not None:
-+            self.info(f"Checking out {rev}")
-+            subprocess.check_call(co_commands[vcs])
-+
-+        return filename
-+
-+    def _download_other(self, url, filename):
-+        scheme = urllib.parse.urlsplit(url).scheme
-+        if scheme == 'file':  # pragma: no cover
-+            return urllib.request.url2pathname(urllib.parse.urlparse(url).path)
-+        # raise error if not allowed
-+        self.url_ok(url, True)
-+        return self._attempt_download(url, filename)
- 
-     def scan_url(self, url):
-         self.process_url(url, True)
-@@ -831,77 +872,37 @@
-         os.unlink(filename)
-         raise DistutilsError("Unexpected HTML page found at " + url)
- 
-    def _download_svn(self, url, filename):
-        warnings.warn("SVN download support is deprecated", UserWarning)
-        url = url.split('#', 1)[0]  # remove any fragment for svn's sake
-        creds = ''
-        if url.lower().startswith('svn:') and '@' in url:
-            scheme, netloc, path, p, q, f = urllib.parse.urlparse(url)
-            if not netloc and path.startswith('//') and '/' in path[2:]:
-                netloc, path = path[2:].split('/', 1)
-                auth, host = _splituser(netloc)
-                if auth:
-                    if ':' in auth:
-                        user, pw = auth.split(':', 1)
-                        creds = " --username=%s --password=%s" % (user, pw)
-                    else:
-                        creds = " --username=" + auth
-                    netloc = host
-                    parts = scheme, netloc, url, p, q, f
-                    url = urllib.parse.urlunparse(parts)
-        self.info("Doing subversion checkout from %s to %s", url, filename)
-        os.system("svn checkout%s -q %s %s" % (creds, url, filename))
-        return filename
-
-     @staticmethod
-    def _vcs_split_rev_from_url(url, pop_prefix=False):
-        scheme, netloc, path, query, frag = urllib.parse.urlsplit(url)
-
-        scheme = scheme.split('+', 1)[-1]
-
-        # Some fragment identification fails
-        path = path.split('#', 1)[0]
-
-        rev = None
-        if '@' in path:
-            path, rev = path.rsplit('@', 1)
-
-        # Also, discard fragment
-        url = urllib.parse.urlunsplit((scheme, netloc, path, query, ''))
-
-        return url, rev
-
-    def _download_git(self, url, filename):
-        filename = filename.split('#', 1)[0]
-        url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
-
-        self.info("Doing git clone from %s to %s", url, filename)
-        os.system("git clone --quiet %s %s" % (url, filename))
-+    def _vcs_split_rev_from_url(url):
-+        """
-+        Given a possible VCS URL, return a clean URL and resolved revision if any.
- 
-        if rev is not None:
-            self.info("Checking out %s", rev)
-            os.system("git -C %s checkout --quiet %s" % (
-                filename,
-                rev,
-            ))
-+        >>> vsrfu = PackageIndex._vcs_split_rev_from_url
-+        >>> vsrfu('git+https://github.com/pypa/setuptools@v69.0.0#egg-info=setuptools')
-+        ('https://github.com/pypa/setuptools', 'v69.0.0')
-+        >>> vsrfu('git+https://github.com/pypa/setuptools#egg-info=setuptools')
-+        ('https://github.com/pypa/setuptools', None)
-+        >>> vsrfu('http://foo/bar')
-+        ('http://foo/bar', None)
-+        """
-+	parts = urllib.parse.urlsplit(url)
- 
-        return filename
-+        clean_scheme = parts.scheme.split('+', 1)[-1]
- 
-    def _download_hg(self, url, filename):
-        filename = filename.split('#', 1)[0]
-        url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
-+        # Some fragment identification fails
-+        no_fragment_path, _, _ = parts.path.partition('#')
- 
-        self.info("Doing hg clone from %s to %s", url, filename)
