diff --git a/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch b/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch new file mode 100644 index 0000000000000000000000000000000000000000..5f2027a88672f59ad0cb26f69bfe36ebd83732d0 --- /dev/null +++ b/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch @@ -0,0 +1,26 @@ +From fc7d7c4baef64f510bd3332c9f008d3e1128dc7b Mon Sep 17 00:00:00 2001 +From: Peter Varkoly +Date: Sun, 11 Feb 2024 09:13:51 +0100 +Subject: [PATCH] fence_vmware_rest : monitoring is not detecting if the API + user has sufficient right to manage the fence device. The call + https://{api_host}/api/vcenter/vm is subject to permission checks. If the + delivered list is empty the user has no rights. + +--- + agents/vmware_rest/fence_vmware_rest.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/agents/vmware_rest/fence_vmware_rest.py b/agents/vmware_rest/fence_vmware_rest.py +index 378771863..9dc9a12f4 100644 +--- a/agents/vmware_rest/fence_vmware_rest.py ++++ b/agents/vmware_rest/fence_vmware_rest.py +@@ -60,6 +60,9 @@ def get_list(conn, options): + else: + fail(EC_STATUS) + ++ if options.get("--original-action") == "monitor" and not res["value"]: ++ logging.error("API user does not have sufficient rights to manage the power status.") ++ fail(EC_STATUS) + for r in res["value"]: + outlets[r["name"]] = ("", state[r["power_state"]]) + diff --git a/RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch b/RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch new file mode 100644 index 0000000000000000000000000000000000000000..b9bb33439c6e70ca0426218f0115aee32c51c2f8 --- /dev/null +++ b/RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch @@ -0,0 +1,209 @@ +--- a/agents/aliyun/fence_aliyun.py 2024-04-04 10:22:53.720906183 +0200 ++++ b/agents/aliyun/fence_aliyun.py 2024-04-04 10:21:47.626425090 +0200 +@@ -1,53 +1,67 @@ + #!@PYTHON@ -tt + +-import sys, re ++import sys + import logging + import atexit + import json ++ + sys.path.append("@FENCEAGENTSLIBDIR@") + from fencing import * +-from fencing import fail, fail_usage, EC_TIMED_OUT, run_delay ++from fencing import fail_usage, run_delay ++ + + try: + sys.path.insert(0, '/usr/lib/fence-agents/support/aliyun') + from aliyunsdkcore import client + from aliyunsdkcore.auth.credentials import EcsRamRoleCredential ++ from aliyunsdkcore.profile import region_provider ++except ImportError as e: ++ logging.warn("The 'aliyunsdkcore' module has been not installed or is unavailable, try to execute the command 'pip install aliyun-python-sdk-core --upgrade' to solve. error: %s" % e) ++ ++ ++try: + from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest + from aliyunsdkecs.request.v20140526.StartInstanceRequest import StartInstanceRequest + from aliyunsdkecs.request.v20140526.StopInstanceRequest import StopInstanceRequest + from aliyunsdkecs.request.v20140526.RebootInstanceRequest import RebootInstanceRequest +- from aliyunsdkcore.profile import region_provider +-except ImportError: +- pass ++except ImportError as e: ++ logging.warn("The 'aliyunsdkecs' module has been not installed or is unavailable, try to execute the command 'pip install aliyun-python-sdk-ecs --upgrade' to solve. error: %s" % e) ++ + + def _send_request(conn, request): ++ logging.debug("send request action: %s" % request.get_action_name()) + request.set_accept_format('json') + try: + response_str = conn.do_action_with_exception(request) +- response_detail = json.loads(response_str) +- logging.debug("_send_request reponse: %s" % response_detail) +- return response_detail + except Exception as e: +- fail_usage("Failed: _send_request failed: %s" % e) ++ fail_usage("Failed: send request failed: Error: %s" % e) ++ ++ response_detail = json.loads(response_str) ++ logging.debug("reponse: %s" % response_detail) ++ return response_detail + + def start_instance(conn, instance_id): ++ logging.debug("start