Unable to update python2-urllib3 to 1.24.3 or newer to address CVEs because python2-requests 2.19.1-4 prints out warning: # ansible localhost -m ping /usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.3) or chardet (3.0.4) doesn't match a supported version! RequestsDependencyWarning)
Created attachment 1767867 [details] Patch for python2-requests to support 1.24 Here is a patch that needs to be included in the python-requests.spec file for 3.11. Then in the spec file you need to add the following: # Work with python-urllib3 # https://bugzilla.redhat.com/show_bug.cgi?id=1944916 Patch5: bug1944916-update-urllib3-minor.patch
cc @tvignaud Thierry not sure if you have any thoughts on this since you were the last person to build it for RHOS. @lmeyer another option is to create a 3.11 buildroot for this package so that we can build them in 3.11 and carry it there.
adding a rhaos-3.11-rhel-7 branch in distgit should work, unless it has all sorts of BuildRequires not already in our buildroot (in which case i suppose we could add them)
bash-4.2# rpm -qa | grep urllib3 python2-urllib3-1.24.3-2.el7.noarch bash-4.2# rpm -qa | grep python2-requests python2-requests-oauthlib-0.8.0-5.el7.noarch python2-requests-2.19.1-5.el7.noarch bash-4.2# ansible -m k8s_info -a 'kind=namespaces' localhost localhost | FAILED! => { "msg": "The module k8s_info was not found in configured module paths. Additionally, core modules are missing. If this is a checkout, run 'git pull --rebase' to correct this problem." } Using the build of python2-requests in this bug will fix the warning that was exhibited.
Built python2-requests 2.19.1-5 https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=37503580
Verify this bug with python2-requests-2.19.1-5.el7.noarch, which was attached in advisory https://errata.devel.redhat.com/advisory/77771. Per https://bugzilla.redhat.com/show_bug.cgi?id=1944916#c8, # rpm -qa | grep urllib3 python2-urllib3-1.24.3-2.el7.noarch # rpm -qa | grep python2-requests python2-requests-2.19.1-5.el7.noarch # ansible localhost -m ping localhost | SUCCESS => { "changed": false, "ping": "pong" }
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 3.11.462 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2517