-        os.system("hg clone --quiet %s %s" % (url, filename))
-+        pre, sep, post = no_fragment_path.rpartition('@')
-+        clean_path, rev = (pre, post) if sep else (post, None)
- 
-        if rev is not None:
-            self.info("Updating to %s", rev)
-            os.system("hg --cwd %s up -C -r %s -q" % (
-                filename,
-                rev,
-            ))
-+        resolved = parts._replace(
-+            scheme=clean_scheme,
-+            path=clean_path,
-+            # discard the fragment
-+            fragment='',
-+        ).geturl()
- 
-        return filename
-+        return resolved, rev
- 
-     def debug(self, msg, *args):
-         log.debug(msg, *args)
--- a/SOURCES/RHEL-56840-fence_scsi-only-preempt-once-for-mpath-devices.patch
+++ b/SOURCES/RHEL-56840-fence_scsi-only-preempt-once-for-mpath-devices.patch
@ -1,40 +0,0 @@
-From cb57f1c2ee734a40d01249305965ea4ecdf02039 Mon Sep 17 00:00:00 2001
-From: Oyvind Albrigtsen <oalbrigt@redhat.com>
-Date: Thu, 5 Sep 2024 09:06:34 +0200
-Subject: [PATCH] fence_scsi: preempt clears all devices on the mpath device,
- so only run it for the first device
-
---
- agents/scsi/fence_scsi.py | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
-index a1598411c..12f7fb49b 100644
--- a/agents/scsi/fence_scsi.py
-+++ b/agents/scsi/fence_scsi.py
-@@ -131,11 +131,13 @@ def reset_dev(options, dev):
- 	return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"]
- 
- 
-def register_dev(options, dev, key):
-+def register_dev(options, dev, key, do_preempt=True):
- 	dev = os.path.realpath(dev)
- 	if re.search(r"^dm", dev[5:]):
-		for slave in get_mpath_slaves(dev):
-			register_dev(options, slave, key)
-+		devices = get_mpath_slaves(dev)
-+		register_dev(options, devices[0], key)
-+		for device in devices[1:]:
-+			register_dev(options, device, key, False)
- 		return True
- 
- 	# Check if any registration exists for the key already. We track this in
-@@ -153,7 +155,7 @@ def register_dev(options, dev, key):
- 		# If key matches, make sure it matches with the connection that
- 		# exists right now. To do this, we can issue a preempt with same key
- 		# which should replace the old invalid entries from the target.
-		if not preempt(options, key, dev, key):
-+		if do_preempt and not preempt(options, key, dev, key):
- 			return False
- 
- 		# If there was no reservation, we need to issue another registration
--- a/SOURCES/RHEL-7734-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch
+++ b/SOURCES/RHEL-7734-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch
@ -1,365 +0,0 @@
-From 55451b6fd007e6f9a6d6860e95304b7c5c27cc1b Mon Sep 17 00:00:00 2001
-From: Oyvind Albrigtsen <oalbrigt@redhat.com>
-Date: Thu, 2 May 2024 15:10:16 +0200
-Subject: [PATCH 1/2] fencing: add support for docs["agent_name"] to use the
- main agent name when generating manpages
-
---
- lib/fencing.py.py                 | 12 +++++++++---
- tests/data/metadata/fence_eps.xml |  9 ++++++---
- 2 files changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/lib/fencing.py.py b/lib/fencing.py.py
-index 511eb2689..66e2ff156 100644
--- a/lib/fencing.py.py
-+++ b/lib/fencing.py.py
-@@ -603,7 +603,7 @@ def usage(avail_opt):
- 		if len(value["help"]) != 0:
- 			print("   " + _join_wrap([value["help"]], first_indent=3))
- 
-def metadata(options, avail_opt, docs):
-+def metadata(options, avail_opt, docs, agent_name=os.path.basename(sys.argv[0])):
- 	# avail_opt has to be unique, if there are duplicities then they should be removed
- 	sorted_list = [(key, all_opt[key]) for key in list(set(avail_opt)) if "longopt" in all_opt[key]]
- 	# Find keys that are going to replace inconsistent names
-@@ -617,7 +617,7 @@ def metadata(options, avail_opt, docs):
-                docs["longdesc"] = re.sub(r"\\f[BPIR]|\.P|\.TP|\.br\n", r"", docs["longdesc"])
- 
- 	print("<?xml version=\"1.0\" ?>")
