Bug 2016386
| Summary: | The RPM requires of the current awscli package prevent a security update of python3-rsa. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Christian Krause <chkr> |
| Component: | awscli | Assignee: | David Duncan <davdunc> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 33 | CC: | bperkins, davdunc, gwync, me |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | awscli-1.21.4-1.fc36 awscli-1.19.100-2.fc34 awscli-1.21.7-2.fc35 awscli-1.18.223-2.fc33 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-11-11 00:54:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Christian Krause
2021-10-21 12:55:36 UTC
working on a replacement RPM package here, but will review this and make sure it is cleared. working on a replacement RPM package here, but will review this and make sure it is cleared. Thanks for letting me know, I was going to get to this today and I'm glad I won't step on your toes. @gwync just an fyi, you do such excellent work, I will always defer. I worked with the upstream devel team yesterday and they are looking at working the python-rsa out of the dependencies in favor of python-cryptography. I am also working on completing the new awscli-2 and that removes the dependency altogether. @davdunc You're too kind. :) I'll update the sed statement to allow up to rsa 4.8 in the .4 release, coming momentarily. FEDORA-2021-032f3ed942 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. @gwync , unfortunately, the issue is still present in F33 (security update of python3-rsa is blocked by awscli) and I haven't seen any commits or builds for F33/F34. Please could you update awscli for F33 (and probably F34) as well? If needed, I can certainly help out here and apply the same patch to the F33 and F34 branch in order to relax the BRs. Please let me know if I can/should do this. Apologies, getting those out now. FEDORA-2021-f916f64e5e has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-f916f64e5e FEDORA-2021-bbe47cbab6 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-bbe47cbab6 FEDORA-2021-89619b6feb has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-89619b6feb FEDORA-2021-f916f64e5e has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-f916f64e5e` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f916f64e5e See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-89619b6feb has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-89619b6feb` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-89619b6feb See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-bbe47cbab6 has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-bbe47cbab6` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-bbe47cbab6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. This message is a reminder that Fedora 33 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 33 on 2021-11-30. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '33'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 33 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. This message is a reminder that Fedora 33 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 33 on 2021-11-30. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '33'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 33 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. This message is a reminder that Fedora 33 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 33 on 2021-11-30. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '33'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 33 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. looking at the dependency declaration: https://github.com/aws/aws-cli/blob/develop/setup.cfg#L11 it’s ceiling is 4.8 and the latest release appears to be 4.7.2 FEDORA-2021-89619b6feb has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-f916f64e5e has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-bbe47cbab6 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. |