diff --git a/SOURCES/bz1018780-fence_vmware_soap-Unknown-exception.patch b/SOURCES/bz1018780-fence_vmware_soap-Unknown-exception.patch
new file mode 100644
index 0000000..8fa18b5
--- /dev/null
+++ b/SOURCES/bz1018780-fence_vmware_soap-Unknown-exception.patch
@@ -0,0 +1,35 @@
+From b9d7388fdb2cf895f16842ac7c5615f6dd405d68 Mon Sep 17 00:00:00 2001
+From: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Mon, 17 Feb 2014 15:23:19 +0100
+Subject: [PATCH] fence_vmware_soap: Unknown exception fixed
+
+Resolves: rhbz#1018780
+---
+ fence/agents/vmware_soap/fence_vmware_soap.py | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py
+index acfdcbb..776273e 100644
+--- a/fence/agents/vmware_soap/fence_vmware_soap.py
++++ b/fence/agents/vmware_soap/fence_vmware_soap.py
+@@ -1,7 +1,7 @@
+ #!/usr/bin/python
+
+ import sys, exceptions, time
+-import shutil, tempfile
++import shutil, tempfile, suds
+ sys.path.append("@FENCEAGENTSLIBDIR@")
+
+ from suds.client import Client
+@@ -164,7 +164,7 @@ def set_power_status(conn, options):
+ conn.service.PowerOnVM_Task(mo_machine)
+ else:
+ conn.service.PowerOffVM_Task(mo_machine)
+- except WebFault, ex:
++ except suds.WebFault, ex:
+ if ((str(ex).find("Permission to perform this operation was denied")) >= 0):
+ fail(EC_INVALID_PRIVILEGES)
+ else:
+--
+1.7.7.6
+
diff --git a/SOURCES/bz1018780-fence_vmware_soap_fix_option_parsing_from_stdin.patch b/SOURCES/bz1018780-fence_vmware_soap_fix_option_parsing_from_stdin.patch
new file mode 100644
index 0000000..ff71df1
--- /dev/null
+++ b/SOURCES/bz1018780-fence_vmware_soap_fix_option_parsing_from_stdin.patch
@@ -0,0 +1,21 @@
+commit f1ee9c18423a1c65ccab4650601bd0146f200ef3
+Author: Fabio M. Di Nitto <fdinitto@redhat.com>
+Date: Thu Feb 27 08:27:19 2014 +0100
+
+ fence_vmware_soap: fix short/long option parsing traceback
+
+ Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
+
+diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py
+index c73a1d6..bbac1c5 100644
+--- a/fence/agents/vmware_soap/fence_vmware_soap.py
++++ b/fence/agents/vmware_soap/fence_vmware_soap.py
+@@ -16,7 +16,7 @@ BUILD_DATE="April, 2011"
+ #END_VERSION_GENERATION
+
+ def soap_login(options):
+- if options["-o"] in ["off", "reboot"]:
++ if options["--action"] in ["off", "reboot"]:
+ time.sleep(int(options["--delay"]))
+
+ if options.has_key("--ssl"):
diff --git a/SOURCES/bz1018780-fence_vmware_soap_suppress_suds_message.patch b/SOURCES/bz1018780-fence_vmware_soap_suppress_suds_message.patch
new file mode 100644
index 0000000..85f1d55
--- /dev/null
+++ b/SOURCES/bz1018780-fence_vmware_soap_suppress_suds_message.patch
@@ -0,0 +1,43 @@
+commit c360d3eecf6f9976d3371090034d08d03000f0e1
+Author: Fabio M. Di Nitto <fdinitto@redhat.com>
+Date: Wed Feb 26 09:34:35 2014 +0100
+
+ vmware_soap: drop warning from python suds when error occours
+
+ prepatch:
+ fence_vmware_soap -z -l test -p wrongpasswd -a blabla -n vm1 -o reboot -v
+ No handlers could be found for logger "suds.client"
+ Failed: The user does not have the correct privileges to do the requested action.
+
+ postpatch:
+ fence_vmware_soap -z -l test -p wrongpassed -a blabla -n vm1 -o reboot -v
+ Failed: The user does not have the correct privileges to do the requested action.
+
+ Based on https://fedorahosted.org/suds/wiki/Documentation
+ logging must be configured and filter for CRITICAL since the harmless
+ error is at INFO level.
+
+ Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
+
+diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py
+index 400e81f..c73a1d6 100644
+--- a/fence/agents/vmware_soap/fence_vmware_soap.py
++++ b/fence/agents/vmware_soap/fence_vmware_soap.py
+@@ -2,6 +2,7 @@
+
+ import sys, exceptions, time
+ import shutil, tempfile, suds
++import logging
+ sys.path.append("@FENCEAGENTSLIBDIR@")
+
+ from suds.client import Client
+@@ -199,6 +200,9 @@ Alternatively you can always use UUID to access virtual machine."
+ docs["vendorurl"] = "http://www.vmware.com"
+ show_docs(options, docs)
+
++ logging.basicConfig(level=logging.INFO)
++ logging.getLogger('suds.client').setLevel(logging.CRITICAL)
++
+ ##
+ ## Operate the fencing device
+ ####
diff --git a/SOURCES/bz1021392-fencing_default_action_off.patch b/SOURCES/bz1021392-fencing_default_action_off.patch
new file mode 100644
index 0000000..986d370
--- /dev/null
+++ b/SOURCES/bz1021392-fencing_default_action_off.patch
@@ -0,0 +1,32 @@
+From 8b127ebff6a38b0c6dd9c2a1ad738e2d7637e0fa Mon Sep 17 00:00:00 2001
+From: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Wed, 22 Jan 2014 13:51:50 +0100
+Subject: [PATCH 1/3] fencing: Fabric fence agents should have default action
+ "off"
+
+Previously, when you have run fence agent without -o XYZ, reboot was performed. Fabric fence agents do not have them
+so fence agent fails. This update does not fix only this issue but also text --help and in manual pages.
+
+Resolves: rhbz#1021392
+---
+ fence/agents/lib/fencing.py.py | 4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+
+diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py
+index 9cc7407..889bb04 100644
+--- a/fence/agents/lib/fencing.py.py
++++ b/fence/agents/lib/fencing.py.py
+@@ -618,6 +618,10 @@ def check_input(device_opt, opt):
+ else:
+ all_opt["login"]["required"] = "0"
+
++ if device_opt.count("fabric_fencing"):
++ all_opt["action"]["default"] = "off"
++ all_opt["action"]["help"] = "-o, --action=[action] Action: status, off (default) or on"
++
+ ## Set default values
+ #####
+ for opt in device_opt:
+--
+1.7.7.6
+
diff --git a/SOURCES/bz1022529-ensure_validity_of_xml_metadata-3.patch b/SOURCES/bz1022529-ensure_validity_of_xml_metadata-3.patch
new file mode 100644
index 0000000..1ebc2cd
--- /dev/null
+++ b/SOURCES/bz1022529-ensure_validity_of_xml_metadata-3.patch
@@ -0,0 +1,25 @@
+From 849d0dba262c2111446fb5a03040b22146c35726 Mon Sep 17 00:00:00 2001
+From: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Thu, 23 Jan 2014 18:29:35 +0100
+Subject: [PATCH] fence_kdump: Add vendor-url to metadata
+
+Resolves: rhbz#1022529
+---
+ fence/agents/kdump/fence_kdump.c | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/fence/agents/kdump/fence_kdump.c b/fence/agents/kdump/fence_kdump.c
+index fa1f6a4..cae9842 100644
+--- a/fence/agents/kdump/fence_kdump.c
++++ b/fence/agents/kdump/fence_kdump.c
+@@ -178,6 +178,7 @@ do_action_metadata (const char *self)
+ fprintf (stdout, "<longdesc>");
+ fprintf (stdout, "The fence_kdump agent is intended to be used with with kdump service.");
+ fprintf (stdout, "</longdesc>\n");
++ fprintf (stdout, "<vendor-url>http://www.kernel.org/pub/linux/utils/kernel/kexec/</vendor-url>\n");
+
+ fprintf (stdout, "<parameters>\n");
+
+--
+1.7.7.6
+
diff --git a/SOURCES/bz1022536-2-fence_wti-named_groups.patch b/SOURCES/bz1022536-2-fence_wti-named_groups.patch
new file mode 100644
index 0000000..3ba7c85
--- /dev/null
+++ b/SOURCES/bz1022536-2-fence_wti-named_groups.patch
@@ -0,0 +1,34 @@
+From 53fe387f00278e769e00ec10b28e2cb6ff52c8b1 Mon Sep 17 00:00:00 2001
+From: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Wed, 29 Jan 2014 15:29:21 +0100
+Subject: [PATCH] fence_wti: Add support for firmware v1.40 (on MPC device)
+
+Previously, named groups were tested only on firmware v1.43 (on NPS device).
+---
+ fence/agents/wti/fence_wti.py | 7 ++++---
+ 1 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/fence/agents/wti/fence_wti.py b/fence/agents/wti/fence_wti.py
+index 34967e1..c9c5237 100644
+--- a/fence/agents/wti/fence_wti.py
++++ b/fence/agents/wti/fence_wti.py
+@@ -96,12 +96,13 @@ def get_plug_group_status(conn, options):
+ if (line.find("|") >= 0 and line.lstrip().startswith("GROUP NAME") == False):
+ plug_line = [x.strip().lower() for x in line.split("|")]
+ if ["list", "monitor"].count(options["--action"]) == 0 and options["--plug"].lower() == plug_line[name_index]:
+- line_index += 1
+ plug_status = []
+ while line_index < len(lines) and line_index >= 0:
+ plug_line = [x.strip().lower() for x in lines[line_index].split("|")]
+- if len(plug_line[plug_index]) > 0 and len(plug_line[name_index]) == 0:
+- plug_status.append(plug_line[status_index])
++ if len(plug_line) >= max(name_index, status_index) and len(plug_line[plug_index]) > 0 and (len(plug_line[name_index]) == 0 or options["--plug"].lower() == plug_line[name_index]):
++ ## Firmware 1.43 does not have a valid value of plug on first line as only name is defined on that line
++ if not "---" in plug_line[status_index]:
++ plug_status.append(plug_line[status_index])
+ line_index += 1
+ else:
+ line_index = -1
+--
+1.7.7.6
+
diff --git a/SOURCES/bz1048843-fencing-do_not_use_public_keys.patch b/SOURCES/bz1048843-fencing-do_not_use_public_keys.patch
new file mode 100644
index 0000000..6d0f23c
--- /dev/null
+++ b/SOURCES/bz1048843-fencing-do_not_use_public_keys.patch
@@ -0,0 +1,22 @@
+commit cfd1f7490d7958ee25ad5937c9f2072adaa9862e
+Author: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Mon Jan 6 13:25:43 2014 +0100
+
+ fencing: Do not use public keys when identity-file is not defined
+
+ Previously, fence agent (ssh) tried to use keys before it asks for password. This lead to a situation
+ when fence agent did not work correctly as it was waiting for 'Password' which did not occur.
+
+diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py
+index a570203..c8b9bda 100644
+--- a/fence/agents/lib/fencing.py.py
++++ b/fence/agents/lib/fencing.py.py
+@@ -979,7 +979,7 @@ def fence_login(options, re_login_string = "(login\s*: )|(Login Name: )|(userna
+ syslog.syslog(syslog.LOG_ERR, str(ex))
+ sys.exit(EC_GENERIC_ERROR)
+ elif options.has_key("--ssh") and 0 == options.has_key("--identity-file"):
+- command = '%s %s %s@%s -p %s' % (SSH_PATH, force_ipvx, options["--username"], options["--ip"], options["--ipport"])
++ command = '%s %s %s@%s -p %s -o PubkeyAuthentication=no' % (SSH_PATH, force_ipvx, options["--username"], options["--ip"], options["--ipport"])
+ if options.has_key("--ssh-options"):
+ command += ' ' + options["--ssh-options"]
+ try:
diff --git a/SOURCES/bz1057299-fence_vmware_soap-add_delay.patch b/SOURCES/bz1057299-fence_vmware_soap-add_delay.patch
new file mode 100644
index 0000000..f55e935
--- /dev/null
+++ b/SOURCES/bz1057299-fence_vmware_soap-add_delay.patch
@@ -0,0 +1,30 @@
+commit 530e97f05e43bdd5bef9d24c75d4cc3057a491e8
+Author: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Fri Jan 10 15:54:49 2014 +0100
+
+ fence_vmware_soap: --delay is not respected
+
+ Because fence agent do not use standard login process, support for the --delay has to be added.
