!76 [sync] PR-75: update pycryptodome tar for CVE-2023-52323

From: @openeuler-sync-bot 
Reviewed-by: @xiangbudaomz 
Signed-off-by: @xiangbudaomz

bz1650214-fence_azure_arm-bundled.patch

@@ -1,12 +0,0 @@
-diff -uNr a/agents/azure_arm/fence_azure_arm.py b/agents/azure_arm/fence_azure_arm.py
---- a/agents/azure_arm/fence_azure_arm.py	2018-06-28 14:24:54.000000000 +0200
-+++ b/agents/azure_arm/fence_azure_arm.py	2019-01-15 10:24:16.030092206 +0100
-@@ -7,6 +7,8 @@
- sys.path.append("@FENCEAGENTSLIBDIR@")
- from fencing import *
- from fencing import fail_usage, run_command, run_delay
-+
-+sys.path.insert(0, '/usr/lib/fence-agents/bundled/azure')
- import azure_fence
- 
- def get_nodes_list(clients, options):

bz1700546-fence_azure_arm-skip_shutdown.patch

@@ -1,48 +0,0 @@
-From 1b3e548fcc0bd427dade178fa260567047ff3a0e Mon Sep 17 00:00:00 2001
-From: Oyvind Albrigtsen <oalbrigt@redhat.com>
-Date: Mon, 6 May 2019 13:24:18 +0200
-Subject: [PATCH] fence_azure_arm: use skip_shutdown feature when available
-
-The "skip_shutdown" parameter is ignored in older Azure SDK, so there's
-no need for a fallback option.
----
- agents/azure_arm/fence_azure_arm.py     | 6 +++---
- tests/data/metadata/fence_azure_arm.xml | 2 +-
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/agents/azure_arm/fence_azure_arm.py b/agents/azure_arm/fence_azure_arm.py
-index 58b9eeb13..be0d40345 100755
---- a/agents/azure_arm/fence_azure_arm.py
-+++ b/agents/azure_arm/fence_azure_arm.py
-@@ -114,8 +114,8 @@ def set_power_status(clients, options):
-                 azure_fence.set_network_state(compute_client, network_client, rgName, vmName, "unblock")
- 
-         if (options["--action"]=="off"):
--            logging.info("Deallocating " + vmName + " in resource group " + rgName)
--            compute_client.virtual_machines.deallocate(rgName, vmName)
-+            logging.info("Poweroff " + vmName + " in resource group " + rgName)
-+            compute_client.virtual_machines.power_off(rgName, vmName, skip_shutdown=True)
-         elif (options["--action"]=="on"):
-             logging.info("Starting " + vmName + " in resource group " + rgName)
-             compute_client.virtual_machines.start(rgName, vmName)
-@@ -199,7 +199,7 @@ def main():
- 
-     docs = {}
-     docs["shortdesc"] = "Fence agent for Azure Resource Manager"
--    docs["longdesc"] = "Used to deallocate virtual machines and to report power state of virtual machines running in Azure. It uses Azure SDK for Python to connect to Azure.\
-+    docs["longdesc"] = "fence_azure_arm is an I/O Fencing agent for Azure Resource Manager. It uses Azure SDK for Python to connect to Azure.\
- \n.P\n\
- For instructions to setup credentials see: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal\
- \n.P\n\
-diff --git a/tests/data/metadata/fence_azure_arm.xml b/tests/data/metadata/fence_azure_arm.xml
-index 1c0b6cc6b..97ecfdba4 100644
---- a/tests/data/metadata/fence_azure_arm.xml
-+++ b/tests/data/metadata/fence_azure_arm.xml
-@@ -1,6 +1,6 @@
- <?xml version="1.0" ?>
- <resource-agent name="fence_azure_arm" shortdesc="Fence agent for Azure Resource Manager" >
--<longdesc>Used to deallocate virtual machines and to report power state of virtual machines running in Azure. It uses Azure SDK for Python to connect to Azure.
-+<longdesc>fence_azure_arm is an I/O Fencing agent for Azure Resource Manager. It uses Azure SDK for Python to connect to Azure.
- 
- For instructions to setup credentials see: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal
- 