-	print("<resource-agent name=\"" + os.path.basename(sys.argv[0]) + \
-+	print("<resource-agent name=\"" + agent_name + \
- 			"\" shortdesc=\"" + docs["shortdesc"] + "\" >")
- 	for (symlink, desc) in docs.get("symlink", []):
- 		print("<symlink name=\"" + symlink + "\" shortdesc=\"" + desc + "\"/>")
-@@ -928,9 +928,15 @@ def show_docs(options, docs=None):
- 		sys.exit(0)
- 
- 	if options.get("--action", "") in ["metadata", "manpage"]:
-+		if options["--action"] == "metadata" or "agent_name" not in docs:
-+			agent_name=os.path.basename(sys.argv[0])
-+		else:
-+			agent_name=docs["agent_name"]
-+
-+
- 		if "port_as_ip" in device_opt:
- 			device_opt.remove("separator")
-		metadata(options, device_opt, docs)
-+		metadata(options, device_opt, docs, agent_name)
- 		sys.exit(0)
- 
- 	if "--version" in options:
-diff --git a/tests/data/metadata/fence_eps.xml b/tests/data/metadata/fence_eps.xml
-index 3f9ebdc22..a3aeb1aea 100644
--- a/tests/data/metadata/fence_eps.xml
-+++ b/tests/data/metadata/fence_eps.xml
-@@ -1,9 +1,12 @@
- <?xml version="1.0" ?>
- <resource-agent name="fence_eps" shortdesc="Fence agent for ePowerSwitch" >
-<longdesc>fence_eps is a Power Fencing agent which can be used with the ePowerSwitch 8M+ power switch to fence connected machines. Fence agent works ONLY on 8M+ device, because this is only one, which has support for hidden page feature. 
-+<symlink name="fence_epsr2" shortdesc="Fence agent for ePowerSwitch R2 and newer"/>
-+<longdesc>fence_eps is a Power Fencing agent which can be used with the ePowerSwitch 8M+ power switch to fence connected machines. It ONLY works on 8M+ devices, as they support the hidden page feature. 
- 
-Agent basically works by connecting to hidden page and pass appropriate arguments to GET request. This means, that hidden page feature must be enabled and properly configured.</longdesc>
-<vendor-url>http://www.epowerswitch.com</vendor-url>
-+The agent works by connecting to the hidden page and pass the appropriate arguments to GET request. This means, that the hidden page feature must be enabled and properly configured. 
-+
-+NOTE: In most cases you want to use fence_epsr2, as fence_eps only works with older hardware.</longdesc>
-+<vendor-url>https://www.neol.com</vendor-url>
- <parameters>
- 	<parameter name="action" unique="0" required="1">
- 		<getopt mixed="-o, --action=[action]" />
-
-From 639f5293e0b2c0153ea01bf37534b74f436dd630 Mon Sep 17 00:00:00 2001
-From: Oyvind Albrigtsen <oalbrigt@redhat.com>
-Date: Tue, 13 Feb 2024 11:11:25 +0100
-Subject: [PATCH 2/2] fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer
-
---
- agents/eps/fence_eps.py             |  46 ++++---
- fence-agents.spec.in                |   4 +-
- tests/data/metadata/fence_epsr2.xml | 178 ++++++++++++++++++++++++++++
- 3 files changed, 211 insertions(+), 17 deletions(-)
- create mode 100644 tests/data/metadata/fence_epsr2.xml
-
-diff --git a/agents/eps/fence_eps.py b/agents/eps/fence_eps.py
-index 81e439533..1e6bda099 100644
--- a/agents/eps/fence_eps.py
-+++ b/agents/eps/fence_eps.py
-@@ -3,8 +3,8 @@
- # The Following Agent Has Been Tested On:
- # ePowerSwitch 8M+ version 1.0.0.4
- 
-import sys, re
-import base64, string, socket
-+import sys, os, re
-+import base64, socket
- import logging
- import atexit
- sys.path.append("@FENCEAGENTSLIBDIR@")
-@@ -37,7 +37,7 @@ def eps_run_command(options, params):
- 				options["--password"] = "" # Default is empty password
- 
- 			# String for Authorization header
-			auth_str = 'Basic ' + string.strip(base64.encodestring(options["--username"]+':'+options["--password"]))
-+			auth_str = 'Basic ' + str(base64.encodebytes(bytes(options["--username"]+':'+options["--password"], "utf-8")).decode("utf-8").strip())
- 			logging.debug("Authorization: %s\n", auth_str)
- 			conn.putheader('Authorization', auth_str)
- 
-@@ -60,16 +60,22 @@ def eps_run_command(options, params):
