rpms/resource-agents
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- bundled urllib3: fix issue with CVE-2026-21441 patch

Browse Source 
Resolves: RHEL-146289
This commit is contained in:
Oyvind Albrigtsen 2026-02-05 13:15:37 +01:00
parent e977f9116e
commit 1fc0c9b958
2 changed files with 43 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
RHEL-140787-fix-bundled-urllib3-CVE-2026-21441.patch → RHEL-140787-RHEL-146289-fix-bundled-urllib3-CVE-2026-21441.patch
View File

@ -1,6 +1,14 @@
--- a/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/response.py 2023-10-17 19:42:56.000000000 +0200
+++ b/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/response.py 2026-01-13 14:17:48.477104360 +0100
@@ -292,7 +292,11 @@
@@ -350,6 +350,7 @@
self.reason = reason
self.strict = strict
self.decode_content = decode_content
+ self._has_decoded_content = False
self.retries = retries
self.enforce_content_length = enforce_content_length
self.auto_close = auto_close
@@ -414,7 +415,11 @@
Unread data in the HTTPResponse connection blocks the connection from being released back to the pool.
"""
try:
@ -12,10 +20,27 @@
+ )
except (HTTPError, SocketError, BaseSSLError, HTTPException):
pass
@@ -536,6 +541,7 @@
try:
if self._decoder:
data = self._decoder.decompress(data, max_length=max_length)
+ self._has_decoded_content = True
except self.DECODER_ERROR_CLASSES as e:
content_encoding = self.headers.get("content-encoding", "").lower()
raise DecodeError(
--- a/gcp/google-cloud-sdk/lib/third_party/urllib3/response.py 2023-10-17 19:42:56.000000000 +0200
+++ b/gcp/google-cloud-sdk/lib/third_party/urllib3/response.py 2026-01-13 14:17:48.477104360 +0100
@@ -292,7 +292,11 @@
@@ -350,6 +350,7 @@
self.reason = reason
self.strict = strict
self.decode_content = decode_content
+ self._has_decoded_content = False
self.retries = retries
self.enforce_content_length = enforce_content_length
self.auto_close = auto_close
@@ -414,7 +415,11 @@
Unread data in the HTTPResponse connection blocks the connection from being released back to the pool.
"""
try:
@ -27,3 +52,12 @@
+ )
except (HTTPError, SocketError, BaseSSLError, HTTPException):
pass
@@ -536,6 +541,7 @@
try:
if self._decoder:
data = self._decoder.decompress(data, max_length=max_length)
+ self._has_decoded_content = True
except self.DECODER_ERROR_CLASSES as e:
content_encoding = self.headers.get("content-encoding", "").lower()
raise DecodeError(

9
resource-agents.spec
View File

@ -73,7 +73,7 @@
Name: resource-agents
Summary: Open Source HA Reusable Cluster Resource Scripts
Version: 4.9.0
Release: 54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.28
Release: 54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.29
License: GPLv2+ and LGPLv2+
URL: https://github.com/ClusterLabs/resource-agents
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
@ -198,7 +198,7 @@ Patch1011: RHEL-104761-aliyun-gcp-fix-bundled-requests-CVE-2024-47081.patch
Patch1012: RHEL-50360-setuptools-fix-CVE-2024-6345.patch
Patch1013: RHEL-136031-fix-bundled-urllib3-CVE-2025-66418.patch
Patch1014: RHEL-139760-fix-bundled-urllib3-CVE-2025-66471.patch
Patch1015: RHEL-140787-fix-bundled-urllib3-CVE-2026-21441.patch
Patch1015: RHEL-140787-RHEL-146289-fix-bundled-urllib3-CVE-2026-21441.patch
Patch1016: RHEL-142448-fix-bundled-pyasn1-CVE-2026-23490.patch
Obsoletes: heartbeat-resources <= %{version}
@ -1053,6 +1053,11 @@ ccs_update_schema > /dev/null 2>&1 ||:
%{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
%changelog
* Thu Feb 5 2026 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.29
- bundled urllib3: fix issue with CVE-2026-21441 patch
Resolves: RHEL-146289
* Tue Jan 27 2026 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.28
- bundled pyasn1: fix CVE-2026-23490