instance %s" % instance_id) + request = StartInstanceRequest() + request.set_InstanceId(instance_id) + _send_request(conn, request) + + def stop_instance(conn, instance_id): ++ logging.debug("stop instance %s" % instance_id) + request = StopInstanceRequest() + request.set_InstanceId(instance_id) + request.set_ForceStop('true') + _send_request(conn, request) + + def reboot_instance(conn, instance_id): ++ logging.debug("reboot instance %s" % instance_id) + request = RebootInstanceRequest() + request.set_InstanceId(instance_id) + request.set_ForceStop('true') + _send_request(conn, request) + + def get_status(conn, instance_id): ++ logging.debug("get instance %s status" % instance_id) + request = DescribeInstancesRequest() + request.set_InstanceIds(json.dumps([instance_id])) + response = _send_request(conn, request) +@@ -59,20 +73,30 @@ + return instance_status + + def get_nodes_list(conn, options): ++ logging.debug("start to get nodes list") + result = {} + request = DescribeInstancesRequest() + request.set_PageSize(100) ++ ++ if "--filter" in options: ++ filter_key = options["--filter"].split("=")[0].strip() ++ filter_value = options["--filter"].split("=")[1].strip() ++ params = request.get_query_params() ++ params[filter_key] = filter_value ++ request.set_query_params(params) ++ + response = _send_request(conn, request) +- instance_status = None + if response is not None: + instance_list = response.get('Instances').get('Instance') + for item in instance_list: + instance_id = item.get('InstanceId') + instance_name = item.get('InstanceName') + result[instance_id] = (instance_name, None) ++ logging.debug("get nodes list: %s" % result) + return result + + def get_power_status(conn, options): ++ logging.debug("start to get power(%s) status" % options["--plug"]) + state = get_status(conn, options["--plug"]) + + if state == "Running": +@@ -81,14 +105,11 @@ + status = "off" + else: + status = "unknown" +- +- logging.info("get_power_status: %s" % status) +- ++ logging.debug("the power(%s) status is %s" % (options["--plug"], status)) + return status + +- + def set_power_status(conn, options): +- logging.info("set_power_status: %s" % options["--action"]) ++ logging.info("start to set power(%s) status to %s" % (options["--plug"], options["--action"])) + + if (options["--action"]=="off"): + stop_instance(conn, options["--plug"]) +@@ -97,7 +118,6 @@ + elif (options["--action"]=="reboot"): + reboot_instance(conn, options["--plug"]) + +- + def define_new_opts(): + all_opt["region"] = { + "getopt" : "r:", +@@ -126,17 +146,42 @@ + all_opt["ram_role"] = { + "getopt": ":", + "longopt": "ram-role", +- "help": "--ram-role=[name] Ram Role", ++ "help": "--ram-role=[name] Ram Role", + "shortdesc": "Ram Role.", + "required": "0", + "order": 5 + } ++ all_opt["credentials_file"] = { ++ "getopt": ":", ++ "longopt": "credentials-file", ++ "help": "--credentials-file=[path] Path to aliyun-cli credentials file", ++ "shortdesc": "Path to credentials file", ++ "required": "0", ++ "order": 6 ++ } ++ all_opt["credentials_file_profile"] = { ++ "getopt": ":", ++ "longopt": "credentials-file-profile", ++ "help": "--credentials-file-profile=[profile] Credentials file profile", ++ "shortdesc": "Credentials file profile", ++ "required": "0", ++ "default": "default", ++ "order": 7 ++ } ++ all_opt["filter"] = { ++ "getopt": ":", ++ "longopt": "filter", ++ "help": "--filter=[key=value] Filter (e.g. InstanceIds=[\"i-XXYYZZAA1\",\"i-XXYYZZAA2\"]", ++ "shortdesc": "Filter for list-action.", ++ "required": "0", ++ "order": 8 ++ } + + # Main agent method + def main(): + conn = None + +- device_opt = ["port", "no_password", "region", "access_key", "secret_key", "ram_role"] ++ device_opt = ["port", "no_password", "region", "access_key", "secret_key", "ram_role", "credentials_file", "credentials_file_profile", "filter"] + + atexit.register(atexit_handler) + +@@ -164,8 +209,25 @@ + ram_role = options["--ram-role"] + role = EcsRamRoleCredential(ram_role) + conn = client.AcsClient(region_id=region, credential=role) +- region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region) +- ++ elif "--credentials-file" in options and "--credentials-file-profile" in options: ++ import os, configparser ++ try: ++ config = configparser.ConfigParser() ++ config.read(os.path.expanduser(options["--credentials-file"])) ++ access_key = config.get(options["--credentials-file-profile"], "aliyun_access_key_id") ++ secret_key = config.get(options["--credentials-file-profile"], "aliyun_access_key_secret") ++ conn = client.AcsClient(access_key, secret_key, region) ++ except Exception as e: ++ fail_usage("Failed: failed to read credentials file: %s" % e) ++ else: ++ fail_usage("Failed: User credentials are not set. Please set the Access Key and the Secret Key, or configure the RAM role.") ++ ++ # Use intranet endpoint to access ECS service ++ try: ++ region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region) ++ except Exception as e: ++ logging.warn("Failed: failed to modify endpoint to 'ecs.%s.aliyuncs.com': %s" % (region, e)) ++ + # Operate the fencing device + result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list) + sys.exit(result) diff --git a/RHEL-35273-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch b/RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch similarity index 100% rename from RHEL-35273-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch rename to RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch diff --git a/RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch b/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch similarity index 100% rename from RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch rename to RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch diff --git a/RHEL-43235-fence_aws-1-list-add-instance-name-status.patch b/RHEL-43235-fence_aws-1-list-add-instance-name-status.patch new file mode 100644 index 0000000000000000000000000000000000000000..0cf8961473c3f005bed9fde0f93c7190a1d697dd --- /dev/null +++ b/RHEL-43235-fence_aws-1-list-add-instance-name-status.patch @@ -0,0 +1,99 @@ +From a4502b3bf15a3be2ebd64b6829cd4f6641f2506b Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 14 Jun 2024 15:28:28 +0200 +Subject: [PATCH 1/2] fencing: use formatted strings to avoid failing when plug + is int + +--- + lib/fencing.py.py | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/fencing.py.py b/lib/fencing.py.py +index 66e2ff156..9c090100d 100644 +--- a/lib/fencing.py.py ++++ b/lib/fencing.py.py +@@ -985,9 +985,9 @@ + status = status.upper() + + if options["--action"] == "list": +- print(outlet_id + options["--separator"] + alias) ++ print("{}{}{}".format(outlet_id, options["--separator"], alias)) + elif options["--action"] == "list-status": +- print(outlet_id + options["--separator"] + alias + options["--separator"] + status) ++ print("{}{}{}{}{}".format(outlet_id, options["--separator"], alias, options["--separator"], status)) + + return + + +From f1ef26c885cdedb17eb366e4c8922ffb01aefc7c Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 14 Jun 2024 15:29:12 +0200 +Subject: [PATCH 2/2] fence_aws: improve list, list-status and status actions + +--- + agents/aws/fence_aws.py | 31 +++++++++++++++++++------------ + 1 file changed, 19 insertions(+), 12 deletions(-) + +diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py +index a9308dd9c..b8d38462e 100644 +--- a/agents/aws/fence_aws.py ++++ b/agents/aws/fence_aws.py +@@ -22,6 +22,15 @@ + logger.addHandler(SyslogLibHandler()) + logging.getLogger('botocore.vendored').propagate = False + ++status = { ++ "running": "on", ++ "stopped": "off", ++ "pending": "unknown", ++ "stopping": "unknown", ++ "shutting-down": "unknown", ++ "terminated": "unknown" ++} ++ + def