bz1751704-fence_mpath-fix-watchdog-trigger-multipath-disconnect.patch

@@ -0,0 +1,30 @@
+diff --git a/agents/mpath/fence_mpath.py b/agents/mpath/fence_mpath.py
+index e4f59836..b17388eb 100644
+--- a/agents/mpath/fence_mpath.py
++++ b/agents/mpath/fence_mpath.py
+@@ -117,12 +117,14 @@ def get_reservation_key(options, dev):
+ 	match = re.search(r"\s+key\s*=\s*0x(\S+)\s+", out["out"], re.IGNORECASE)
+ 	return match.group(1) if match else None
+ 
+-def get_registration_keys(options, dev):
++def get_registration_keys(options, dev, fail=True):
+ 	keys = []
+ 	cmd = options["--mpathpersist-path"] + " -i -k -d " + dev
+ 	out = run_cmd(options, cmd)
+ 	if out["err"]:
+-		fail_usage("Cannot get registration keys")
++		fail_usage("Cannot get registration keys", fail)
++		if not fail:
++			return []
+ 	for line in out["out"].split("\n"):
+ 		match = re.search(r"\s+0x(\S+)\s*", line)
+ 		if match:
+@@ -183,7 +185,7 @@ def mpath_check(hardreboot=False):
+ 		logging.error("No devices found")
+ 		return 0
+ 	for dev, key in list(devs.items()):
+-		if key in get_registration_keys(options, dev):
++		if key in get_registration_keys(options, dev, fail=False):
+ 			logging.debug("key " + key + " registered with device " + dev)
+ 			return 0
+ 		else:

bz1781357-fence_aws-improve-logging-and-metadata-usage-text.patch

@@ -0,0 +1,120 @@
+diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py
+index 647b66fc..74321e8e 100644
+--- a/agents/aws/fence_aws.py
++++ b/agents/aws/fence_aws.py
+@@ -5,7 +5,7 @@
+ import atexit
+ sys.path.append("@FENCEAGENTSLIBDIR@")
+ from fencing import *
+-from fencing import fail, fail_usage, EC_TIMED_OUT, run_delay
++from fencing import fail, fail_usage, run_delay, EC_STATUS
+ 
+ import boto3
+ from botocore.exceptions import ClientError, EndpointConnectionError, NoRegionError
+@@ -19,6 +19,8 @@ def get_nodes_list(conn, options):
+ 		fail_usage("Failed: Incorrect Access Key or Secret Key.")
+ 	except EndpointConnectionError:
+ 		fail_usage("Failed: Incorrect Region.")
++	except Exception as e:
++		logging.error("Failed to get node list: %s", e)
+ 
+ 	return result
+ 
+@@ -38,20 +40,26 @@ def get_power_status(conn, options):
+ 	except EndpointConnectionError:
+ 		fail_usage("Failed: Incorrect Region.")
+ 	except IndexError:
+-		return "fail"
++		fail(EC_STATUS)
++	except Exception as e:
++		logging.error("Failed to get power status: %s", e)
++		fail(EC_STATUS)
+ 
+ def set_power_status(conn, options):
+-	if (options["--action"]=="off"):
+-		conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True)
+-	elif (options["--action"]=="on"):
+-		conn.instances.filter(InstanceIds=[options["--plug"]]).start()
+-
++	try:
++		if (options["--action"]=="off"):
++			conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True)
++		elif (options["--action"]=="on"):
++			conn.instances.filter(InstanceIds=[options["--plug"]]).start()
++	except Exception as e:
++		logging.error("Failed to power %s %s: %s", \
++				options["--action"], options["--plug"], e)
+ 
+ def define_new_opts():
+ 	all_opt["region"] = {
+ 		"getopt" : "r:",
+ 		"longopt" : "region",
+-		"help" : "-r, --region=[name]            Region, e.g. us-east-1",
++		"help" : "-r, --region=[region]           Region, e.g. us-east-1",
+ 		"shortdesc" : "Region.",
+ 		"required" : "0",
+ 		"order" : 2
+@@ -59,7 +67,7 @@ def define_new_opts():
+ 	all_opt["access_key"] = {
+ 		"getopt" : "a:",
+ 		"longopt" : "access-key",
+-		"help" : "-a, --access-key=[name]         Access Key",
++		"help" : "-a, --access-key=[key]         Access Key",
+ 		"shortdesc" : "Access Key.",
+ 		"required" : "0",
+ 		"order" : 3
+@@ -67,7 +75,7 @@ def define_new_opts():
+ 	all_opt["secret_key"] = {
+ 		"getopt" : "s:",
+ 		"longopt" : "secret-key",
+-		"help" : "-s, --secret-key=[name]         Secret Key",
++		"help" : "-s, --secret-key=[key]         Secret Key",
+ 		"shortdesc" : "Secret Key.",
+ 		"required" : "0",
+ 		"order" : 4
+@@ -107,16 +115,16 @@ def main():
+ 			conn = boto3.resource('ec2', region_name=region,
+ 					      aws_access_key_id=access_key,
+ 					      aws_secret_access_key=secret_key)
+-		except:
+-			fail_usage("Failed: Unable to connect to AWS. Check your configuration.")
++		except Exception as e:
++			fail_usage("Failed: Unable to connect to AWS: " + str(e))
+ 	else:
+ 		# If setup with "aws configure" or manually in
+ 		# ~/.aws/credentials
+ 		try:
+ 			conn = boto3.resource('ec2')
+-		except:
++		except Exception as e:
+ 			# If any of region/access/secret are missing
+-			fail_usage("Failed: Unable to connect to AWS. Check your configuration.")
++			fail_usage("Failed: Unable to connect to AWS: " + str(e))
+ 
+ 	# Operate the fencing device
+ 	result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list)
+diff --git a/tests/data/metadata/fence_aws.xml b/tests/data/metadata/fence_aws.xml
+index 4dea4418..5e5d5d99 100644
+--- a/tests/data/metadata/fence_aws.xml
++++ b/tests/data/metadata/fence_aws.xml
+@@ -22,17 +22,17 @@ For instructions see: https://boto3.readthedocs.io/en/latest/guide/quickstart.ht
+ 		<shortdesc lang="en">Physical plug number on device, UUID or identification of machine</shortdesc>
+ 	</parameter>
+ 	<parameter name="region" unique="0" required="0">
+-		<getopt mixed="-r, --region=[name]" />
++		<getopt mixed="-r, --region=[region]" />
+ 		<content type="string"  />
+ 		<shortdesc lang="en">Region.</shortdesc>
+ 	</parameter>
+ 	<parameter name="access_key" unique="0" required="0">
+-		<getopt mixed="-a, --access-key=[name]" />
++		<getopt mixed="-a, --access-key=[key]" />
+ 		<content type="string"  />
+ 		<shortdesc lang="en">Access Key.</shortdesc>
+ 	</parameter>
+ 	<parameter name="secret_key" unique="0" required="0">
+-		<getopt mixed="-s, --secret-key=[name]" />
++		<getopt mixed="-s, --secret-key=[key]" />
+ 		<content type="string"  />
+ 		<shortdesc lang="en">Secret Key.</shortdesc>
+ 	</parameter>