+
+diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py
+index 98ac011..acfdcbb 100644
+--- a/fence/agents/vmware_soap/fence_vmware_soap.py
++++ b/fence/agents/vmware_soap/fence_vmware_soap.py
+@@ -1,6 +1,6 @@
+ #!/usr/bin/python
+
+-import sys, exceptions
++import sys, exceptions, time
+ import shutil, tempfile
+ sys.path.append("@FENCEAGENTSLIBDIR@")
+
+@@ -15,6 +15,9 @@ BUILD_DATE="April, 2011"
+ #END_VERSION_GENERATION
+
+ def soap_login(options):
++ if options["-o"] in ["off", "reboot"]:
++ time.sleep(int(options["--delay"]))
++
+ if options.has_key("--ssl"):
+ url = "https://"
+ else:
diff --git a/SOURCES/bz1072564-2-feature_ssl-secure.patch b/SOURCES/bz1072564-2-feature_ssl-secure.patch
new file mode 100644
index 0000000..66eba0c
--- /dev/null
+++ b/SOURCES/bz1072564-2-feature_ssl-secure.patch
@@ -0,0 +1,104 @@
+From c40a11439c738b67471da01ebfbc3d3d66db6311 Mon Sep 17 00:00:00 2001
+From: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Fri, 7 Mar 2014 15:13:44 +0100
+Subject: [PATCH] fence_vmware_soap: Add new options --ssl-secure and
+ --ssl-insecure
+
+These new options extends current --ssl (same as --ssl-secure). Until now certificate of the fence device
+was not validated what can possibly lead to attack on infrastructe. With this patch, user can decide
+if certificate should (--ssl-secure) or should not (--ssl-insecure) be verified.
+
+python-suds do not validates SSL certificates at all. It is required to change underlying library to
+one that can support that what results in new dependency on python-requests.
+---
+ fence/agents/vmware_soap/fence_vmware_soap.py | 35 +++++++++++++++++++++---
+ 1 files changed, 30 insertions(+), 5 deletions(-)
+
+diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py
+index bbac1c5..a578662 100644
+--- a/fence/agents/vmware_soap/fence_vmware_soap.py
++++ b/fence/agents/vmware_soap/fence_vmware_soap.py
+@@ -2,11 +2,13 @@
+
+ import sys, exceptions, time
+ import shutil, tempfile, suds
+-import logging
++import logging, requests
+ sys.path.append("@FENCEAGENTSLIBDIR@")
+
+ from suds.client import Client
+ from suds.sudsobject import Property
++from suds.transport.http import HttpAuthenticated
++from suds.transport import Reply, TransportError
+ from fencing import *
+
+ #BEGIN_VERSION_GENERATION
+@@ -15,13 +17,32 @@ REDHAT_COPYRIGHT=""
+ BUILD_DATE="April, 2011"
+ #END_VERSION_GENERATION
+
++class RequestsTransport(HttpAuthenticated):
++ def __init__(self, **kwargs):
++ self.cert = kwargs.pop('cert', None)
++ self.verify = kwargs.pop('verify', True)
++ self.session = requests.Session()
++ # super won't work because not using new style class
++ HttpAuthenticated.__init__(self, **kwargs)
++
++ def send(self, request):
++ self.addcredentials(request)
++ resp = self.session.post(request.url, data = request.message, headers = request.headers, cert = self.cert, verify = self.verify)
++ result = Reply(resp.status_code, resp.headers, resp.content)
++ return result
++
+ def soap_login(options):
+ if options["--action"] in ["off", "reboot"]:
+ time.sleep(int(options["--delay"]))
+
+- if options.has_key("--ssl"):
++ if options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure"):
++ if options.has_key("--ssl-insecure"):
++ verify = False
++ else:
++ verify = True
+ url = "https://"
+ else:
++ verify = False
+ url = "http://"
+
+ url += options["--ip"] + ":" + str(options["--ipport"]) + "/sdk"
+@@ -29,10 +50,10 @@ def soap_login(options):
+ tmp_dir = tempfile.mkdtemp()
+ tempfile.tempdir = tmp_dir
+ atexit.register(remove_tmp_dir, tmp_dir)
+-
++
+ try:
+- conn = Client(url + "/vimService.wsdl")
+- conn.set_options(location = url)
++ headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : ""}
++ conn = Client(url + "/vimService.wsdl", location = url, transport = RequestsTransport(verify = verify), headers = headers)
+
+ mo_ServiceInstance = Property('ServiceInstance')
+ mo_ServiceInstance._type = 'ServiceInstance'
+@@ -41,6 +62,8 @@ def soap_login(options):
+ mo_SessionManager._type = 'SessionManager'
+
+ SessionManager = conn.service.Login(mo_SessionManager, options["--username"], options["--password"])
++ except requests.exceptions.SSLError, ex:
++ fail_usage("Server side certificate verification failed")
+ except Exception, ex:
+ fail(EC_LOGIN_DENIED)
+
+@@ -202,6 +225,8 @@ Alternatively you can always use UUID to access virtual machine."
+
+ logging.basicConfig(level=logging.INFO)
+ logging.getLogger('suds.client').setLevel(logging.CRITICAL)
++ logging.getLogger("requests").setLevel(logging.CRITICAL)
++ logging.getLogger("urllib3").setLevel(logging.CRITICAL)
+
+ ##
+ ## Operate the fencing device
+--
+1.7.7.6
+
diff --git a/SOURCES/bz1072564-feature_ssl-secure.patch b/SOURCES/bz1072564-feature_ssl-secure.patch
new file mode 100644
index 0000000..46108d9
--- /dev/null
+++ b/SOURCES/bz1072564-feature_ssl-secure.patch
@@ -0,0 +1,128 @@
+From e51df7a73141c4d378d12e4a3ade12776e48ebff Mon Sep 17 00:00:00 2001
+From: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Wed, 5 Mar 2014 12:49:17 +0100
+Subject: [PATCH] fencing: Add new options --ssl-secure and --ssl-insecure
+
+These new options extends current --ssl (same as --ssl-secure). Until now certificate of the fence device
+was not validated what can possibly lead to attack on infrastructe. With this patch, user can decide
+if certificate should (--ssl-secure) or should not (--ssl-insecure) be verified.
+---
+ fence/agents/cisco_ucs/fence_cisco_ucs.py | 10 ++++++-
+ fence/agents/lib/fencing.py.py | 29 ++++++++++++++++++---
+ fence/agents/rhevm/fence_rhevm.py | 11 ++++++--
+ 4 files changed, 70 insertions(+), 14 deletions(-)
+
+diff --git a/fence/agents/cisco_ucs/fence_cisco_ucs.py b/fence/agents/cisco_ucs/fence_cisco_ucs.py
+index 71782cb..1e9d983 100644
+--- a/fence/agents/cisco_ucs/fence_cisco_ucs.py
++++ b/fence/agents/cisco_ucs/fence_cisco_ucs.py
+@@ -85,8 +85,14 @@ def send_command(opt, command, timeout):
+ c.setopt(pycurl.POSTFIELDS, command)
+ c.setopt(pycurl.WRITEFUNCTION, b.write)
+ c.setopt(pycurl.TIMEOUT, timeout)
+- c.setopt(pycurl.SSL_VERIFYPEER, 0)
+- c.setopt(pycurl.SSL_VERIFYHOST, 0)
++ if opt.has_key("--ssl") or opt.has_key("--ssl-secure"):
++ c.setopt(pycurl.SSL_VERIFYPEER, 1)
++ c.setopt(pycurl.SSL_VERIFYHOST, 2)
++
++ if opt.has_key("--ssl-insecure"):
++ c.setopt(pycurl.SSL_VERIFYPEER, 0)
++ c.setopt(pycurl.SSL_VERIFYHOST, 0)
++
+ c.perform()
+ result = b.getvalue()
+
+diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py
+index 2006f0d..e40cbb2 100644
+--- a/fence/agents/lib/fencing.py.py
++++ b/fence/agents/lib/fencing.py.py
+@@ -170,6 +170,20 @@ all_opt = {
+ "required" : "0",
+ "shortdesc" : "SSL connection",
+ "order" : 1 },
++ "ssl_insecure" : {
++ "getopt" : "9",
++ "longopt" : "ssl-insecure",
++ "help" : "--ssl-insecure Use ssl connection without verifying certificate",
++ "required" : "0",
++ "shortdesc" : "SSL connection without verifying fence device's certificate",
++ "order" : 1 },
++ "ssl_secure" : {
++ "getopt" : "9",
++ "longopt" : "ssl-secure",
++ "help" : "--ssl-secure Use ssl connection with verifying certificate",
++ "required" : "0",
++ "shortdesc" : "SSL connection with verifying fence device's certificate",
++ "order" : 1 },
+ "notls" : {
+ "getopt" : "t",
+ "longopt" : "notls",
+@@ -370,6 +384,7 @@ DEPENDENCY_OPT = {
+ "secure" : [ "identity_file", "ssh_options" ],
+ "ipaddr" : [ "ipport", "inet4_only", "inet6_only" ],
+ "port" : [ "separator" ],
++ "ssl" : [ "ssl_secure", "ssl_insecure" ],
+ "community" : [ "snmp_auth_prot", "snmp_sec_level", "snmp_priv_prot", \
+ "snmp_priv_passwd", "snmp_priv_passwd_script" ]
+ }
+@@ -645,7 +660,7 @@ def check_input(device_opt, opt):
+ elif options.has_key("--ssh"):
+ all_opt["ipport"]["default"] = 22
+ all_opt["ipport"]["help"] = "-u, --ipport=[port] TCP/UDP port to use (default 22)"
+- elif options.has_key("--ssl"):
++ elif options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure"):
+ all_opt["ipport"]["default"] = 443
+ all_opt["ipport"]["help"] = "-u, --ipport=[port] TCP/UDP port to use (default 443)"
+ elif device_opt.count("web"):
+@@ -738,7 +753,7 @@ def check_input(device_opt, opt):
+ if options.has_key("--ipport") == False:
+ if options.has_key("--ssh"):
+ options["--ipport"] = 22
+- elif options.has_key("--ssl"):
++ elif options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure"):
+ options["--ipport"] = 443
+ elif device_opt.count("web"):
+ options["--ipport"] = 80
+@@ -968,11 +983,17 @@ def fence_login(options, re_login_string = "(login\s*: )|(Login Name: )|(userna
+ re_pass = re.compile("(password)|(pass phrase)", re.IGNORECASE)
+
+ if options.has_key("--ssl"):
+- gnutls_opts=""
++ gnutls_opts = ""
++ ssl_opts = ""
++
+ if options.has_key("--notls"):
+ gnutls_opts = "--priority \"NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0\""
+
+- command = '%s %s --insecure --crlf -p %s %s' % (SSL_PATH, gnutls_opts, options["--ipport"], options["--ip"])
++ # --ssl is same as the --ssl-secure
++ if options.has_key("--ssl-insecure"):
++ ssl_opts = "--insecure"
++
++ command = '%s %s %s --crlf -p %s %s' % (SSL_PATH, gnutls_opts, ssl_opts, options["--ipport"], options["--ip"])
+ try:
+ conn = fspawn(options, command)
+ except pexpect.ExceptionPexpect, ex:
+diff --git a/fence/agents/rhevm/fence_rhevm.py b/fence/agents/rhevm/fence_rhevm.py
+index ff3d19f..6098071 100644
+--- a/fence/agents/rhevm/fence_rhevm.py
++++ b/fence/agents/rhevm/fence_rhevm.py
+@@ -84,9 +84,14 @@ def send_command(opt, command, method = "GET"):
+ c.setopt(pycurl.HTTPAUTH, pycurl.HTTPAUTH_BASIC)
+ c.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"])
+ c.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"]))
+- c.setopt(pycurl.SSL_VERIFYPEER, 0)
+- c.setopt(pycurl.SSL_VERIFYHOST, 0)
+-
++ if opt.has_key("--ssl") or opt.has_key("--ssl-secure"):
++ c.setopt(pycurl.SSL_VERIFYPEER, 1)
++ c.setopt(pycurl.SSL_VERIFYHOST, 2)
++
++ if opt.has_key("--ssl-insecure"):
++ c.setopt(pycurl.SSL_VERIFYPEER, 0)
++ c.setopt(pycurl.SSL_VERIFYHOST, 0)
++
+ if (method == "POST"):
+ c.setopt(pycurl.POSTFIELDS, "<action />")
+
diff --git a/SOURCES/bz1073947-ssh_login_failed.patch b/SOURCES/bz1073947-ssh_login_failed.patch
new file mode 100644
index 0000000..53189bd
--- /dev/null
+++ b/SOURCES/bz1073947-ssh_login_failed.patch
@@ -0,0 +1,40 @@
+From a90a90cf56f713be9a4064a02c0f630425b2091c Mon Sep 17 00:00:00 2001
+From: Ondrej Mular <omular@redhat.com>
+Date: Fri, 7 Mar 2014 09:43:00 -0500
+Subject: [PATCH] fencing: fixed pexpect TypeError exception, when using
+ identity file for login via ssh
+
+Previously, fence-agent failed to log in (ssh) using identity file. This caused fence-agent failure because of uncaught exception.