get_instance_id(options): + try: + token = requests.put('http://169.254.169.254/latest/api/token', headers={"X-aws-ec2-metadata-token-ttl-seconds" : "21600"}).content.decode("UTF-8") +@@ -45,11 +54,14 @@ def get_nodes_list(conn, options): + filter_key = options["--filter"].split("=")[0].strip() + filter_value = options["--filter"].split("=")[1].strip() + filter = [{ "Name": filter_key, "Values": [filter_value] }] +- for instance in conn.instances.filter(Filters=filter): +- result[instance.id] = ("", None) +- else: +- for instance in conn.instances.all(): +- result[instance.id] = ("", None) ++ logging.debug("Filter: {}".format(filter)) ++ ++ for instance in conn.instances.filter(Filters=filter if 'filter' in vars() else []): ++ instance_name = "" ++ for tag in instance.tags or []: ++ if tag.get("Key") == "Name": ++ instance_name = tag["Value"] ++ result[instance.id] = (instance_name, status[instance.state["Name"]]) + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") + except EndpointConnectionError: +@@ -67,12 +79,7 @@ def get_power_status(conn, options): + instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [options["--plug"]]}]) + state = list(instance)[0].state["Name"] + logger.debug("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper()) +- if state == "running": +- return "on" +- elif state == "stopped": +- return "off" +- else: +- return "unknown" ++ return status[state] + + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") +@@ -146,7 +153,7 @@ def define_new_opts(): + all_opt["filter"] = { + "getopt" : ":", + "longopt" : "filter", +- "help" : "--filter=[key=value] Filter (e.g. vpc-id=[vpc-XXYYZZAA]", ++ "help" : "--filter=[key=value] Filter (e.g. vpc-id=[vpc-XXYYZZAA])", + "shortdesc": "Filter for list-action", + "required": "0", + "order": 5 diff --git a/RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch b/RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch new file mode 100644 index 0000000000000000000000000000000000000000..edc7d35d47752fd6d78375e390399b1684580613 --- /dev/null +++ b/RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch @@ -0,0 +1,41 @@ +From c2753c1882b5892b8b7a0fd093baded4a359b2a5 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 17 Jun 2024 11:19:12 +0200 +Subject: [PATCH] fence_aws: log error if unknown state returned + +--- + agents/aws/fence_aws.py | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py +index b8d38462e..5459a06c4 100644 +--- a/agents/aws/fence_aws.py ++++ b/agents/aws/fence_aws.py +@@ -61,7 +61,12 @@ def get_nodes_list(conn, options): + for tag in instance.tags or []: + if tag.get("Key") == "Name": + instance_name = tag["Value"] +- result[instance.id] = (instance_name, status[instance.state["Name"]]) ++ try: ++ result[instance.id] = (instance_name, status[instance.state["Name"]]) ++ except KeyError as e: ++ if options.get("--original-action") == "list-status": ++ logger.error("Unknown status \"{}\" returned for {} ({})".format(instance.state["Name"], instance.id, instance_name)) ++ result[instance.id] = (instance_name, "unknown") + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") + except EndpointConnectionError: +@@ -79,8 +84,11 @@ def get_power_status(conn, options): + instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [options["--plug"]]}]) + state = list(instance)[0].state["Name"] + logger.debug("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper()) +- return status[state] +- ++ try: ++ return status[state] ++ except KeyError as e: ++ logger.error("Unknown status \"{}\" returned".format(state)) ++ return "unknown" + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") + except EndpointConnectionError: diff --git a/RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch b/RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch similarity index 100% rename from RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch rename to RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch diff --git a/RHEL-59882-fence_scsi-only-preempt-once-for-mpath-devices.patch b/RHEL-59882-fence_scsi-only-preempt-once-for-mpath-devices.patch new file mode 100644 index 0000000000000000000000000000000000000000..78b78548afdbd7a007e89be09d4bd59a9ee4a99a --- /dev/null +++ b/RHEL-59882-fence_scsi-only-preempt-once-for-mpath-devices.patch @@ -0,0 +1,40 @@ +From cb57f1c2ee734a40d01249305965ea4ecdf02039 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 5 Sep 2024 09:06:34 +0200 +Subject: [PATCH] fence_scsi: preempt clears all devices on the mpath device, + so only run it for the first device + +--- + agents/scsi/fence_scsi.py | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py +index a1598411c..12f7fb49b 100644 +--- a/agents/scsi/fence_scsi.py ++++ b/agents/scsi/fence_scsi.py +@@ -131,11 +131,13 @@ def reset_dev(options, dev): + return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"] + + +-def register_dev(options, dev, key): ++def register_dev(options, dev, key, do_preempt=True): + dev = os.path.realpath(dev) + if re.search(r"^dm", dev[5:]): +- for slave in get_mpath_slaves(dev): +- register_dev(options, slave, key) ++ devices = get_mpath_slaves(dev) ++ register_dev(options, devices[0], key) ++ for device in devices[1:]: ++ register_dev(options, device, key, False) + return True + + # Check if any registration exists for the key already. We track this in +@@ -153,7 +155,7 @@ def register_dev(options, dev, key): + # If key matches, make sure it matches with the connection that + # exists right now. To do this, we can issue a preempt with same key + # which should replace the old invalid entries from the target. +- if not preempt(options, key, dev, key): ++ if do_preempt and not preempt(options, key, dev, key): + return False + + # If there was no reservation, we need to issue another registration diff --git a/aliyuncli-2.1.10-py2.py3-none-any.whl b/aliyuncli-2.1.10-py2.py3-none-any.whl deleted file mode 100644 index 0e20a64ab59ec74d4a766ece24bc880f4a010cb9..0000000000000000000000000000000000000000 Binary files a/aliyuncli-2.1.10-py2.py3-none-any.whl and /dev/null differ diff --git a/dist b/dist index 9b273445b2b47b082a597f046a4553b584b98669..635820538d487259e6dce4499a172e3066902da5 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an9_4 +an9_5 diff --git a/download b/download index 36347074dbd216b05d4446225cde858874970865..420fb52ce9714285610454512591f6e99481a46d 100644 --- a/download +++ b/download @@ -1,3 +1,6 @@ +fc38a2168ec9785693bb47e75dc67aaa aliyun-cli-3.0.198.tar.gz +ab023f0f4f3de0aef5c7422beac9d48d aliyun-cli-go-vendor.tar.gz +9911cf982f939bccf5c4888198516c26 aliyun-openapi-meta-5cf98b660.tar.gz 832fbc4db8822fcb0099edb7158ddf81 aliyun-python-sdk-core-2.11.5.tar.gz 7c2d43fbfb0faeddec259a7f26adb8dc awscli-2.2.15.tar.gz c64f38a505b122a2ecf2b7d93c0ec4b7 cachetools-4.2.4.tar.gz @@ -5,6 +8,7 @@ c64f38a505b122a2ecf2b7d93c0ec4b7 cachetools-4.2.4.tar.gz b28e4463613ff3911d5a2dc62b96233f charset-normalizer-2.0.7.tar.gz a56b8dc55158a41ab3c89c4c8feb8824 colorama-0.3.3.tar.gz 62655d4b45872572f243d0eb7e9dd1f9 fence-agents-4.10.0.tar.gz +3bc52f1952b9a78361114147da63c35b flit_core-3.9.0.tar.gz a61b1015a213f1a9cf27252fbac579ee google-auth-2.3.0.tar.gz 5856306eac5f25db8249e37a4c6ee3e7 idna-3.3.tar.gz a66396e3080a68928ff98276d6809138 Jinja2-3.1.3.tar.gz diff --git a/fence-agents.spec b/fence-agents.spec index 21ee39a6f1570c0cfd55dd04280988cc0faa66a8..24ddb706ac3be75a4632a184ecb7b8a591cbfd02 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.2 +%define anolis_release .0.1 # Copyright 2004-2011 Red Hat, Inc. # This copyrighted material is made available to anyone wishing to use, # modify, copy, or redistribute it subject to the terms and conditions @@ -60,7 +60,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 62%{?alphatag:.