- 		logging.error("Failed: {}".format(str(e)))
- 		fail(EC_LOGIN_DENIED)
- 
-	return result
-+	return result.decode("utf-8", "ignore")
- 
- def get_power_status(conn, options):
- 	del conn
- 	ret_val = eps_run_command(options, "")
- 
- 	result = {}
-	status = re.findall(r"p(\d{2})=(0|1)\s*\<br\>", ret_val.lower())
-+	if os.path.basename(sys.argv[0]) == "fence_eps":
-+		status = re.findall(r"p(\d{2})=(0|1)\s*\<br\>", ret_val.lower())
-+	elif os.path.basename(sys.argv[0]) == "fence_epsr2":
-+		status = re.findall(r"m0:o(\d)=(on|off)\s*", ret_val.lower())
- 	for out_num, out_stat in status:
-		result[out_num] = ("", (out_stat == "1" and "on" or "off"))
-+		if os.path.basename(sys.argv[0]) == "fence_eps":
-+			result[out_num] = ("", (out_stat == "1" and "on" or "off"))
-+		elif os.path.basename(sys.argv[0]) == "fence_epsr2":
-+			result[out_num] = ("", out_stat)
- 
- 	if not options["--action"] in ['monitor', 'list']:
- 		if not options["--plug"] in result:
-@@ -81,7 +87,12 @@ def get_power_status(conn, options):
- 
- def set_power_status(conn, options):
- 	del conn
-	eps_run_command(options, "P%s=%s"%(options["--plug"], (options["--action"] == "on" and "1" or "0")))
-+	if os.path.basename(sys.argv[0]) == "fence_eps":
-+		eps_run_command(options, "P%s=%s"%(options["--plug"], (options["--action"] == "on" and "1" or "0")))
-+	elif os.path.basename(sys.argv[0]) == "fence_epsr2":
-+		if options["--action"] == "reboot":
-+			options["--action"] = "off"
-+		eps_run_command(options, "M0:O%s=%s"%(options["--plug"], options["--action"]))
- 
- # Define new option
- def eps_define_new_opts():
-@@ -107,20 +118,25 @@ def main():
- 	options = check_input(device_opt, process_input(device_opt))
- 
- 	docs = {}
-+	docs["agent_name"] = "fence_eps"
- 	docs["shortdesc"] = "Fence agent for ePowerSwitch"
-	docs["longdesc"] = "fence_eps is a Power Fencing agent \
-+	docs["longdesc"] = os.path.basename(sys.argv[0]) + " is a Power Fencing agent \
- which can be used with the ePowerSwitch 8M+ power switch to fence \
-connected machines. Fence agent works ONLY on 8M+ device, because \
-this is only one, which has support for hidden page feature. \
-+connected machines. It ONLY works on 8M+ devices, as \
-+they support the hidden page feature. \
- \n.TP\n\
-Agent basically works by connecting to hidden page and pass \
-appropriate arguments to GET request. This means, that hidden \
-page feature must be enabled and properly configured."
-	docs["vendorurl"] = "http://www.epowerswitch.com"
-+The agent works by connecting to the hidden page and pass \
-+the appropriate arguments to GET request. This means, that the hidden \
-+page feature must be enabled and properly configured. \
-+\n.TP\n\
-+NOTE: In most cases you want to use fence_epsr2, as fence_eps \
-+only works with older hardware."
-+	docs["vendorurl"] = "https://www.neol.com"
-+	docs["symlink"] = [("fence_epsr2", "Fence agent for ePowerSwitch R2 and newer")]
- 	show_docs(options, docs)
- 
- 	run_delay(options)
-	#Run fence action. Conn is None, beacause we always need open new http connection
-+	#Run fence action. Conn is None, because we always need open new http connection
- 	result = fence_action(None, options, set_power_status, get_power_status, get_power_status)
- 
- 	sys.exit(result)
-diff --git a/tests/data/metadata/fence_epsr2.xml b/tests/data/metadata/fence_epsr2.xml
-new file mode 100644
-index 000000000..37074e052
--- /dev/null
-+++ b/tests/data/metadata/fence_epsr2.xml
-@@ -0,0 +1,178 @@
-+<?xml version="1.0" ?>
-+<resource-agent name="fence_epsr2" shortdesc="Fence agent for ePowerSwitch" >
-+<symlink name="fence_epsr2" shortdesc="Fence agent for ePowerSwitch R2 and newer"/>
-+<longdesc>fence_epsr2 is a Power Fencing agent which can be used with the ePowerSwitch 8M+ power switch to fence connected machines. It ONLY works on 8M+ devices, as they support the hidden page feature. 