+
+Resolves: rhbz#1073947
+
+Signed-off-by: Marek 'marx' Grac <mgrac@redhat.com>
+---
+ fence/agents/lib/fencing.py.py | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py
+index 2006f0d..76855e1 100644
+--- a/fence/agents/lib/fencing.py.py
++++ b/fence/agents/lib/fencing.py.py
+@@ -1022,13 +1022,12 @@ def fence_login(options, re_login_string = "(login\s*: )|(Login Name: )|(userna
+ "are not in the spec file and must be installed separately." + "\n")
+ sys.exit(EC_GENERIC_ERROR)
+
+- result = conn.log_expect(options, [ options["--command-prompt"], \
+- "Are you sure you want to continue connecting (yes/no)?", \
+- "Enter passphrase for key '" + options["--identity-file"] + "':" ], int(options["--login-timeout"]))
++ result = conn.log_expect(options, [ "Enter passphrase for key '" + options["--identity-file"] + "':",\
++ "Are you sure you want to continue connecting (yes/no)?" ] + options["--command-prompt"], int(options["--login-timeout"]))
+ if result == 1:
+ conn.sendline("yes")
+- conn.log_expect(options, [ options["--command-prompt"], "Enter passphrase for key '"+options["--identity-file"]+"':"] , int(options["--login-timeout"]))
+- if result != 0:
++ result = conn.log_expect(options, [ "Enter passphrase for key '"+options["--identity-file"]+"':"] + options["--command-prompt"], int(options["--login-timeout"]))
++ if result == 0:
+ if options.has_key("--password"):
+ conn.sendline(options["--password"])
+ conn.log_expect(options, options["--command-prompt"], int(options["--login-timeout"]))
+--
+1.8.5.3
+
diff --git a/SOURCES/bz990539-1-replacing_nss_wrapperr.patch b/SOURCES/bz990539-1-replacing_nss_wrapperr.patch
new file mode 100644
index 0000000..43188d8
--- /dev/null
+++ b/SOURCES/bz990539-1-replacing_nss_wrapperr.patch
@@ -0,0 +1,550 @@
+From 52ed50a1bd4b4bfe632bd560de27195fcea65802 Mon Sep 17 00:00:00 2001
+From: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Mon, 17 Feb 2014 14:20:24 +0100
+Subject: [PATCH] fence_ilo: Replacing nss_wrapper with gnutls-cli
+
+SSLv2 was disabled in nss package (rhbz#1001841), ilo2 now supports also SSLv3
+and it is possible to use standard tool for communication.
+---
+ configure.ac | 2 +-
+ fence/agents/Makefile.am | 1 -
+ fence/agents/lib/fencing.py.py | 5 +-
+ fence/agents/nss_wrapper/Makefile.am | 7 -
+ fence/agents/nss_wrapper/fence_nss_wrapper.c | 484 --------------------------
+ make/fencebuild.mk | 1 +
+ 6 files changed, 4 insertions(+), 496 deletions(-)
+ delete mode 100644 fence/agents/nss_wrapper/Makefile.am
+ delete mode 100644 fence/agents/nss_wrapper/fence_nss_wrapper.c
+
+diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py
+index fd21c69..798f855 100644
+--- a/fence/agents/lib/fencing.py.py
++++ b/fence/agents/lib/fencing.py.py
+@@ -28,7 +28,7 @@ EC_INVALID_PRIVILEGES = 11
+
+ TELNET_PATH = "/usr/bin/telnet"
+ SSH_PATH = "/usr/bin/ssh"
+-SSL_PATH = "@LIBEXECDIR@/fence_nss_wrapper"
++SSL_PATH = "@GNUTLSCLI_PATH@"
+ SUDO_PATH = "/usr/bin/sudo"
+
+ all_opt = {
+@@ -960,11 +960,10 @@ def fence_login(options, re_login_string = "(login\s*: )|(Login Name: )|(userna
+ re_pass = re.compile("(password)|(pass phrase)", re.IGNORECASE)
+
+ if options.has_key("--ssl"):
+- command = '%s %s %s %s' % (SSL_PATH, force_ipvx, options["--ip"], options["--ipport"])
++ command = '%s --insecure --crlf -p %s %s' % (SSL_PATH, options["--ipport"], options["--ip"])
+ try:
+ conn = fspawn(options, command)
+ except pexpect.ExceptionPexpect, ex:
+- ## SSL telnet is part of the fencing package
+ sys.stderr.write(str(ex) + "\n")
+ syslog.syslog(syslog.LOG_ERR, str(ex))
+ sys.exit(EC_GENERIC_ERROR)
+diff --git a/fence/agents/nss_wrapper/Makefile.am b/fence/agents/nss_wrapper/Makefile.am
+deleted file mode 100644
+index 16273ed..0000000
+--- a/fence/agents/nss_wrapper/Makefile.am
++++ /dev/null
+@@ -1,7 +0,0 @@
+-MAINTAINERCLEANFILES = Makefile.in
+-
+-libexec_PROGRAMS = fence_nss_wrapper
+-
+-fence_nss_wrapper_CFLAGS = $(nss_CFLAGS) $(nspr_CFLAGS)
+-
+-fence_nss_wrapper_LDFLAGS = $(nss_LIBS) $(nspr_LIBS)
+diff --git a/fence/agents/nss_wrapper/fence_nss_wrapper.c b/fence/agents/nss_wrapper/fence_nss_wrapper.c
+deleted file mode 100644
+index b960cf0..0000000
+--- a/fence/agents/nss_wrapper/fence_nss_wrapper.c
++++ /dev/null
+@@ -1,484 +0,0 @@
+-/** @file fence_nss_wrapper.c - Main source code of hobbit like tool with
+- support for NSS (SSL) connection.
+-*/
+-#include "clusterautoconfig.h"
+-
+-#include <stdio.h>
+-#include <nss.h>
+-#include <ssl.h>
+-#include <prio.h>
+-#include <prnetdb.h>
+-#include <prerror.h>
+-#include <prinit.h>
+-#include <getopt.h>
+-#include <libgen.h>
+-
+-/*---- CONSTANTS -------------*/
+-
+-/** Default operation = connect and telnet*/
+-#define OPERATION_DEFAULT 0
+-/** Operation display help*/
+-#define OPERATION_HELP 1
+-
+-/** Default mode of connection. Try first found working address*/
+-#define MODE_DEFAULT 3
+-/** Use only IPv4*/
+-#define MODE_IP4MODE 1
+-/** Use only IPv6*/
+-#define MODE_IP6MODE 2
+-/** Use RAW mode - no change of \r and \n to \r\n*/
+-#define MODE_RAW 4
+-/** Use non-secure mode (without SSL, only pure socket)*/
+-#define MODE_NO_SSL 8
+-
+-/*------ Functions ---------------*/
+-
+-/** Return port inserted in string. Fuction tests, if port is integer, and than return
+- integer value of string. Otherwise, it will use /etc/services. On fail, it returns
+- port -1.
+- @param port_s Input port or service name
+- @return port number (converted with ntohs) on success, otherwise -1.
+-*/
+-static int return_port(char *port_s) {
+- char *end_c;
+- int res;
+- struct servent *serv;
+-
+- res=strtol(port_s,&end_c,10);
+-
+- if (*end_c=='\0') return res;
+-
+- /*It's not number, so try service name*/
+- serv=getservbyname(port_s,NULL);
+-
+- if (serv==NULL) return -1;
+-
+- return ntohs(serv->s_port);
+-}
+-
+-/** Hook handler for bad certificate (because we have no DB, EVERY certificate is bad).
+- Returned value is always SECSuccess = it's ok certificate.
+- @param arg NULL value
+- @param fd socket cased error
+- @return SECSuccess.
+-*/
+-static SECStatus nss_bad_cert_hook(void *arg,PRFileDesc *fd) {
+- return SECSuccess;
+-}
+-
+-/** Display last NSPR/NSS error code and user readable message.
+-*/
+-static void print_nspr_error(void) {
+- fprintf(stderr,"Error (%d): %s\n",PR_GetError(),PR_ErrorToString(PR_GetError(),PR_LANGUAGE_I_DEFAULT));
+-}
+-
+-/** Initialize NSS. NSS is initialized without DB and with
+- domnestic policy.
+- @return 1 on success, otherwise 0.
+-*/
+-static int init_nss(void) {
+- if ((NSS_NoDB_Init(NULL)!=SECSuccess) ||
+- (NSS_SetDomesticPolicy()!=SECSuccess)) {
+- print_nspr_error();
+-
+- return 0;
+- }
+-
+- SSL_ClearSessionCache();
+-
+- return 1;
+-}
+-
+-/** Create socket. If ssl is >0, socket is ssl enabled.
+- @param ssl Enable ssl (Client, SSL2+3, no TLS, compatible hello) if PR_TRUE, otherwise no.
+- @param ipv6 New socket will be IPv4 if this value is 0, otherwise it will be ipv6
+- @return NULL on error, otherwise socket.
+-*/
+-static PRFileDesc *create_socket(int ssl,int ipv6) {
+- PRFileDesc *res_socket;
+-
+- res_socket=PR_OpenTCPSocket((ipv6?PR_AF_INET6:PR_AF_INET));
+- if (res_socket==NULL) {
+- print_nspr_error();
+-
+- return NULL;
+- }
+-
+- if (!ssl) return res_socket;
+-
+- if (!(res_socket=SSL_ImportFD(NULL,res_socket))) {
+- print_nspr_error();
+-
+- return NULL;
+- }
+-
+- if ((SSL_OptionSet(res_socket,SSL_SECURITY,ssl)!=SECSuccess) ||
+- (SSL_OptionSet(res_socket,SSL_HANDSHAKE_AS_SERVER,PR_FALSE)!=SECSuccess) ||
+- (SSL_OptionSet(res_socket,SSL_HANDSHAKE_AS_CLIENT,PR_TRUE)!=SECSuccess) ||
+- (SSL_OptionSet(res_socket,SSL_ENABLE_SSL2,ssl)!=SECSuccess) ||
+- (SSL_OptionSet(res_socket,SSL_ENABLE_SSL3,ssl)!=SECSuccess) ||
+- (SSL_OptionSet(res_socket,SSL_ENABLE_TLS,PR_FALSE)!=SECSuccess) ||
+- (SSL_OptionSet(res_socket,SSL_V2_COMPATIBLE_HELLO,ssl)!=SECSuccess) ||
+- (SSL_SetPKCS11PinArg(res_socket,NULL)==-1) ||
+- (SSL_AuthCertificateHook(res_socket,SSL_AuthCertificate,CERT_GetDefaultCertDB())!=SECSuccess) ||
+- (SSL_BadCertHook(res_socket,nss_bad_cert_hook,NULL)!=SECSuccess)) {
+- print_nspr_error();
+-
+- if (PR_Close(res_socket)!=PR_SUCCESS) {
+- print_nspr_error();
+- }
+-
+- return NULL;
+- }
+-
+- return res_socket;
+-}
+-
+-/** Create socket and connect to it.
+- @param hostname Hostname to connect
+- @param port Port name/number to connect
+- @param mode Connection mode. Bit-array of MODE_NO_SSL, MODE_IP6MODE, MODE_IP4MODE.