%{alphatag}}%{anolis_release}%{?dist}.4 +Release: 76%{?alphatag:.%{alphatag}}%{anolis_release}%{?dist}.1 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -80,12 +80,21 @@ Source901: botocore-2.0.0dev123.zip # aliyun Source1000: aliyun-python-sdk-core-2.11.5.tar.gz Source1001: aliyun_python_sdk_ecs-4.24.7-py2.py3-none-any.whl -Source1002: aliyuncli-2.1.10-py2.py3-none-any.whl -Source1003: cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl -Source1004: colorama-0.3.3.tar.gz -Source1005: jmespath-0.7.1-py2.py3-none-any.whl -Source1006: pycryptodome-3.20.0.tar.gz -Source1007: pycparser-2.20-py2.py3-none-any.whl +Source1002: cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl +Source1003: colorama-0.3.3.tar.gz +Source1004: jmespath-0.7.1-py2.py3-none-any.whl +Source1005: pycryptodome-3.20.0.tar.gz +Source1006: pycparser-2.20-py2.py3-none-any.whl +# aliyun-cli +Source2000: aliyun-cli-3.0.198.tar.gz +## TAG=$(git log --pretty="format:%h" -n 1) +## distdir="aliyun-openapi-meta-${TAG}" +## TARFILE="${distdir}.tar.gz" +## rm -rf $TARFILE $distdir +## git archive --prefix=$distdir/ HEAD | gzip > $TARFILE +Source2001: aliyun-openapi-meta-5cf98b660.tar.gz +## go mod vendor +Source2002: aliyun-cli-go-vendor.tar.gz # awscli Source1008: awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl Source1009: colorama-0.4.3-py2.py3-none-any.whl @@ -185,18 +194,19 @@ Source1092: packaging-21.2-py3-none-any.whl Source1093: poetry-core-1.0.7.tar.gz Source1094: pyparsing-3.0.1.tar.gz Source1095: tomli-1.0.1.tar.gz -Source1096: wheel-0.37.0-py2.py3-none-any.whl -Source2000: pycryptodome-3.10.1.tar.gz -Source2001: cryptography-3.3.2-cp36-abi3-manylinux1_x86_64.whl -Source2002: awscrt-0.11.13-cp36-cp36m-manylinux1_x86_64.whl -Source2003: cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl -Source2004: urllib3-1.24.3-py2.py3-none-any.whl -Source2005: importlib_metadata-4.8.1-py3-none-any.whl -Source2006: protobuf-3.17.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl -Source2007: zipp-3.5.0-py3-none-any.whl -Source2008: typing_extensions-3.10.0.2-py3-none-any.whl -Source2009: importlib_resources-5.2.2-py3-none-any.whl -Source2010: MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl +Source1096: flit_core-3.9.0.tar.gz +Source1097: wheel-0.37.0-py2.py3-none-any.whl +Source3000: pycryptodome-3.10.1.tar.gz +Source3001: cryptography-3.3.2-cp36-abi3-manylinux1_x86_64.whl +Source3002: awscrt-0.11.13-cp36-cp36m-manylinux1_x86_64.whl +Source3003: cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl +Source3004: urllib3-1.24.3-py2.py3-none-any.whl +Source3005: importlib_metadata-4.8.1-py3-none-any.whl +Source3006: protobuf-3.17.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl +Source3007: zipp-3.5.0-py3-none-any.whl +Source3008: typing_extensions-3.10.0.2-py3-none-any.whl +Source3009: importlib_resources-5.2.2-py3-none-any.whl +Source3010: MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl ### END Patch0: ha-cloud-support-aliyun.patch @@ -252,15 +262,20 @@ Patch49: RHEL-14344-fence_zvmip-1-document-user-permissions.patch Patch50: RHEL-14030-1-all-agents-metadata-update-IO-Power-Network.patch Patch51: RHEL-14030-2-fence_cisco_mds-undo-metadata-change.patch Patch52: RHEL-14344-fence_zvmip-2-fix-manpage-formatting.patch -Patch53: RHEL-35273-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch +Patch53: RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch +Patch54: RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch +Patch55: RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch +Patch56: RHEL-43235-fence_aws-1-list-add-instance-name-status.patch +Patch57: RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch +Patch58: RHEL-59882-fence_scsi-only-preempt-once-for-mpath-devices.patch ### HA support libs/utils ### # all archs Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch -Patch1001: RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch +Patch1001: RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch # cloud (x86_64 only) Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch -Patch2001: RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch +Patch2001: RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch # https://github.com/pypa/setuptools/pull/4332 Patch2002: setuptools-fix-CVE-2024-6345.patch @@ -334,9 +349,12 @@ BuildRequires: gcc BuildRequires: libxslt ## Python dependencies %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 || 0%{?suse_version} -BuildRequires: python3-devel python3-pip -# wheel for HA support subpackages -BuildRequires: python3-wheel +BuildRequires: python3-devel +# dependencies for building HA support subpackages +BuildRequires: python3-pip python3-wheel +%ifarch x86_64 +BuildRequires: golang git +%endif BuildRequires: python3-pycurl python3-requests BuildRequires: python3-markupsafe %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 @@ -428,7 +446,12 @@ BuildRequires: %{systemd_units} %patch -p1 -P 50 %patch -p1 -P 51 %patch -p1 -P 52 -%patch -p1 -P 53 -F2 +%patch -p1 -P 53 +%patch -p1 -P 54 -F2 +%patch -p1 -P 55 +%patch -p1 -P 56 +%patch -p1 -P 57 +%patch -p1 -P 58 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -444,6 +467,24 @@ popd export PYTHON="%{__python3}" %endif +# aliyun-cli +%ifarch x86_64 +tar zxf %SOURCE2000 +pushd aliyun-cli-* +git init +rmdir aliyun-openapi-meta +tar zxf %SOURCE2001 +tar zxf %SOURCE2002 +mv aliyun-openapi-meta-* aliyun-openapi-meta +%define aliyun_cli_version 3.0.198 +# based on https://github.com/containers/podman/blob/main/rpm/podman.spec +%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags' -X github.com/aliyun/aliyun-cli/cli.Version=%{aliyun_cli_version}" -a -v -x -mod=vendor %{?**}; +%gobuild -o out/aliyun main/main.go +mkdir -p ../support/aliyun/aliyun-cli +install -m 0755 out/aliyun ../support/aliyun/aliyun-cli/ +popd +%endif + # support libs %ifarch x86_64 LIBS="%{_sourcedir}/requirements-*.txt" @@ -458,9 +499,9 @@ for x in $LIBS; do done # fix incorrect #! detected by CI -# %ifarch x86_64 -# sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/aliyun/bin/jp support/awscli/bin/jp -# %endif +#%ifarch x86_64 +#sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/awscli/bin/jp +#%endif # %ifarch x86_64 # sed -i -e "/^import awscli.clidriver/isys.path.insert(0, '/usr/lib/%{name}/support/awscli')" support/awscli/bin/aws @@ -473,11 +514,11 @@ rm -rf kubevirt/rsa* # regular patch doesnt work in build-section pushd support -/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000} +/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1000} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1001} %ifarch x86_64 -/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000} +/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2000} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2001} %endif popd @@ -558,7 +599,7 @@ network, storage, or similar. They operate through a unified interface (calling conventions) devised for the original Red Hat clustering solution. %package common -License: GPLv2+ and LGPLv2+ +License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-3.0-or-later AND ISC Summary: Common base for Fence Agents %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 || 0%{?suse_version} Requires: python3-pycurl @@ -602,17 +643,18 @@ This package contains support files including the Python fencing library. %ifarch x86_64 %package -n ha-cloud-support -License: GPLv2+ and LGPLv2+ +License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND Apache-2.0 AND MIT AND BSD-2-Clause AND BSD-3-Clause AND MPL-2.0 AND Apache-2.0 AND PSF-2.0 AND Unlicense AND ISC Summary: Support libraries for HA Cloud agents # aliyun Provides: bundled(python-aliyun-python-sdk-core) = 2.11.5 Provides: bundled(python-aliyun-python-sdk-ecs) = 4.24.7 -Provides: bundled(aliyuncli) = 2.1.10 Provides: bundled(python-cffi) = 1.14.5 Provides: bundled(python-colorama) = 0.3.3 Provides: bundled(python-jmespath) = 0.7.1 Provides: bundled(python-pycryptodome) = 3.20.0 Provides: bundled(python-pycparser) = 2.20 +Provides: bundled(aliyun-cli) = 3.0.198 +Provides: bundled(aliyun-openapi-meta) = 5cf98b660 # awscli Provides: bundled(awscli) = 2.2.15 Provides: bundled(python-awscrt) = 0.11.13 @@ -671,7 +713,7 @@ Provides: bundled(python-pyroute2-nftables) = 0.6.13 Provides: bundled(python-pyroute2-nslink) = 0.6.13 Provides: bundled(python-pytz) = 2021.1 Provides: bundled(python-rsa) = 4.7.2 -Provides: bundled(python-setuptools) = 57.0.0 +Provides: bundled(python3-setuptools) = 57.0.0 Provides: bundled(python-uritemplate) = 3.0.1 %description -n ha-cloud-support Support libraries for Fence Agents. @@ -1208,7 +1250,7 @@ Provides: bundled(python3-%{idna}) = %{idna_version} Provides: bundled(python3-%{reqstsoauthlib}) = %{reqstsoauthlib_version} Provides: bundled(python3-%{oauthlib}) = %{oauthlib_version} Provides: bundled(python3-%{ruamelyaml}) = %{ruamelyaml_version} -Provides: bundled(python3-%{setuptools}) = %{setuptools_version} +Provides: bundled(python3-setuptools) = %{setuptools_version} %description kubevirt Fence agent for KubeVirt platform. %files kubevirt @@ -1514,30 +1556,58 @@ are located on corosync cluster nodes. %endif %changelog -* Fri Sep 20 2024 Bo Ren - 4.10.0-62.0.2.4 -- fix CVE-2024-6345 - -* Wed Sep 11 2024 Chang Gao - 4.10.0-62.0.1.4 +* Wed Dec 04 2024 Chang Gao - 4.10.0-76.0.1.1 - Replace some packages with build env - Update CVE-2007-4559 patches - Change Jinja2 require python version +- fix CVE-2024-6345 (gc-taifu@linux.alibaba.com) + +* Wed Sep 25 2024 Oyvind Albrigtsen - 4.10.0-76.1 +- fence_scsi: preempt clears all devices on the mpath device, so only + run it for the first device + Resolves: RHEL-59882 + +* Tue Jul 23 2024 Oyvind Albrigtsen - 4.10.0-76 +- bundled setuptools: fix CVE-2024-6345 + + Resolves: RHEL-49658 -* Mon Jun 24 2024 Oyvind Albrigtsen - 4.10.0-62.4 +* Fri Jun 21 2024 Oyvind Albrigtsen - 4.10.0-75 - bundled urllib3: fix CVE-2024-37891 - Resolves: RHEL-43956 + Resolves: RHEL-43562 -* Thu May 16 2024 Oyvind Albrigtsen - 4.10.0-62.3 +* Wed Jun 19 2024 Oyvind Albrigtsen - 4.10.0-74 +- fence_aws: add instance name and status to list/list-status actions + Resolves: RHEL-43235 + +* Thu May 23 2024 Oyvind Albrigtsen - 4.10.0-73 +- fence_vmware_rest: detect if the API user has sufficient rights to + manage the fence device + Resolves: RHEL-25256 + +* Wed May 15 2024 Oyvind Albrigtsen - 4.10.0-72 - bundled jinja2: fix CVE-2024-34064 - Resolves: RHEL-36482 + Resolves: RHEL-35649 -* Fri May 3 2024 Oyvind Albrigtsen - 4.10.0-62.2 +* Fri May 3 2024 Oyvind Albrigtsen - 4.10.0-71 - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer - Resolves: RHEL-35273 + Resolves: RHEL-35263 -* Thu Mar 21 2024 Oyvind Albrigtsen - 4.10.0-62.1 +* Thu Apr 4 2024 Oyvind Albrigtsen - 4.10.0-70 +- fence_aliyun: add credentials file support, filter parameter, and + optimize log output + Resolves: RHEL-31488, RHEL-31485, RHEL-31483 + +* Thu Mar 21 2024 Oyvind Albrigtsen - 4.10.0-69 - ha-cloud-support: upgrade bundled pyroute2 libs to fix issue in gcp-vpc-move-route's stop-action - Resolves: RHEL-29668 + Resolves: RHEL-29649 + +* Thu Mar 14 2024 Oyvind Albrigtsen - 4.10.0-66 +- Add missing licenses to spec-file + Resolves: RHEL-27929 +- ha-cloud-support: fix aliyun-cli + Resolves: RHEL-28097 * Thu Jan 18 2024 Oyvind Albrigtsen - 4.10.0-62 - bundled urllib3: fix CVE-2023-45803 diff --git a/requirements-aliyun.txt b/requirements-aliyun.txt index 3cf97acc635441a82938985ee28281aa88d45cf4..2ccf5b477aef7a3a1ff415ddfc950e2c10c8c344 100644 --- a/requirements-aliyun.txt +++ b/requirements-aliyun.txt @@ -1,3 +1 @@ aliyun-python-sdk-ecs -# for resource-agents-cloud -aliyuncli>=2.1.5