diff --git a/RHEL-140787-fix-bundled-urllib3-CVE-2026-21441.patch b/RHEL-140787-RHEL-146289-fix-bundled-urllib3-CVE-2026-21441.patch similarity index 50% rename from RHEL-140787-fix-bundled-urllib3-CVE-2026-21441.patch rename to RHEL-140787-RHEL-146289-fix-bundled-urllib3-CVE-2026-21441.patch index a5e5811..8acda54 100644 --- a/RHEL-140787-fix-bundled-urllib3-CVE-2026-21441.patch +++ b/RHEL-140787-RHEL-146289-fix-bundled-urllib3-CVE-2026-21441.patch @@ -1,6 +1,14 @@ --- a/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/response.py 2023-10-17 19:42:56.000000000 +0200 +++ b/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/response.py 2026-01-13 14:17:48.477104360 +0100 -@@ -292,7 +292,11 @@ +@@ -350,6 +350,7 @@ + self.reason = reason + self.strict = strict + self.decode_content = decode_content ++ self._has_decoded_content = False + self.retries = retries + self.enforce_content_length = enforce_content_length + self.auto_close = auto_close +@@ -414,7 +415,11 @@ Unread data in the HTTPResponse connection blocks the connection from being released back to the pool. """ try: @@ -12,10 +20,27 @@ + ) except (HTTPError, SocketError, BaseSSLError, HTTPException): pass + +@@ -536,6 +541,7 @@ + try: + if self._decoder: + data = self._decoder.decompress(data, max_length=max_length) ++ self._has_decoded_content = True + except self.DECODER_ERROR_CLASSES as e: + content_encoding = self.headers.get("content-encoding", "").lower() + raise DecodeError( --- a/gcp/google-cloud-sdk/lib/third_party/urllib3/response.py 2023-10-17 19:42:56.000000000 +0200 +++ b/gcp/google-cloud-sdk/lib/third_party/urllib3/response.py 2026-01-13 14:17:48.477104360 +0100 -@@ -292,7 +292,11 @@ +@@ -350,6 +350,7 @@ + self.reason = reason + self.strict = strict + self.decode_content = decode_content ++ self._has_decoded_content = False + self.retries = retries + self.enforce_content_length = enforce_content_length + self.auto_close = auto_close +@@ -414,7 +415,11 @@ Unread data in the HTTPResponse connection blocks the connection from being released back to the pool. """ try: @@ -27,3 +52,12 @@ + ) except (HTTPError, SocketError, BaseSSLError, HTTPException): pass + +@@ -536,6 +541,7 @@ + try: + if self._decoder: + data = self._decoder.decompress(data, max_length=max_length) ++ self._has_decoded_content = True + except self.DECODER_ERROR_CLASSES as e: + content_encoding = self.headers.get("content-encoding", "").lower() + raise DecodeError( diff --git a/resource-agents.spec b/resource-agents.spec index 1d9d3b9..0ad3e46 100644 --- a/resource-agents.spec +++ b/resource-agents.spec @@ -73,7 +73,7 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.9.0 -Release: 54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.28 +Release: 54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.29 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/resource-agents %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} @@ -198,7 +198,7 @@ Patch1011: RHEL-104761-aliyun-gcp-fix-bundled-requests-CVE-2024-47081.patch Patch1012: RHEL-50360-setuptools-fix-CVE-2024-6345.patch Patch1013: RHEL-136031-fix-bundled-urllib3-CVE-2025-66418.patch Patch1014: RHEL-139760-fix-bundled-urllib3-CVE-2025-66471.patch -Patch1015: RHEL-140787-fix-bundled-urllib3-CVE-2026-21441.patch +Patch1015: RHEL-140787-RHEL-146289-fix-bundled-urllib3-CVE-2026-21441.patch Patch1016: RHEL-142448-fix-bundled-pyasn1-CVE-2026-23490.patch Obsoletes: heartbeat-resources <= %{version} @@ -1053,6 +1053,11 @@ ccs_update_schema > /dev/null 2>&1 ||: %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm %changelog +* Thu Feb 5 2026 Oyvind Albrigtsen - 4.9.0-54.29 +- bundled urllib3: fix issue with CVE-2026-21441 patch + + Resolves: RHEL-146289 + * Tue Jan 27 2026 Oyvind Albrigtsen - 4.9.0-54.28 - bundled pyasn1: fix CVE-2026-23490