+- @return NULL on error, otherwise connected socket.
+-*/
+-static PRFileDesc *create_connected_socket(char *hostname,int port,int mode) {
+- PRAddrInfo *addr_info;
+- void *addr_iter;
+- PRNetAddr addr;
+- PRFileDesc *localsocket;
+- int can_exit,valid_socket;
+- PRUint16 af_spec;
+-
+- localsocket=NULL;
+-
+- addr_info=NULL;
+-
+- af_spec=PR_AF_UNSPEC;
+-
+- if (!(mode&MODE_IP6MODE)) af_spec=PR_AF_INET;
+-
+- addr_info=PR_GetAddrInfoByName(hostname,af_spec,PR_AI_ADDRCONFIG);
+-
+- if (addr_info == NULL) {
+- print_nspr_error();
+- return NULL;
+- }
+-
+- /*We have socket -> enumerate and try to connect*/
+- addr_iter=NULL;
+- can_exit=0;
+- valid_socket=0;
+-
+- while (!can_exit) {
+- addr_iter=PR_EnumerateAddrInfo(addr_iter,addr_info,port,&addr);
+-
+- if (addr_iter==NULL) {
+- can_exit=1;
+- } else {
+- if ((PR_NetAddrFamily(&addr)==PR_AF_INET && (mode&MODE_IP4MODE)) ||
+- (PR_NetAddrFamily(&addr)==PR_AF_INET6 && (mode&MODE_IP6MODE))) {
+- /*Type of address is what user want, try to create socket and make connection*/
+-
+- /*Create socket*/
+- localsocket=create_socket(!(mode&MODE_NO_SSL),(PR_NetAddrFamily(&addr)==PR_AF_INET6));
+-
+- if (localsocket) {
+- /*Try to connect*/
+- if (PR_Connect(localsocket,&addr,PR_INTERVAL_NO_TIMEOUT)==PR_SUCCESS) {
+- /*Force handshake*/
+- if ((!(mode&MODE_NO_SSL)) && SSL_ForceHandshake(localsocket)!=SECSuccess) {
+- /*Handhake failure -> fail*/
+- print_nspr_error();
+- if (PR_Close(localsocket)!=PR_SUCCESS) {
+- print_nspr_error();
+- can_exit=1;
+- }
+- localsocket=NULL;
+- }
+-
+- /*Socket is connected -> we can return it*/
+- can_exit=1;
+- } else {
+- /*Try another address*/
+- if (PR_Close(localsocket)!=PR_SUCCESS) {
+- print_nspr_error();
+- can_exit=1;
+- }
+- localsocket=NULL;
+- }
+- }
+- }
+- }
+- }
+-
+- if (!localsocket) {
+- /*Socket is unvalid -> we don't found any usable address*/
+- fprintf(stderr,"Can't connect to host %s on port %d!\n",hostname,port);
+- }
+-
+- PR_FreeAddrInfo(addr_info);
+-
+- return localsocket;
+-}
+-
+-/** Parse arguments from command line.
+- @param argc Number of arguments in argv
+- @param argv Array of arguments
+- @param mode Pointer to int will be filled with OPERATION_DEFAULT or OPERATION_HELP.
+- @param mode Pointer to int will be filled with MODE_DEFAULT, MODE_IP4MODE or MODE_IP4MODE.
+- @return 1 on success, otherwise 0.
+-*/
+-static int parse_cli(int argc,char *argv[],int *operation,int *mode,char **hostname,char **port) {
+- int opt;
+-
+- *operation=OPERATION_DEFAULT;
+- *mode=MODE_DEFAULT;
+- *port=NULL;
+- *hostname=NULL;
+-
+- while ((opt=getopt(argc,argv,"h46rz"))!=-1) {
+- switch (opt) {
+- case 'h':
+- *operation=OPERATION_HELP;
+-
+- return 0;
+- break;
+-
+- case '4':
+- (*mode)&=~MODE_IP6MODE;
+- (*mode)|=MODE_IP4MODE;
+- break;
+-
+- case '6':
+- (*mode)&=~MODE_IP4MODE;
+- (*mode)|=MODE_IP6MODE;
+- break;
+-
+- case 'r':
+- (*mode)|=MODE_RAW;
+- break;
+-
+- case 'z':
+- (*mode)|=MODE_NO_SSL;
+- break;
+-
+- default:
+- return 0;
+- break;
+- }
+- }
+-
+- if (argc-optind<2) {
+- fprintf(stderr,"Hostname and port is expected!\n");
+-
+- return 0;
+- }
+-
+- *hostname=argv[optind];
+- *port=argv[optind+1];
+-
+- return 1;
+-}
+-
+-/** Show usage of application.
+- @param pname Name of program (usually basename of argv[0])
+-*/
+-static void show_usage(char *pname) {
+- printf("usage: %s [options] hostname port\n", pname);
+- printf(" -4 Force to use IPv4\n");
+- printf(" -6 Force to use IPv6\n");
+- printf(" -r Use RAW connection (don't convert \\r and \\n characters)\n");
+- printf(" -z Don't use SSL connection (use pure socket)\n");
+- printf(" -h Show this help\n");
+-}
+-
+-/** Convert End Of Lines (Unix \n, Macs \r or DOS/Win \r\n) to \r\n.
+- @param in_buffer Input buffer
+- @param in_size Input buffer size
+- @param out_buffer Output buffer (must be prealocated). Should be (2*in_size) (in worst case)
+- @param out_size There will be size of out_buffer
+- @param in_state Internal state of finite automata. First call should have this 0, other calls
+- shouldn't change this value. After end of file, you may add to this value +100 and call this
+- again, to make sure of proper end (in_buffer can be in this case everything, including NULL).
+-*/
+-static void convert_eols(char *in_buffer,int in_size,char *out_buffer,int *out_size,int *in_state) {
+- int in_pos,out_pos;
+- int status;
+- char in_char;
+-
+- out_pos=0;
+- status=*in_state;
+-
+- if (status==100 || status==101) {
+- if (status==101) {
+- out_buffer[out_pos++]='\r';
+- out_buffer[out_pos++]='\n';
+- }
+- } else {
+- for (in_pos=0;in_pos<in_size;in_pos++) {
+- in_char=in_buffer[in_pos];
+-
+- switch (status) {
+- case 0:
+- if (in_char=='\r') status=1;
+- if (in_char=='\n') {
+- out_buffer[out_pos++]='\r';
+- out_buffer[out_pos++]='\n';
+- }
+- if ((in_char!='\r') && (in_char!='\n')) out_buffer[out_pos++]=in_char;
+- break;
+-
+- case 1:
+- out_buffer[out_pos++]='\r';
+- out_buffer[out_pos++]='\n';
+-
+- if (in_char!='\n') out_buffer[out_pos++]=in_char;
+-
+- status=0;
+- break;
+- }
+- }
+- }
+-
+- *out_size=out_pos;
+- *in_state=status;
+-}
+-
+-/** Start polling cycle.
+- @param socket Network connected socket.
+- @param mode Bit-array of MODE_*. This function take care on MODE_RAW.
+- @return 0 on failure, otherwise 1
+-*/
+-static int poll_cycle(PRFileDesc *localsocket,int mode) {
+- PRPollDesc pool[2];
+- char buffer[1024],buffer_eol[1024*2];
+- int readed_bytes;
+- int can_exit;
+- int res;
+- int bytes_to_write;
+- int eol_state;
+-
+- can_exit=0;
+- eol_state=0;
+-
+- /* Fill pool*/
+- pool[1].fd=localsocket;
+- pool[0].fd=PR_STDIN;
+- pool[0].in_flags=pool[1].in_flags=PR_POLL_READ;
+- pool[0].out_flags=pool[1].out_flags=0;
+-
+- while (!can_exit) {
+- res=(PR_Poll(pool,sizeof(pool)/sizeof(PRPollDesc),PR_INTERVAL_NO_TIMEOUT));
+-
+- if (res==-1) {
+- print_nspr_error();
+-
+- return 0;
+- }
+-
+- if (pool[1].out_flags&PR_POLL_READ) {
+- /*We have something in socket*/
+- if ((readed_bytes=PR_Read(pool[1].fd,buffer,sizeof(buffer)))>0) {
+- if (PR_Write(PR_STDOUT,buffer,readed_bytes)!=readed_bytes) {
+- print_nspr_error();
+-
+- return 0;
+- }
+- } else {
+- /*End of stream -> quit*/
+- can_exit=1;
+- }
+- }
+-
+- if (pool[0].out_flags&(PR_POLL_READ|PR_POLL_HUP)) {
+- /*We have something in stdin*/
+- if ((readed_bytes=PR_Read(pool[0].fd,buffer,sizeof(buffer)))>0) {
+-
+- if (!(mode&MODE_RAW)) {
+- convert_eols(buffer,readed_bytes,buffer_eol,&bytes_to_write,&eol_state);
+- } else
+- bytes_to_write=readed_bytes;
+-
+- if (PR_Write(pool[1].fd,(mode&MODE_RAW?buffer:buffer_eol),bytes_to_write)!=bytes_to_write) {
+- print_nspr_error();
+-
+- return 0;
+- }
+- } else {
+- /*End of stream -> send EOL (if needed)*/
+- if (!(mode&MODE_RAW)) {
+- eol_state+=100;
+- convert_eols(NULL,0,buffer_eol,&bytes_to_write,&eol_state);
+- if (PR_Write(pool[1].fd,buffer_eol,bytes_to_write)!=bytes_to_write) {
+- print_nspr_error();
+-
+- return 0;
+- }
+- }
+- }
+- }
+-
+- pool[0].out_flags=pool[1].out_flags=0;
+- } /*while (!can_exit)*/
+-
+- return 1;
+-}
+-
+-static void atexit_handler(void) {
+- if (PR_Initialized())
+- PR_Cleanup();
+-
+- if (fclose(stdout)!=0) {
+- fprintf(stderr,"Can't close stdout!\n");
+-
+- exit(1);
+- }
+-}
+-
+-/** Entry point of application.
+- @param argc Number of arguments on command line
+- @param argv Array of strings with arguments from command line
+- @return 0 on success, otherwise >0.