fence-agents.spec

@@ -11,7 +11,7 @@
 # alibaba
 # python-pycryptodome bundle
 %global pycryptodome		pycryptodome
-%global pycryptodome_version	3.6.4
+%global pycryptodome_version	3.19.1
 %global pycryptodome_dir	%{bundled_lib_dir}/aliyun/%{pycryptodome}
 # python-aliyun-sdk-core bundle
 %global aliyunsdkcore		aliyun-python-sdk-core
@@ -29,7 +29,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.2.1
-Release: 31
+Release: 36
 License: GPLv2+ and LGPLv2+ and ASL 2.0 and BSD and MIT and Python-2.0 and Artistic-1.0-Perl
 Group: System Environment/Base
 URL: https://github.com/ClusterLabs/fence-agents
@@ -61,7 +61,6 @@ Patch19: bz1654976-1-fence_scsi-watchdog-retry-support.patch
 Patch20: bz1654976-2-build-fix-check_used_options.patch
 Patch21: bz1654616-fence_hpblade-fix-log_expect_syntax.patch
 Patch22: bz1654973-fence_vmware_soap-cleanup-sigterm.patch
-Patch23: bz1650214-fence_azure_arm-bundled.patch
 Patch24: bz1666914-1-fence_redfish.patch
 Patch25: bz1666914-2-fence_redfish-fail-invalid-cert.patch
 Patch26: bz1677327-1-fence_redfish-use-ipport-parameter.patch
@@ -71,18 +70,19 @@ Patch29: bz1709926-fence_mpath-fix-watchdog-hardreboot.patch
 Patch30: bz1709780-fence_rhevm-RHEV-v4-API-support.patch
 Patch31: bz1712263-fence_rhevm-1-use-UTF8-encoding.patch
 Patch32: bz1712263-fence_rhevm-2-fix-debug-encoding-issues.patch
-Patch33: bz1700546-fence_azure_arm-skip_shutdown.patch
 Patch34: bz1704228-fence_redfish-full-redfish-spec-compliance.patch
 Patch35: bz1714458-fence_scsi-node-id-new-format.patch
 Patch36: bz1720198-fence_scsi-watchdog-fix-retry-failing-on-first-try.patch
 Patch37: bz1732773-fence_vmware_rest-fix-keyerror-suspended-vms.patch
 Patch38: bz1748443-fence_zvmip-python3-fixes.patch
 Patch39: bz1762432-fence_compute-disable-service-after-force-down.patch
+Patch40: bz1751704-fence_mpath-fix-watchdog-trigger-multipath-disconnect.patch
+Patch41: bz1781357-fence_aws-improve-logging-and-metadata-usage-text.patch
 