-+
-+The agent works by connecting to the hidden page and pass the appropriate arguments to GET request. This means, that the hidden page feature must be enabled and properly configured. 
-+
-+NOTE: In most cases you want to use fence_epsr2, as fence_eps only works with older hardware.</longdesc>
-+<vendor-url>https://www.neol.com</vendor-url>
-+<parameters>
-+	<parameter name="action" unique="0" required="1">
-+		<getopt mixed="-o, --action=[action]" />
-+		<content type="string" default="reboot"  />
-+		<shortdesc lang="en">Fencing action</shortdesc>
-+	</parameter>
-+	<parameter name="hidden_page" unique="0" required="0" deprecated="1">
-+		<getopt mixed="-c, --page=[page]" />
-+		<content type="string" default="hidden.htm"  />
-+		<shortdesc lang="en">Name of hidden page</shortdesc>
-+	</parameter>
-+	<parameter name="ip" unique="0" required="1" obsoletes="ipaddr">
-+		<getopt mixed="-a, --ip=[ip]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">IP address or hostname of fencing device</shortdesc>
-+	</parameter>
-+	<parameter name="ipaddr" unique="0" required="1" deprecated="1">
-+		<getopt mixed="-a, --ip=[ip]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">IP address or hostname of fencing device</shortdesc>
-+	</parameter>
-+	<parameter name="ipport" unique="0" required="0">
-+		<getopt mixed="-u, --ipport=[port]" />
-+		<content type="integer" default="80"  />
-+		<shortdesc lang="en">TCP/UDP port to use for connection with device</shortdesc>
-+	</parameter>
-+	<parameter name="login" unique="0" required="0" deprecated="1">
-+		<getopt mixed="-l, --username=[name]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">Login name</shortdesc>
-+	</parameter>
-+	<parameter name="page" unique="0" required="0" obsoletes="hidden_page">
-+		<getopt mixed="-c, --page=[page]" />
-+		<content type="string" default="hidden.htm"  />
-+		<shortdesc lang="en">Name of hidden page</shortdesc>
-+	</parameter>
-+	<parameter name="passwd" unique="0" required="0" deprecated="1">
-+		<getopt mixed="-p, --password=[password]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">Login password or passphrase</shortdesc>
-+	</parameter>
-+	<parameter name="passwd_script" unique="0" required="0" deprecated="1">
-+		<getopt mixed="-S, --password-script=[script]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">Script to run to retrieve password</shortdesc>
-+	</parameter>
-+	<parameter name="password" unique="0" required="0" obsoletes="passwd">
-+		<getopt mixed="-p, --password=[password]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">Login password or passphrase</shortdesc>
-+	</parameter>
-+	<parameter name="password_script" unique="0" required="0" obsoletes="passwd_script">
-+		<getopt mixed="-S, --password-script=[script]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">Script to run to retrieve password</shortdesc>
-+	</parameter>
-+	<parameter name="plug" unique="0" required="1" obsoletes="port">
-+		<getopt mixed="-n, --plug=[id]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">Physical plug number on device, UUID or identification of machine</shortdesc>
-+	</parameter>
-+	<parameter name="port" unique="0" required="1" deprecated="1">
-+		<getopt mixed="-n, --plug=[id]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">Physical plug number on device, UUID or identification of machine</shortdesc>
-+	</parameter>
-+	<parameter name="username" unique="0" required="0" obsoletes="login">
-+		<getopt mixed="-l, --username=[name]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">Login name</shortdesc>
-+	</parameter>
-+	<parameter name="quiet" unique="0" required="0">
-+		<getopt mixed="-q, --quiet" />
-+		<content type="boolean"  />
-+		<shortdesc lang="en">Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.</shortdesc>
-+	</parameter>