+-*/
+-int main(int argc,char *argv[]) {
+- int mode,operation;
+- char *hostname, *port;
+- char *pname;
+- int port_n;
+- PRFileDesc *fd_socket;
+- int res;
+-
+- pname=basename(argv[0]);
+-
+- atexit(atexit_handler);
+-
+- if (!parse_cli(argc,argv,&operation,&mode,&hostname,&port) || operation==OPERATION_HELP) {
+- show_usage(pname);
+-
+- if (operation!=OPERATION_HELP) return 1;
+-
+- return 0;
+- }
+-
+- if ((port_n=return_port(port))==-1) {
+- fprintf(stderr,"Error. Unknown port number/name %s!\n",port);
+-
+- return 1;
+- }
+-
+- if (!(mode&MODE_NO_SSL)) {
+- if (!init_nss()) return 1;
+- }
+-
+- if (!(fd_socket=create_connected_socket(hostname,port_n,mode)))
+- return 1;
+-
+- res=poll_cycle(fd_socket,mode);
+-
+- if (PR_Close(fd_socket)!=PR_SUCCESS) {
+- print_nspr_error();
+-
+- return 1;
+- }
+-
+- return (res?0:1);
+-}
+--
+1.7.7.6
+
diff --git a/SOURCES/bz990539-2-replacing_nss_wrapperr.patch b/SOURCES/bz990539-2-replacing_nss_wrapperr.patch
new file mode 100644
index 0000000..364d2ba
--- /dev/null
+++ b/SOURCES/bz990539-2-replacing_nss_wrapperr.patch
@@ -0,0 +1,40 @@
+diff -urN fence-agents-4.0.2.orig/configure.ac fence-agents-4.0.2/configure.ac
+--- fence-agents-4.0.2.orig/configure.ac 2014-02-17 14:55:59.768097454 +0100
++++ fence-agents-4.0.2/configure.ac 2014-02-17 14:57:05.567548670 +0100
+@@ -243,6 +243,8 @@
+ CPPFLAGS="-I\$(top_builddir)/make -I\$(top_srcdir)/make -I. $ENV_CPPFLAGS"
+ LDFLAGS="$ENV_LDFLAGS"
+
++AC_PATH_PROG([GNUTLSCLI_PATH], [gnutlscli], [/usr/bin/gnutls-cli])
++
+ AC_CONFIG_FILES([Makefile
+ fence/Makefile
+ fence/agents/Makefile
+@@ -276,7 +278,6 @@
+ fence/agents/lpar/Makefile
+ fence/agents/manual/Makefile
+ fence/agents/mcdata/Makefile
+- fence/agents/nss_wrapper/Makefile
+ fence/agents/rackswitch/Makefile
+ fence/agents/ovh/Makefile
+ fence/agents/rhevm/Makefile
+diff -urN fence-agents-4.0.2.orig/fence/agents/Makefile.am fence-agents-4.0.2/fence/agents/Makefile.am
+--- fence-agents-4.0.2.orig/fence/agents/Makefile.am 2014-02-17 14:55:59.774097497 +0100
++++ fence-agents-4.0.2/fence/agents/Makefile.am 2014-02-17 14:58:09.426990207 +0100
+@@ -1,5 +1,4 @@
+ MAINTAINERCLEANFILES = Makefile.in
+
+ SUBDIRS = lib \
+- nss_wrapper \
+ $(AGENTS_LIST)
+diff -urN fence-agents-4.0.2.orig/make/fencebuild.mk fence-agents-4.0.2/make/fencebuild.mk
+--- fence-agents-4.0.2.orig/make/fencebuild.mk 2014-02-17 14:55:59.768097454 +0100
++++ fence-agents-4.0.2/make/fencebuild.mk 2014-02-17 14:59:06.653383134 +0100
+@@ -9,6 +9,7 @@
+ -e 's#@''LOGDIR@#${LOGDIR}#g' \
+ -e 's#@''SBINDIR@#${sbindir}#g' \
+ -e 's#@''LIBEXECDIR@#${libexecdir}#g' \
++ -e 's#@''GNUTLSCLI_PATH@#${GNUTLSCLI_PATH}#g' \
+ > $@
+
+ if [ 0 -eq `echo "$(SRC)" | grep fence_ &> /dev/null; echo $$?` ]; then \
diff --git a/SOURCES/bz990539-3-remove_nss_nspr_check.patch b/SOURCES/bz990539-3-remove_nss_nspr_check.patch
new file mode 100644
index 0000000..76b39f8
--- /dev/null
+++ b/SOURCES/bz990539-3-remove_nss_nspr_check.patch
@@ -0,0 +1,14 @@
+diff -urN fence-agents-4.0.2.orig/configure.ac fence-agents-4.0.2/configure.ac
+--- fence-agents-4.0.2.orig/configure.ac 2014-02-18 21:26:07.091204997 +0100
++++ fence-agents-4.0.2/configure.ac 2014-02-18 21:26:18.572286647 +0100
+@@ -83,10 +83,6 @@
+ LIBS=$ac_check_lib_save_LIBS
+ }
+
+-# external libs
+-PKG_CHECK_MODULES([nss],[nss])
+-PKG_CHECK_MODULES([nspr],[nspr])
+-
+ # Checks for header files.
+ AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h netdb.h stddef.h sys/socket.h sys/time.h syslog.h])
+
diff --git a/SOURCES/bz990539-4-remove_nss_nspr_check.patch b/SOURCES/bz990539-4-remove_nss_nspr_check.patch
new file mode 100644
index 0000000..3bcba86
--- /dev/null
+++ b/SOURCES/bz990539-4-remove_nss_nspr_check.patch
@@ -0,0 +1,426 @@
+diff -urN fence-agents-4.0.2.orig/configure fence-agents-4.0.2/configure
+--- fence-agents-4.0.2.orig/configure 2014-02-18 21:26:07.087204966 +0100
++++ fence-agents-4.0.2/configure 2014-02-18 21:32:17.932860775 +0100
+@@ -615,6 +615,7 @@
+ ac_subst_vars='am__EXEEXT_FALSE
+ am__EXEEXT_TRUE
+ LTLIBOBJS
++GNUTLSCLI_PATH
+ BUILD_XENAPILIB_FALSE
+ BUILD_XENAPILIB_TRUE
+ AGENTS_LIST
+@@ -626,13 +627,6 @@
+ DEFAULT_CONFIG_FILE
+ DEFAULT_CONFIG_DIR
+ LIBOBJS
+-nspr_LIBS
+-nspr_CFLAGS
+-nss_LIBS
+-nss_CFLAGS
+-PKG_CONFIG_LIBDIR
+-PKG_CONFIG_PATH
+-PKG_CONFIG
+ CXXCPP
+ am__fastdepCXX_FALSE
+ am__fastdepCXX_TRUE
+@@ -778,14 +772,7 @@
+ CXX
+ CXXFLAGS
+ CCC
+-CXXCPP
+-PKG_CONFIG
+-PKG_CONFIG_PATH
+-PKG_CONFIG_LIBDIR
+-nss_CFLAGS
+-nss_LIBS
+-nspr_CFLAGS
+-nspr_LIBS'
++CXXCPP'
+
+
+ # Initialize some variables set by options.
+@@ -1446,15 +1433,6 @@
+ CXX C++ compiler command
+ CXXFLAGS C++ compiler flags
+ CXXCPP C++ preprocessor
+- PKG_CONFIG path to pkg-config utility
+- PKG_CONFIG_PATH
+- directories to add to pkg-config's search path
+- PKG_CONFIG_LIBDIR
+- path overriding pkg-config's built-in search path
+- nss_CFLAGS C compiler flags for nss, overriding pkg-config
+- nss_LIBS linker flags for nss, overriding pkg-config
+- nspr_CFLAGS C compiler flags for nspr, overriding pkg-config
+- nspr_LIBS linker flags for nspr, overriding pkg-config
+
+ Use these variables to override the choices made by `configure' or to help
+ it to find libraries and programs with nonstandard names/locations.
+@@ -16179,309 +16157,6 @@
+ LIBS=$ac_check_lib_save_LIBS
+ }
+
+-# external libs
+-
+-
+-
+-
+-
+-
+-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+- if test -n "$ac_tool_prefix"; then
+- # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+-set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+-$as_echo_n "checking for $ac_word... " >&6; }
+-if ${ac_cv_path_PKG_CONFIG+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- case $PKG_CONFIG in
+- [\\/]* | ?:[\\/]*)
+- ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+- ;;
+- *)
+- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- for ac_exec_ext in '' $ac_executable_extensions; do
+- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+- ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+- break 2
+- fi
+-done
+- done
+-IFS=$as_save_IFS
+-
+- ;;
+-esac
+-fi
+-PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+-if test -n "$PKG_CONFIG"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+-$as_echo "$PKG_CONFIG" >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-
+-
+-fi
+-if test -z "$ac_cv_path_PKG_CONFIG"; then
+- ac_pt_PKG_CONFIG=$PKG_CONFIG
+- # Extract the first word of "pkg-config", so it can be a program name with args.
+-set dummy pkg-config; ac_word=$2
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+-$as_echo_n "checking for $ac_word... " >&6; }
+-if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- case $ac_pt_PKG_CONFIG in
+- [\\/]* | ?:[\\/]*)
+- ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+- ;;
+- *)
+- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- for ac_exec_ext in '' $ac_executable_extensions; do
+- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+- break 2
+- fi
+-done
+- done
+-IFS=$as_save_IFS
+-
+- ;;
+-esac
+-fi
+-ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+-if test -n "$ac_pt_PKG_CONFIG"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+-$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-
+- if test "x$ac_pt_PKG_CONFIG" = x; then
+- PKG_CONFIG=""
+- else
+- case $cross_compiling:$ac_tool_warned in
+-yes:)
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+-ac_tool_warned=yes ;;
+-esac
+- PKG_CONFIG=$ac_pt_PKG_CONFIG
+- fi
+-else
+- PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+-fi
+-
+-fi
+-if test -n "$PKG_CONFIG"; then
+- _pkg_min_version=0.9.0
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+-$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+- else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+- PKG_CONFIG=""
+- fi
+-fi
+-
+-pkg_failed=no
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nss" >&5
+-$as_echo_n "checking for nss... " >&6; }
+-
+-if test -n "$nss_CFLAGS"; then
+- pkg_cv_nss_CFLAGS="$nss_CFLAGS"
+- elif test -n "$PKG_CONFIG"; then
+- if test -n "$PKG_CONFIG" && \
+- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5
+- ($PKG_CONFIG --exists --print-errors "nss") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }; then
+- pkg_cv_nss_CFLAGS=`$PKG_CONFIG --cflags "nss" 2>/dev/null`
+-else
+- pkg_failed=yes
+-fi
+- else
+- pkg_failed=untried
+-fi
+-if test -n "$nss_LIBS"; then
+- pkg_cv_nss_LIBS="$nss_LIBS"
+- elif test -n "$PKG_CONFIG"; then
+- if test -n "$PKG_CONFIG" && \
+- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5
+- ($PKG_CONFIG --exists --print-errors "nss") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }; then
+- pkg_cv_nss_LIBS=`$PKG_CONFIG --libs "nss" 2>/dev/null`
+-else
+- pkg_failed=yes
+-fi
+- else
+- pkg_failed=untried
+-fi
+-
+-
+-
+-if test $pkg_failed = yes; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-
+-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+- _pkg_short_errors_supported=yes
+-else
+- _pkg_short_errors_supported=no
+-fi
+- if test $_pkg_short_errors_supported = yes; then
+- nss_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "nss" 2>&1`
+- else
+- nss_PKG_ERRORS=`$PKG_CONFIG --print-errors "nss" 2>&1`
+- fi
+- # Put the nasty error message in config.log where it belongs
+- echo "$nss_PKG_ERRORS" >&5
+-
+- as_fn_error $? "Package requirements (nss) were not met:
+-
+-$nss_PKG_ERRORS
+-
+-Consider adjusting the PKG_CONFIG_PATH environment variable if you
+-installed software in a non-standard prefix.
+-
+-Alternatively, you may set the environment variables nss_CFLAGS
+-and nss_LIBS to avoid the need to call pkg-config.
+-See the pkg-config man page for more details." "$LINENO" 5
+-
+-elif test $pkg_failed = untried; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
+-is in your PATH or set the PKG_CONFIG environment variable to the full
+-path to pkg-config.
+-
+-Alternatively, you may set the environment variables nss_CFLAGS
+-and nss_LIBS to avoid the need to call pkg-config.
+-See the pkg-config man page for more details.
+-
+-To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+-See \`config.log' for more details" "$LINENO" 5; }
+-
+-else
+- nss_CFLAGS=$pkg_cv_nss_CFLAGS
+- nss_LIBS=$pkg_cv_nss_LIBS
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+-
+-fi
+-
+-pkg_failed=no
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nspr" >&5
+-$as_echo_n "checking for nspr... " >&6; }
+-
+-if test -n "$nspr_CFLAGS"; then
+- pkg_cv_nspr_CFLAGS="$nspr_CFLAGS"
+- elif test -n "$PKG_CONFIG"; then
+- if test -n "$PKG_CONFIG" && \
+- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nspr\""; } >&5
+- ($PKG_CONFIG --exists --print-errors "nspr") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }; then
+- pkg_cv_nspr_CFLAGS=`$PKG_CONFIG --cflags "nspr" 2>/dev/null`
+-else
+- pkg_failed=yes
+-fi
+- else
+- pkg_failed=untried
+-fi
+-if test -n "$nspr_LIBS"; then
+- pkg_cv_nspr_LIBS="$nspr_LIBS"
+- elif test -n "$PKG_CONFIG"; then
+- if test -n "$PKG_CONFIG" && \
+- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nspr\""; } >&5
+- ($PKG_CONFIG --exists --print-errors "nspr") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }; then
+- pkg_cv_nspr_LIBS=`$PKG_CONFIG --libs "nspr" 2>/dev/null`
+-else
+- pkg_failed=yes
+-fi
+- else
+- pkg_failed=untried
+-fi
+-
+-
+-
+-if test $pkg_failed = yes; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-
+-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+- _pkg_short_errors_supported=yes
+-else
+- _pkg_short_errors_supported=no
+-fi
+- if test $_pkg_short_errors_supported = yes; then
+- nspr_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "nspr" 2>&1`
+- else
+- nspr_PKG_ERRORS=`$PKG_CONFIG --print-errors "nspr" 2>&1`
+- fi
+- # Put the nasty error message in config.log where it belongs
+- echo "$nspr_PKG_ERRORS" >&5
+-
+- as_fn_error $? "Package requirements (nspr) were not met:
+-
+-$nspr_PKG_ERRORS
+-
+-Consider adjusting the PKG_CONFIG_PATH environment variable if you
+-installed software in a non-standard prefix.