 %if 0%{?fedora} || 0%{?rhel} > 7
 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan mpath kdump redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
 %ifarch x86_64
-%global testagents virsh heuristics_ping aliyun aws azure_arm gce
+%global testagents virsh heuristics_ping aliyun aws gce
 %endif
 %ifarch ppc64le
 %global testagents virsh lpar heuristics_ping
@@ -145,7 +145,7 @@ BuildRequires: gnutls-utils
 ## Python dependencies
 BuildRequires: python3-devel
 BuildRequires: python3-pexpect python3-pycurl python3-requests
-BuildRequires: python3-suds openwsman-python3 python3-boto3
+BuildRequires: python3-suds2 openwsman-python3 python3-boto3
 BuildRequires: python3-google-api-client
 
 # turn off the brp-python-bytecompile script
@@ -178,7 +178,6 @@ BuildRequires: python3-google-api-client
 %patch20 -p1
 %patch21 -p1
 %patch22 -p1
-%patch23 -p1
 %patch24 -p1
 %patch25 -p1
 %patch26 -p1
@@ -188,14 +187,14 @@ BuildRequires: python3-google-api-client
 %patch30 -p1 -F2
 %patch31 -p1 -F2
 %patch32 -p1
-%patch33 -p1
 %patch34 -p1
 %patch35 -p1
 %patch36 -p1 -F1
 %patch37 -p1
 %patch38 -p1
 %patch39 -p1
-
+%patch40 -p1
+%patch41 -p1
 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
 
@@ -227,7 +226,7 @@ cp %{aliyunsdkvpc_dir}/README.rst %{aliyunsdkvpc}_README.rst
 
 %build
 ./autogen.sh
-%{configure} PYTHON="%{__python3}" --with-agents='amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan mpath kdump redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti virsh heuristics_ping aliyun aws azure_arm gce'
+%{configure} PYTHON="%{__python3}" --with-agents='amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan mpath kdump redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti virsh heuristics_ping aliyun aws gce'
 CFLAGS="$(echo '%{optflags}')" make %{_smp_mflags}
 
 %ifarch x86_64
@@ -310,8 +309,6 @@ This package contains support files including the Python fencing library.
 %files common
 %doc doc/COPYING.* doc/COPYRIGHT doc/README.licence
 %{_datadir}/fence
-%exclude %{_datadir}/fence/azure_fence.*
-%exclude %{_datadir}/fence/__pycache__/azure_fence.*
 %exclude %{_datadir}/fence/XenAPI.*
 %exclude %{_datadir}/fence/__pycache__/XenAPI.*
 %{_datadir}/cluster
@@ -462,24 +459,6 @@ Fence agent for Amazon AWS instances.
 %{_mandir}/man8/fence_aws.8*
 %endif
 
-%ifarch x86_64
-%package azure-arm
-License: GPLv2+ and LGPLv2+
-Group: System Environment/Base
-Summary: Fence agent for Azure Resource Manager
-Requires: fence-agents-common >= %{version}-%{release}
-Requires: python3-azure-sdk >= 4.0.0-9
-BuildArch: noarch
-Obsoletes: fence-agents
-%description azure-arm
-Fence agent for Azure Resource Manager instances.
-%files azure-arm
-%{_sbindir}/fence_azure_arm
-%{_datadir}/fence/azure_fence.py*
-%{_datadir}/fence/__pycache__/azure_fence.*
-%{_mandir}/man8/fence_azure_arm.8*
-%endif
-
 %package bladecenter
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Base
@@ -949,7 +928,7 @@ Fence agent for VMWare with REST API.
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Base
 Summary: Fence agent for VMWare with SOAP API v4.1+
-Requires: python3-suds python3-requests
+Requires: python3-suds2 python3-requests
 Requires: fence-agents-common >= %{version}-%{release}
 BuildArch: noarch
 %description vmware-soap
@@ -987,8 +966,23 @@ Fence agent for IBM z/VM over IP.
 %endif
 
 %changelog
+* Tue Sep 10 2024 bizhiyuan <bizhiyuan@kylinos.cn> - 4.2.1-36
+- update python-pycryptodome source for CVE-2023-52323
+
+* Wed Jan 18 2023 yangzhao_kl <yangzhao1@kylinos.cn> - 4.2.1-35
+- update require to python3-suds2
+
+* Mon Jul 25 2022 zhaochaoxiang <zhaochaoxiang@kylinos.cn> - 4.2.1-34
+- improve logging and metadata/usage text
+
+* Mon Jul 25 2022 zhaochaoxiang <zhaochaoxiang@kylinos.cn> - 4.2.1-33
+- fix watchdog trigger multipath disconnect
+
+* Fri Jan 29 2021 jiangxinyu <jiangxinyu@kylinos.cn> - 4.2.1-32
+- Remove the azure plug-in
+
 * Fri Oct 30 2020 liqiuyu <liqiuyu@kylinos.cn> - 4.2.1-31
 - Resolve agent redfish compilation fail
 
 * Thu Apr 16 2020 houjian<jian.hou@kylinos.cn> - 4.2.1-30.1
-- Init fence-agents project
+- Init fence-agents project