-+	<parameter name="verbose" unique="0" required="0">
-+		<getopt mixed="-v, --verbose" />
-+		<content type="boolean"  />
-+		<shortdesc lang="en">Verbose mode. Multiple -v flags can be stacked on the command line (e.g., -vvv) to increase verbosity.</shortdesc>
-+	</parameter>
-+	<parameter name="verbose_level" unique="0" required="0">
-+		<getopt mixed="--verbose-level" />
-+		<content type="integer"  />
-+		<shortdesc lang="en">Level of debugging detail in output. Defaults to the number of --verbose flags specified on the command line, or to 1 if verbose=1 in a stonith device configuration (i.e., on stdin).</shortdesc>
-+	</parameter>
-+	<parameter name="debug" unique="0" required="0" deprecated="1">
-+		<getopt mixed="-D, --debug-file=[debugfile]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">Write debug information to given file</shortdesc>
-+	</parameter>
-+	<parameter name="debug_file" unique="0" required="0" obsoletes="debug">
-+		<getopt mixed="-D, --debug-file=[debugfile]" />
-+		<shortdesc lang="en">Write debug information to given file</shortdesc>
-+	</parameter>
-+	<parameter name="version" unique="0" required="0">
-+		<getopt mixed="-V, --version" />
-+		<content type="boolean"  />
-+		<shortdesc lang="en">Display version information and exit</shortdesc>
-+	</parameter>
-+	<parameter name="help" unique="0" required="0">
-+		<getopt mixed="-h, --help" />
-+		<content type="boolean"  />
-+		<shortdesc lang="en">Display help and exit</shortdesc>
-+	</parameter>
-+	<parameter name="plug_separator" unique="0" required="0">
-+		<getopt mixed="--plug-separator=[char]" />
-+		<content type="string" default=","  />
-+		<shortdesc lang="en">Separator for plug parameter when specifying more than 1 plug</shortdesc>
-+	</parameter>
-+	<parameter name="separator" unique="0" required="0">
-+		<getopt mixed="-C, --separator=[char]" />
-+		<content type="string" default=","  />
-+		<shortdesc lang="en">Separator for CSV created by 'list' operation</shortdesc>
-+	</parameter>
-+	<parameter name="delay" unique="0" required="0">
-+		<getopt mixed="--delay=[seconds]" />
-+		<content type="second" default="0"  />
-+		<shortdesc lang="en">Wait X seconds before fencing is started</shortdesc>
-+	</parameter>
-+	<parameter name="disable_timeout" unique="0" required="0">
-+		<getopt mixed="--disable-timeout=[true/false]" />
-+		<content type="string"  />
-+		<shortdesc lang="en">Disable timeout (true/false) (default: true when run from Pacemaker 2.0+)</shortdesc>
-+	</parameter>
-+	<parameter name="login_timeout" unique="0" required="0">
-+		<getopt mixed="--login-timeout=[seconds]" />
-+		<content type="second" default="5"  />
-+		<shortdesc lang="en">Wait X seconds for cmd prompt after login</shortdesc>
-+	</parameter>
-+	<parameter name="power_timeout" unique="0" required="0">
-+		<getopt mixed="--power-timeout=[seconds]" />
-+		<content type="second" default="20"  />
-+		<shortdesc lang="en">Test X seconds for status change after ON/OFF</shortdesc>
-+	</parameter>
-+	<parameter name="power_wait" unique="0" required="0">
-+		<getopt mixed="--power-wait=[seconds]" />
-+		<content type="second" default="0"  />
-+		<shortdesc lang="en">Wait X seconds after issuing ON/OFF</shortdesc>
-+	</parameter>
-+	<parameter name="shell_timeout" unique="0" required="0">
-+		<getopt mixed="--shell-timeout=[seconds]" />
-+		<content type="second" default="3"  />
-+		<shortdesc lang="en">Wait X seconds for cmd prompt after issuing command</shortdesc>
-+	</parameter>
-+	<parameter name="stonith_status_sleep" unique="0" required="0">
-+		<getopt mixed="--stonith-status-sleep=[seconds]" />
-+		<content type="second" default="1"  />
-+		<shortdesc lang="en">Sleep X seconds between status calls during a STONITH action</shortdesc>
-+	</parameter>
-+	<parameter name="retry_on" unique="0" required="0">
-+		<getopt mixed="--retry-on=[attempts]" />