+-
+-Alternatively, you may set the environment variables nspr_CFLAGS
+-and nspr_LIBS to avoid the need to call pkg-config.
+-See the pkg-config man page for more details." "$LINENO" 5
+-
+-elif test $pkg_failed = untried; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
+-is in your PATH or set the PKG_CONFIG environment variable to the full
+-path to pkg-config.
+-
+-Alternatively, you may set the environment variables nspr_CFLAGS
+-and nspr_LIBS to avoid the need to call pkg-config.
+-See the pkg-config man page for more details.
+-
+-To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+-See \`config.log' for more details" "$LINENO" 5; }
+-
+-else
+- nspr_CFLAGS=$pkg_cv_nspr_CFLAGS
+- nspr_LIBS=$pkg_cv_nspr_LIBS
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+-
+-fi
+-
+ # Checks for header files.
+ for ac_header in arpa/inet.h fcntl.h libintl.h limits.h netdb.h stddef.h sys/socket.h sys/time.h syslog.h
+ do :
+@@ -17064,7 +16739,49 @@
+ CPPFLAGS="-I\$(top_builddir)/make -I\$(top_srcdir)/make -I. $ENV_CPPFLAGS"
+ LDFLAGS="$ENV_LDFLAGS"
+
+-ac_config_files="$ac_config_files Makefile fence/Makefile fence/agents/Makefile fence/agents/alom/Makefile fence/agents/apc/Makefile fence/agents/apc_snmp/Makefile fence/agents/baytech/Makefile fence/agents/bladecenter/Makefile fence/agents/brocade/Makefile fence/agents/bullpap/Makefile fence/agents/cisco_mds/Makefile fence/agents/cisco_ucs/Makefile fence/agents/cpint/Makefile fence/agents/drac/Makefile fence/agents/drac5/Makefile fence/agents/dummy/Makefile fence/agents/eaton_snmp/Makefile fence/agents/egenera/Makefile fence/agents/eps/Makefile fence/agents/hpblade/Makefile fence/agents/ibmblade/Makefile fence/agents/ipdu/Makefile fence/agents/ifmib/Makefile fence/agents/ilo/Makefile fence/agents/ilo_mp/Makefile fence/agents/intelmodular/Makefile fence/agents/ipmilan/Makefile fence/agents/kdump/Makefile fence/agents/ldom/Makefile fence/agents/lib/Makefile fence/agents/lpar/Makefile fence/agents/manual/Makefile fence/agents/mcdata/Makefile fence/agents/nss_wrapper/Makefile fence/agents/rackswitch/Makefile fence/agents/ovh/Makefile fence/agents/rhevm/Makefile fence/agents/rsa/Makefile fence/agents/rsb/Makefile fence/agents/sanbox2/Makefile fence/agents/scsi/Makefile fence/agents/virsh/Makefile fence/agents/vixel/Makefile fence/agents/vmware/Makefile fence/agents/vmware_soap/Makefile fence/agents/wti/Makefile fence/agents/xcat/Makefile fence/agents/xenapi/Makefile fence/agents/hds_cb/Makefile fence/agents/zvm/Makefile doc/Makefile"
++# Extract the first word of "gnutlscli", so it can be a program name with args.
++set dummy gnutlscli; ac_word=$2
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
++$as_echo_n "checking for $ac_word... " >&6; }
++if ${ac_cv_path_GNUTLSCLI_PATH+:} false; then :
++ $as_echo_n "(cached) " >&6
++else
++ case $GNUTLSCLI_PATH in
++ [\\/]* | ?:[\\/]*)
++ ac_cv_path_GNUTLSCLI_PATH="$GNUTLSCLI_PATH" # Let the user override the test with a path.
++ ;;
++ *)
++ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
++for as_dir in $PATH
++do
++ IFS=$as_save_IFS
++ test -z "$as_dir" && as_dir=.
++ for ac_exec_ext in '' $ac_executable_extensions; do
++ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
++ ac_cv_path_GNUTLSCLI_PATH="$as_dir/$ac_word$ac_exec_ext"
++ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
++ break 2
++ fi
++done
++ done
++IFS=$as_save_IFS
++
++ test -z "$ac_cv_path_GNUTLSCLI_PATH" && ac_cv_path_GNUTLSCLI_PATH="/usr/bin/gnutls-cli"
++ ;;
++esac
++fi
++GNUTLSCLI_PATH=$ac_cv_path_GNUTLSCLI_PATH
++if test -n "$GNUTLSCLI_PATH"; then
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GNUTLSCLI_PATH" >&5
++$as_echo "$GNUTLSCLI_PATH" >&6; }
++else
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++fi
++
++
++
++ac_config_files="$ac_config_files Makefile fence/Makefile fence/agents/Makefile fence/agents/alom/Makefile fence/agents/apc/Makefile fence/agents/apc_snmp/Makefile fence/agents/baytech/Makefile fence/agents/bladecenter/Makefile fence/agents/brocade/Makefile fence/agents/bullpap/Makefile fence/agents/cisco_mds/Makefile fence/agents/cisco_ucs/Makefile fence/agents/cpint/Makefile fence/agents/drac/Makefile fence/agents/drac5/Makefile fence/agents/dummy/Makefile fence/agents/eaton_snmp/Makefile fence/agents/egenera/Makefile fence/agents/eps/Makefile fence/agents/hpblade/Makefile fence/agents/ibmblade/Makefile fence/agents/ipdu/Makefile fence/agents/ifmib/Makefile fence/agents/ilo/Makefile fence/agents/ilo_mp/Makefile fence/agents/intelmodular/Makefile fence/agents/ipmilan/Makefile fence/agents/kdump/Makefile fence/agents/ldom/Makefile fence/agents/lib/Makefile fence/agents/lpar/Makefile fence/agents/manual/Makefile fence/agents/mcdata/Makefile fence/agents/rackswitch/Makefile fence/agents/ovh/Makefile fence/agents/rhevm/Makefile fence/agents/rsa/Makefile fence/agents/rsb/Makefile fence/agents/sanbox2/Makefile fence/agents/scsi/Makefile fence/agents/virsh/Makefile fence/agents/vixel/Makefile fence/agents/vmware/Makefile fence/agents/vmware_soap/Makefile fence/agents/wti/Makefile fence/agents/xcat/Makefile fence/agents/xenapi/Makefile fence/agents/hds_cb/Makefile fence/agents/zvm/Makefile doc/Makefile"
+
+
+ cat >confcache <<\_ACEOF
+@@ -18221,7 +17938,6 @@
+ "fence/agents/lpar/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/lpar/Makefile" ;;
+ "fence/agents/manual/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/manual/Makefile" ;;
+ "fence/agents/mcdata/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/mcdata/Makefile" ;;
+- "fence/agents/nss_wrapper/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/nss_wrapper/Makefile" ;;
+ "fence/agents/rackswitch/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/rackswitch/Makefile" ;;
+ "fence/agents/ovh/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/ovh/Makefile" ;;
+ "fence/agents/rhevm/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/rhevm/Makefile" ;;
diff --git a/SOURCES/bz990539-5-remove_nss_nspr_check.patch b/SOURCES/bz990539-5-remove_nss_nspr_check.patch
new file mode 100644
index 0000000..661a27c
--- /dev/null
+++ b/SOURCES/bz990539-5-remove_nss_nspr_check.patch
@@ -0,0 +1,52 @@
+diff -urN fence-agents-4.0.2/fence/agents/Makefile.in fence-agents-4.0.2.new/fence/agents/Makefile.in
+--- fence-agents-4.0.2/fence/agents/Makefile.in 2013-07-30 12:48:53.000000000 +0200
++++ fence-agents-4.0.2.new/fence/agents/Makefile.in 2014-02-18 21:47:59.622684528 +0100
+@@ -145,6 +145,7 @@
+ EXEEXT = @EXEEXT@
+ FENCEAGENTSLIBDIR = @FENCEAGENTSLIBDIR@
+ FGREP = @FGREP@
++GNUTLSCLI_PATH = @GNUTLSCLI_PATH@
+ GREP = @GREP@
+ INSTALL = @INSTALL@
+ INSTALL_DATA = @INSTALL_DATA@
+@@ -177,9 +178,6 @@
+ PACKAGE_URL = @PACKAGE_URL@
+ PACKAGE_VERSION = @PACKAGE_VERSION@
+ PATH_SEPARATOR = @PATH_SEPARATOR@
+-PKG_CONFIG = @PKG_CONFIG@
+-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+ RANLIB = @RANLIB@
+ SED = @SED@
+ SET_MAKE = @SET_MAKE@
+@@ -227,10 +225,6 @@
+ localstatedir = @localstatedir@
+ mandir = @mandir@
+ mkdir_p = @mkdir_p@
+-nspr_CFLAGS = @nspr_CFLAGS@
+-nspr_LIBS = @nspr_LIBS@
+-nss_CFLAGS = @nss_CFLAGS@
+-nss_LIBS = @nss_LIBS@
+ oldincludedir = @oldincludedir@
+ pdfdir = @pdfdir@
+ prefix = @prefix@
+@@ -246,7 +240,6 @@
+ top_srcdir = @top_srcdir@
+ MAINTAINERCLEANFILES = Makefile.in
+ SUBDIRS = lib \
+- nss_wrapper \
+ $(AGENTS_LIST)
+
+ all: all-recursive
+@@ -261,9 +254,9 @@
+ exit 1;; \
+ esac; \
+ done; \
+- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu fence/agents/Makefile'; \
++ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign fence/agents/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+- $(AUTOMAKE) --gnu fence/agents/Makefile
++ $(AUTOMAKE) --foreign fence/agents/Makefile
+ .PRECIOUS: Makefile
+ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
diff --git a/SOURCES/bz990539-6-remove_nss_nspr_check.patch b/SOURCES/bz990539-6-remove_nss_nspr_check.patch
new file mode 100644
index 0000000..00c347a
--- /dev/null
+++ b/SOURCES/bz990539-6-remove_nss_nspr_check.patch
@@ -0,0 +1,12 @@
+diff -urN fence-agents-4.0.2.orig/fence/agents/lib/fencing.py.py fence-agents-4.0.2/fence/agents/lib/fencing.py.py
+--- fence-agents-4.0.2.orig/fence/agents/lib/fencing.py.py 2014-02-19 18:09:44.000000000 +0100
++++ fence-agents-4.0.2/fence/agents/lib/fencing.py.py 2014-02-19 18:11:04.530890059 +0100
+@@ -28,7 +28,7 @@
+
+ TELNET_PATH = "/usr/bin/telnet"
+ SSH_PATH = "/usr/bin/ssh"
+-SSL_PATH = "@GNUTLSCLI_PATH@"
++SSL_PATH = "/usr/bin/gnutls-cli"
+ SUDO_PATH = "/usr/bin/sudo"
+
+ all_opt = {
diff --git a/SOURCES/bz990539-7-allow_notls_negotiation_with_old_devices.patch b/SOURCES/bz990539-7-allow_notls_negotiation_with_old_devices.patch
new file mode 100644
index 0000000..ef004f1
--- /dev/null
+++ b/SOURCES/bz990539-7-allow_notls_negotiation_with_old_devices.patch
@@ -0,0 +1,79 @@
+diff -Naurd fence-agents-4.0.2.orig/fence/agents/cisco_ucs/fence_cisco_ucs.py fence-agents-4.0.2/fence/agents/cisco_ucs/fence_cisco_ucs.py
+--- fence-agents-4.0.2.orig/fence/agents/cisco_ucs/fence_cisco_ucs.py 2013-07-30 12:46:11.000000000 +0200
++++ fence-agents-4.0.2/fence/agents/cisco_ucs/fence_cisco_ucs.py 2014-02-20 11:53:07.576955152 +0100
+@@ -107,7 +107,7 @@
+ "order" : 1 }
+
+ def main():
+- device_opt = [ "ipaddr", "login", "passwd", "ssl", "port", "web", "suborg" ]
++ device_opt = [ "ipaddr", "login", "passwd", "ssl", "notls", "port", "web", "suborg" ]
+
+ atexit.register(atexit_handler)
+
+diff -Naurd fence-agents-4.0.2.orig/fence/agents/ilo/fence_ilo.py fence-agents-4.0.2/fence/agents/ilo/fence_ilo.py
+--- fence-agents-4.0.2.orig/fence/agents/ilo/fence_ilo.py 2014-02-20 11:52:28.948883919 +0100
++++ fence-agents-4.0.2/fence/agents/ilo/fence_ilo.py 2014-02-20 11:53:07.655955297 +0100
+@@ -63,7 +63,7 @@
+ "order" : 1 }
+
+ def main():
+- device_opt = [ "ipaddr", "login", "passwd", "ssl", "ribcl" ]
++ device_opt = [ "ipaddr", "login", "passwd", "ssl", "notls", "ribcl" ]
+
+ atexit.register(atexit_handler)
+
+diff -Naurd fence-agents-4.0.2.orig/fence/agents/lib/fencing.py.py fence-agents-4.0.2/fence/agents/lib/fencing.py.py
+--- fence-agents-4.0.2.orig/fence/agents/lib/fencing.py.py 2014-02-20 11:52:29.345884646 +0100
