Bug 1872341

Summary: tag sushy package with security fix for Bug 1872322
Product: OpenShift Container Platform Reporter: Riccardo Pittau <rpittau>
Component: Cloud ComputeAssignee: Bob Fournier <bfournie>
Cloud Compute sub component: BareMetal Provider QA Contact: Polina Rabinovich <prabinov>
Status: CLOSED ERRATA Docs Contact:
Severity: urgent    
Priority: urgent CC: bfournie, kiran, prabinov, stbenjam
Version: 4.6Keywords: Triaged, UpcomingSprint
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-sushy-3.3.0-0.20200804091926.0dfe74a.el8ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 16:32:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Riccardo Pittau 2020-08-25 14:15:45 UTC 
as soon as a new sushy package that includes https://review.opendev.org/747956 is ready, we need to tag it for OCP 4.6
Comment 1 Riccardo Pittau 2020-08-26 11:44:02 UTC 
also possibly include https://review.opendev.org/747960
Comment 2 Bob Fournier 2020-08-28 14:07:31 UTC 
Downstream patch https://code.engineering.redhat.com/gerrit/#/c/210104 to pick up security fix and build here https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=31004684.

Note that when Delorean pulls in the new sushy release 3.3.1 (https://review.opendev.org/#/c/748214/) it will also get the latest fix for https://review.opendev.org/747960.
Comment 3 Bob Fournier 2020-08-28 18:55:46 UTC 
python-sushy-3.3.0-0.20200804091926.0dfe74a.el8ost has been tagged with rhaos-4.6-rhel-8-candidate, see https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1300422, this has the downstream fix for https://review.opendev.org/747956.

As noted, when when Delorean pulls in 3.3.1 we can tag it there to also include https://review.opendev.org/747960.
Comment 4 Bob Fournier 2020-09-01 11:54:16 UTC 
Confirmed that this pkg is in ironic-container-v4.6.0-202008290042.p0.
Comment 7 Polina Rabinovich 2020-09-02 07:20:06 UTC 
1. I checked on brew https://brewweb.engineering.redhat.com/brew/
2. I searched for ironic-container
https://brewweb.engineering.redhat.com/brew/packageinfo?packageID=72194
3. I opened ironic-container-v4.6.0-202008290042.p0 link with the green check:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1300877
4. I checked x86_64-build.log logs of the build and searched for python-sushy
5. I confronted the version with the one in the bug. It's the same one.

Version from the x86_64-build.log -      python3-sushy                        noarch  3.3.0-0.20200804091926.0dfe74a.el8ost       rhel-8-server-ose-rpms-x86_64            
Version from the bug - python-sushy-3.3.0-0.20200804091926.0dfe74a.el8ost
Comment 9 errata-xmlrpc 2020-10-27 16:32:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196