-+		<content type="integer" default="1"  />
-+		<shortdesc lang="en">Count of attempts to retry power on</shortdesc>
-+	</parameter>
-+</parameters>
-+<actions>
-+	<action name="on" automatic="0"/>
-+	<action name="off" />
-+	<action name="reboot" />
-+	<action name="status" />
-+	<action name="list" />
-+	<action name="list-status" />
-+	<action name="monitor" />
-+	<action name="metadata" />
-+	<action name="manpage" />
-+	<action name="validate-all" />
-+</actions>
-+</resource-agent>
--- a/SPECS/fence-agents.spec
+++ b/SPECS/fence-agents.spec
@ -87,7 +87,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.2.1
-Release: 129%{?alphatag:.%{alphatag}}%{?dist}.5
+Release: 129%{?alphatag:.%{alphatag}}%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Base
 URL: https://github.com/ClusterLabs/fence-agents
@ -282,19 +282,13 @@ Patch139: RHEL-5397-fence_scsi-2-fix-ISID-reg-handling-off.patch
 Patch140: RHEL-5397-fence_scsi-3-fix-run_cmd.patch
 Patch141: RHEL-5397-4-fence_scsi-log-err.patch
 Patch142: RHEL-14343-fence_zvmip-2-fix-manpage-formatting.patch
-Patch143: RHEL-7734-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch
-Patch144: RHEL-56840-fence_scsi-only-preempt-once-for-mpath-devices.patch

 ### HA support libs/utils ###
 # all archs
 Patch1000: bz2218234-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
 Patch1001: RHEL-22174-kubevirt-fix-bundled-jinja2-CVE-2024-22195.patch
-Patch1002: RHEL-35655-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch
-Patch1003: RHEL-43568-1-kubevirt-fix-bundled-urllib3-CVE-2024-37891.patch
-Patch1004: RHEL-50223-setuptools-fix-CVE-2024-6345.patch
 # cloud (x86_64 only)
 Patch2000: bz2218234-2-aws-fix-bundled-dateutil-CVE-2007-4559.patch
-Patch2001: RHEL-43568-2-aws-fix-bundled-urllib3-CVE-2024-37891.patch

 %if 0%{?fedora} || 0%{?rhel} > 7
 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
@ -515,8 +509,6 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja
 %patch -p1 -P 140
 %patch -p1 -P 141
 %patch -p1 -P 142
-%patch -p1 -P 143 -F1
-%patch -p1 -P 144

 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@ -631,13 +623,9 @@ rm -rf %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt/rsa*
 pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000}
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=1 < %{PATCH1001}
-/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=1 < %{PATCH1002}
-/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1003}
-/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1004}

 %ifarch x86_64
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000}
-/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2001}
 %endif
 popd

@ -989,8 +977,8 @@ BuildArch: noarch
 Fence agent for ePowerSwitch 8M+ power switches that are accessed
 via the HTTP(s) protocol.
 %files eps
-%{_sbindir}/fence_eps*
-%{_mandir}/man8/fence_eps*.8*
+%{_sbindir}/fence_eps
+%{_mandir}/man8/fence_eps.8*

 %ifarch x86_64
 %package gce
@ -1528,25 +1516,6 @@ Fence agent for IBM z/VM over IP.
 %endif

 %changelog
-* Tue Sep 24 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.5
- fence_scsi: preempt clears all devices on the mpath device, so only
-  run it for the first device
-  Resolves: RHEL-56840
-
-* Wed Jul 24 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.4
- bundled setuptools: fix CVE-2024-6345
-  Resolves: RHEL-50223
-
-* Tue Jun 25 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.3
- bundled urllib3: fix CVE-2024-37891
-  Resolves: RHEL-43568
-
-* Thu May 30 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.2
- fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer
-  Resolves: RHEL-7734
- bundled jinja2: fix CVE-2024-34064
-  Resolves: RHEL-35655
-
 * Fri Jan 19 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129
 - bundled urllib3: fix CVE-2023-45803
  Resolves: RHEL-18132