++++ fence-agents-4.0.2/fence/agents/lib/fencing.py.py 2014-02-20 11:53:07.655955297 +0100
+@@ -177,6 +177,14 @@
+ "required" : "0",
+ "shortdesc" : "SSL connection",
+ "order" : 1 },
++ "notls" : {
++ "getopt" : "t",
++ "longopt" : "notls",
++ "help" : "-t, --notls Disable TLS negotiation and force SSL3.0.\n" +
++ " This should only be used for devices that do not support TLS1.0 and up.",
++ "required" : "0",
++ "shortdesc" : "Disable TLS negotiation",
++ "order" : 1 },
+ "port" : {
+ "getopt" : "n:",
+ "longopt" : "plug",
+@@ -927,7 +935,11 @@
+ re_pass = re.compile("(password)|(pass phrase)", re.IGNORECASE)
+
+ if options.has_key("--ssl"):
+- command = '%s --insecure --crlf -p %s %s' % (SSL_PATH, options["--ipport"], options["--ip"])
++ gnutls_opts=""
++ if options.has_key("--notls"):
++ gnutls_opts = "--priority \"NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0\""
++
++ command = '%s %s --insecure --crlf -p %s %s' % (SSL_PATH, gnutls_opts, options["--ipport"], options["--ip"])
+ try:
+ conn = fspawn(options, command)
+ except pexpect.ExceptionPexpect, ex:
+diff -Naurd fence-agents-4.0.2.orig/fence/agents/rhevm/fence_rhevm.py fence-agents-4.0.2/fence/agents/rhevm/fence_rhevm.py
+--- fence-agents-4.0.2.orig/fence/agents/rhevm/fence_rhevm.py 2013-07-30 12:46:12.000000000 +0200
++++ fence-agents-4.0.2/fence/agents/rhevm/fence_rhevm.py 2014-02-20 11:53:07.655955297 +0100
+@@ -101,7 +101,7 @@
+ return result
+
+ def main():
+- device_opt = [ "ipaddr", "login", "passwd", "ssl", "web", "port" ]
++ device_opt = [ "ipaddr", "login", "passwd", "ssl", "notls", "web", "port" ]
+
+ atexit.register(atexit_handler)
+
+diff -Naurd fence-agents-4.0.2.orig/fence/agents/vmware_soap/fence_vmware_soap.py fence-agents-4.0.2/fence/agents/vmware_soap/fence_vmware_soap.py
+--- fence-agents-4.0.2.orig/fence/agents/vmware_soap/fence_vmware_soap.py 2014-02-20 11:52:29.000884014 +0100
++++ fence-agents-4.0.2/fence/agents/vmware_soap/fence_vmware_soap.py 2014-02-20 11:53:07.656955299 +0100
+@@ -177,7 +177,7 @@
+ shutil.rmtree(tmp_dir)
+
+ def main():
+- device_opt = [ "ipaddr", "login", "passwd", "web", "ssl", "port" ]
++ device_opt = [ "ipaddr", "login", "passwd", "web", "ssl", "notls", "port" ]
+
+ atexit.register(atexit_handler)
+
diff --git a/SOURCES/bz994466-1-fence_scsi-automatic_key_generation.patch b/SOURCES/bz994466-1-fence_scsi-automatic_key_generation.patch
new file mode 100644
index 0000000..c855179
--- /dev/null
+++ b/SOURCES/bz994466-1-fence_scsi-automatic_key_generation.patch
@@ -0,0 +1,92 @@
+From 116512c174f4acef0faee4459158c45ddf6922d2 Mon Sep 17 00:00:00 2001
+From: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Wed, 22 Jan 2014 15:35:20 +0100
+Subject: [PATCH 2/3] fence_scsi: Replace automatic key generation to work
+ with corosync clusters instead of cman
+
+Resolves: rhbz#994466
+---
+ fence/agents/scsi/fence_scsi.pl | 38 ++++++++++++++++++++++----------------
+ 1 files changed, 22 insertions(+), 16 deletions(-)
+
+diff --git a/fence/agents/scsi/fence_scsi.pl b/fence/agents/scsi/fence_scsi.pl
+index c959417..3ad0f09 100644
+--- a/fence/agents/scsi/fence_scsi.pl
++++ b/fence/agents/scsi/fence_scsi.pl
+@@ -5,6 +5,7 @@ use File::Basename;
+ use File::Path;
+ use Getopt::Std;
+ use POSIX;
++use B;
+
+ #BEGIN_VERSION_GENERATION
+ $RELEASE_VERSION="";
+@@ -426,10 +427,10 @@ sub get_key ($)
+ sub get_node_id ($)
+ {
+ my $self = (caller(0))[3];
+- my $node_id;
++ my $node = $_[0];
+
+- my $cmd = "cman_tool nodes -n $_[0] -F id";
+- my $out = qx { $cmd 2> /dev/null };
++ my $cmd = "/sbin/corosync-cmapctl nodelist.";
++ my @out = qx { $cmd 2> /dev/null };
+ my $err = ($?>>8);
+
+ if ($err != 0) {
+@@ -438,11 +439,14 @@ sub get_node_id ($)
+
+ # die "[error]: $self\n" if ($?>>8);
+
+- chomp ($out);
+-
+- $node_id = $out;
+-
+- return ($node_id);
++ foreach my $line (@out) {
++ chomp($line);
++ if ($line =~ /.(\d+?).ring._addr \(str\) = ${node}$/) {
++ return $1;
++ }
++ }
++
++ log_error("$self (unable to parse output of corosync-cmapctl or node does not exist)");
+ }
+
+ sub get_cluster_id ()
+@@ -450,8 +454,8 @@ sub get_cluster_id ()
+ my $self = (caller(0))[3];
+ my $cluster_id;
+
+- my $cmd = "cman_tool status";
+- my @out = qx { $cmd 2> /dev/null };
++ my $cmd = "/sbin/corosync-cmapctl totem.cluster_name";
++ my $out = qx { $cmd 2> /dev/null };
+ my $err = ($?>>8);
+
+ if ($err != 0) {
+@@ -460,12 +464,14 @@ sub get_cluster_id ()
+
+ # die "[error]: $self\n" if ($?>>8);
+
+- foreach (@out) {
+- chomp;
+- my ($param, $value) = split (/\s*:\s*/, $_);
+- if ($param =~ /^cluster\s+id/i) {
+- $cluster_id = $value;
+- }
++ chomp($out);
++
++ if ($out =~ /=\s(.*?)$/) {
++ my $cluster_name = $1;
++ # tranform string to a number
++ $cluster_id = (hex B::hash($cluster_name)) % 65536;
++ } else {
++ log_error("$self (unable to parse output of corosync-cmapctl)");
+ }
+
+ return ($cluster_id);
+--
+1.7.7.6
+
diff --git a/SOURCES/bz994466-2-fence_scsi-automatic_key_generation.patch b/SOURCES/bz994466-2-fence_scsi-automatic_key_generation.patch
new file mode 100644
index 0000000..cd2e139
--- /dev/null
+++ b/SOURCES/bz994466-2-fence_scsi-automatic_key_generation.patch
@@ -0,0 +1,36 @@
+From cc04df682a343c6627c250cffc0f4d60383a7baa Mon Sep 17 00:00:00 2001
+From: Marek 'marx' Grac <mgrac@redhat.com>
+Date: Thu, 23 Jan 2014 17:32:25 +0100
+Subject: [PATCH 3/3] fence_scsi: Change path to corosync from /sbin to
+ /usr/sbin
+
+/sbin is just a symlink to /usr/bin - so it does not impact functionality
+---
+ fence/agents/scsi/fence_scsi.pl | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fence/agents/scsi/fence_scsi.pl b/fence/agents/scsi/fence_scsi.pl
+index 3ad0f09..6808ff5 100644
+--- a/fence/agents/scsi/fence_scsi.pl
++++ b/fence/agents/scsi/fence_scsi.pl
+@@ -429,7 +429,7 @@ sub get_node_id ($)
+ my $self = (caller(0))[3];
+ my $node = $_[0];
+
+- my $cmd = "/sbin/corosync-cmapctl nodelist.";
++ my $cmd = "/usr/sbin/corosync-cmapctl nodelist.";
+ my @out = qx { $cmd 2> /dev/null };
+ my $err = ($?>>8);
+
+@@ -454,7 +454,7 @@ sub get_cluster_id ()
+ my $self = (caller(0))[3];
+ my $cluster_id;
+
+- my $cmd = "/sbin/corosync-cmapctl totem.cluster_name";
++ my $cmd = "/usr/sbin/corosync-cmapctl totem.cluster_name";
+ my $out = qx { $cmd 2> /dev/null };
+ my $err = ($?>>8);
+
+--
+1.7.7.6
+
diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec
old mode 100755
new mode 100644
index d553c05..f0a4b9e
--- a/SPECS/fence-agents.spec
+++ b/SPECS/fence-agents.spec
@@ -16,7 +16,7 @@
Name: fence-agents
Summary: Fence Agents for Red Hat Cluster
Version: 4.0.2
-Release: 6%{?alphatag:.%{alphatag}}%{?dist}
+Release: 21%{?alphatag:.%{alphatag}}%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
URL: http://sourceware.org/cluster/wiki/
@@ -38,6 +38,26 @@ Patch13: bz1022533-invalid_use_of_options-2.patch
Patch14: bz1022533-invalid_use_of_options-3.patch
Patch15: bz1022529-ensure_validity_of_xml_metadata-2.patch
Patch16: bz1021392-fence_brocade-add_agent.patch
+Patch17: bz1021392-fencing_default_action_off.patch
+Patch18: bz994466-1-fence_scsi-automatic_key_generation.patch
+Patch19: bz994466-2-fence_scsi-automatic_key_generation.patch
+Patch20: bz1022529-ensure_validity_of_xml_metadata-3.patch
+Patch21: bz1022536-2-fence_wti-named_groups.patch
+Patch22: bz1057299-fence_vmware_soap-add_delay.patch
+Patch23: bz1048843-fencing-do_not_use_public_keys.patch
+Patch24: bz990539-1-replacing_nss_wrapperr.patch
+Patch25: bz990539-2-replacing_nss_wrapperr.patch
+Patch26: bz1018780-fence_vmware_soap-Unknown-exception.patch
+Patch27: bz990539-3-remove_nss_nspr_check.patch
+Patch28: bz990539-4-remove_nss_nspr_check.patch
+Patch29: bz990539-5-remove_nss_nspr_check.patch
+Patch30: bz990539-6-remove_nss_nspr_check.patch
+Patch31: bz990539-7-allow_notls_negotiation_with_old_devices.patch
+Patch32: bz1018780-fence_vmware_soap_suppress_suds_message.patch
+Patch33: bz1018780-fence_vmware_soap_fix_option_parsing_from_stdin.patch
+Patch34: bz1072564-feature_ssl-secure.patch
+Patch35: bz1072564-2-feature_ssl-secure.patch
+Patch36: bz1073947-ssh_login_failed.patch
%if 0%{?fedora}
%global supportedagents alom apc apc_snmp bladecenter brocade cisco_mds cisco_ucs drac5 eaton_snmp eps hpblade ibmblade ifmib ilo ilo_mp intelmodular ipdu ipmilan kdump ldom lpar rhevm rsa rsb scsi vmware_soap wti
@@ -58,9 +78,9 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
# Build dependencies
BuildRequires: perl
BuildRequires: glibc-devel
-BuildRequires: nss-devel nspr-devel
+BuildRequires: gnutls-utils
BuildRequires: libxslt
-BuildRequires: python pexpect python-pycurl python-suds
+BuildRequires: python pexpect python-pycurl python-suds python-requests
BuildRequires: perl(Net::Telnet) net-snmp-utils
%if 0%{?fedora}
BuildRequires: perl(Pod::MinimumVersion)
@@ -76,7 +96,7 @@ BuildRequires: perl(Pod::MinimumVersion)
%patch5 -p1 -b .bug5
%patch6 -p1 -b .bz1012994
%patch7 -p1 -b .bz1022528
-%patch8 -p1 -b .bz1018780
+%patch8 -p1 -b .bz1018780-1
%patch9 -p1 -b .bz1022536
%patch10 -p1 -b .bz1022538
%patch11 -p1 -b .bz1022529-1
@@ -85,6 +105,26 @@ BuildRequires: perl(Pod::MinimumVersion)
%patch14 -p1 -b .bz1022533-3
%patch15 -p1 -b .bz1022529-2
%patch16 -p1 -b .bz1021392
+%patch17 -p1 -b .bz1021392
+%patch18 -p1 -b .bz994466-1
+%patch19 -p1 -b .bz994466-2
+%patch20 -p1 -b .bz1022529-3
+%patch21 -p1 -b .bz1022536-2
+%patch22 -p1 -b .bz1057299
+%patch23 -p1 -b .bz1048843
+%patch24 -p1 -b .bz990539-1
+%patch25 -p1 -b .bz990539-2
+%patch26 -p1 -b .bz1018780-2
+%patch27 -p1 -b .bz990539-3
+%patch28 -p1 -b .bz990539-4
+%patch29 -p1 -b .bz990539-5
+%patch30 -p1 -b .bz990539-6
+%patch31 -p1 -b .bz990539-7
+%patch32 -p1 -b .bz1018780-3
+%patch33 -p1 -b .bz1018780-4
+%patch34 -p1 -b .bz1072564-1
+%patch35 -p1 -b .bz1072564-2
+%patch36 -p1 -b .bz1073947-1
%build
%{configure} --with-agents='%{supportedagents} %{testagents}'
@@ -103,9 +143,6 @@ rm -rf %{buildroot}/usr/share/doc/fence-agents
%clean
rm -rf %{buildroot}
-%post
-ccs_update_schema > /dev/null 2>&1 ||:
-
%description
Red Hat Fence Agents is a collection of scripts to handle remote
power management for several devices.
@@ -130,6 +167,9 @@ License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agents
Requires: %{allfenceagents}
+%ifarch i686 x86_64
+Requires: fence-virt
+%endif
Provides: fence-agents = %{version}-%{release}
Obsoletes: fence-agents < 3.1.13
%description all
@@ -141,7 +181,8 @@ Red Hat Fence Agents is a collection of all supported fence agents.
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for SUN ALOM
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description alom
Red Hat Fence Agents
@@ -155,7 +196,8 @@ Red Hat Fence Agents
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for APC devices
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description apc
The fence-agents-apc package contains a fence agent for APC devices that are accessed via telnet or SSH.
@@ -168,7 +210,8 @@ The fence-agents-apc package contains a fence agent for APC devices that are acc
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for APC devices (SNMP)
-Requires: fence-agents-common net-snmp-utils
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: net-snmp-utils
Obsoletes: fence-agents
%description apc-snmp
The fence-agents-apc-snmp package contains a fence agent for APC devices that are accessed via the SNMP protocol.
@@ -181,7 +224,8 @@ The fence-agents-apc-snmp package contains a fence agent for APC devices that ar
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for IBM BladeCenter
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description bladecenter
The fence-agents-bladecenter package contains a fence agent for IBM BladeCenter devices that are accessed via telnet or SSH.
@@ -194,7 +238,8 @@ The fence-agents-bladecenter package contains a fence agent for IBM BladeCenter
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for HP Brocade
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description brocade
The fence-agents-brocade package contains a fence agent for HP Brocade devices that are accessed via telnet or SSH.
@@ -207,7 +252,8 @@ The fence-agents-brocade package contains a fence agent for HP Brocade devices t
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for Cisco MDS 9000 series
-Requires: fence-agents-common net-snmp-utils
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: net-snmp-utils
Obsoletes: fence-agents
%description cisco-mds
The fence-agents-cisco-mds package contains a fence agent for Cisco MDS 9000 series devices that are accessed via the SNMP protocol.
@@ -220,7 +266,8 @@ The fence-agents-cisco-mds package contains a fence agent for Cisco MDS 9000 ser
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for Cisco UCS series
-Requires: fence-agents-common pycurl
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: pycurl
Obsoletes: fence-agents
%description cisco-ucs
The fence-agents-cisco-ucs package contains a fence agent for Cisco UCS series devices that are accessed via the SNMP protocol.
@@ -233,7 +280,8 @@ The fence-agents-cisco-ucs package contains a fence agent for Cisco UCS series d
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for Dell DRAC 5
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description drac5
The fence-agents-drac5 package contains a fence agent for Dell DRAC 5 series devices that are accessed via telnet or SSH.
@@ -246,7 +294,8 @@ The fence-agents-drac5 package contains a fence agent for Dell DRAC 5 series dev
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for Eaton network power switches
-Requires: fence-agents-common net-snmp-utils
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: net-snmp-utils
Obsoletes: fence-agents
%description eaton-snmp
The fence-agents-eaton-snmp package contains a fence agent for Eaton network power switches that are accessed via the SNMP protocol.
@@ -259,7 +308,7 @@ The fence-agents-eaton-snmp package contains a fence agent for Eaton network pow
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for ePowerSwitch 8M+ power switches
-Requires: fence-agents-common
+Requires: fence-agents-common >= %{version}-%{release}
Obsoletes: fence-agents
%description eps
The fence-agents-eps package contains a fence agent for ePowerSwitch 8M+ power switches that are accessed via the HTTP(s) protocol.
@@ -272,7 +321,8 @@ The fence-agents-eps package contains a fence agent for ePowerSwitch 8M+ power s
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for HP BladeSystem devices
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description hpblade
The fence-agents-hpblade package contains a fence agent for HP BladeSystem devices that are accessed via telnet or SSH.
@@ -285,7 +335,8 @@ The fence-agents-hpblade package contains a fence agent for HP BladeSystem devic
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for IBM BladeCenter
-Requires: fence-agents-common net-snmp-utils
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: net-snmp-utils
Obsoletes: fence-agents
%description ibmblade
The fence-agents-ibmblade package contains a fence agent for IBM BladeCenter devices that are accessed via the SNMP protocol.
@@ -298,7 +349,8 @@ The fence-agents-ibmblade package contains a fence agent for IBM BladeCenter dev
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for devices with IF-MIB interfaces
-Requires: fence-agents-common net-snmp-utils
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: net-snmp-utils
Obsoletes: fence-agents
%description ifmib
The fence-agents-ifmib package contains a fence agent for IF-MIB interfaces that are accessed via the SNMP protocol.
@@ -311,13 +363,13 @@ The fence-agents-ifmib package contains a fence agent for IF-MIB interfaces that
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for HP iLO2 devices
-Requires: fence-agents-common
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: gnutls-utils
Obsoletes: fence-agents
%description ilo2
The fence-agents-ilo2 package contains a fence agent for HP iLO2 devices that are accessed via the HTTP(s) protocol.
%files ilo2
%defattr(-,root,root,-)
-%{_libexecdir}/fence_nss_wrapper
%{_sbindir}/fence_ilo
%{_sbindir}/fence_ilo2
%{_mandir}/man8/fence_ilo.8*
@@ -327,7 +379,8 @@ The fence-agents-ilo2 package contains a fence agent for HP iLO2 devices that ar
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for HP iLO MP devices
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description ilo-mp
The fence-agents-ilo-mp package contains a fence agent for HP iLO MP devices that are accessed via telnet or SSH.
@@ -340,7 +393,8 @@ The fence-agents-ilo-mp package contains a fence agent for HP iLO MP devices tha
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for devices with Intel Modular interfaces
-Requires: fence-agents-common net-snmp-utils
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: net-snmp-utils
Obsoletes: fence-agents
%description intelmodular
The fence-agents-intelmodular package contains a fence agent for Intel Modular interfaces that are accessed via the SNMP protocol.
@@ -353,7 +407,8 @@ The fence-agents-intelmodular package contains a fence agent for Intel Modular i
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for IBM iPDU network power switches
-Requires: fence-agents-common net-snmp-utils
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: net-snmp-utils
Obsoletes: fence-agents
%description ipdu
The fence-agents-ipdu package contains a fence agent for IBM iPDU network power switches that are accessed via the SNMP protocol.
@@ -366,7 +421,8 @@ The fence-agents-ipdu package contains a fence agent for IBM iPDU network power
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for devices with IPMI interface
-Requires: fence-agents-common /usr/bin/ipmitool
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: /usr/bin/ipmitool
Obsoletes: fence-agents
%description ipmilan
The fence-agents-ipmilan package contains a fence agent for devices with IPMI interface.
@@ -387,7 +443,7 @@ The fence-agents-ipmilan package contains a fence agent for devices with IPMI in
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for use with kdump crash recovery service
-Requires: fence-agents-common
+Requires: fence-agents-common >= %{version}-%{release}
Obsoletes: fence-agents
%description kdump
The fence-agents-kdump package contains a fence agent for use with kdump crash recovery service.
@@ -403,10 +459,11 @@ The fence-agents-kdump package contains a fence agent for use with kdump crash r
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for Sun LDom virtual machines
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description ldom
-The fence-agents-ldom package contains a fence agent for APC devices that are accessed via telnet or SSH.
+The fence-agents-ldom package contains a fence agent for Sun LDom devices that are accessed via telnet or SSH.
%files ldom
%defattr(-,root,root,-)
%{_sbindir}/fence_ldom
@@ -418,7 +475,8 @@ The fence-agents-ldom package contains a fence agent for APC devices that are ac
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for IBM LPAR
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description lpar
The fence-agents-lpar package contains a fence agent for IBM LPAR devices that are accessed via telnet or SSH.
@@ -432,7 +490,7 @@ The fence-agents-lpar package contains a fence agent for IBM LPAR devices that a
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for RHEV-M
-Requires: fence-agents-common
+Requires: fence-agents-common >= %{version}-%{release}
Obsoletes: fence-agents
%description rhevm
The fence-agents-rhevm package contains a fence agent for RHEV-M via REST API
@@ -446,7 +504,8 @@ The fence-agents-rhevm package contains a fence agent for RHEV-M via REST API
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for IBM RSA II
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description rsa
The fence-agents-rsa package contains a fence agent for IBM RSA II devices that are accessed via telnet or SSH.
@@ -460,7 +519,8 @@ The fence-agents-rsa package contains a fence agent for IBM RSA II devices that
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for Fujitsu RSB
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description rsb
The fence-agents-rsb package contains a fence agent for Fujitsu RSB devices that are accessed via telnet or SSH.
@@ -474,7 +534,8 @@ The fence-agents-rsb package contains a fence agent for Fujitsu RSB devices that
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for QLogic SANBox2 FC switches
-Requires: fence-agents-common telnet
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet
Obsoletes: fence-agents
%description sanbox2
The fence-agents-sanbox2 package contains a fence agent for QLogic SANBox2 switches that are accessed via telnet.
@@ -502,7 +563,8 @@ The fence-agents-scsi package contains fence agent for SCSI persisent reservatio
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for virtual machines based on libvirt
-Requires: fence-agents-common openssh-clients /usr/bin/virsh
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: openssh-clients /usr/bin/virsh
Obsoletes: fence-agents
%description virsh
The fence-agents-virsh package contains a fence agent for virtual machines that are accessed via SSH.
@@ -515,7 +577,8 @@ The fence-agents-virsh package contains a fence agent for virtual machines that
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for VMWare with SOAP API v4.1+
-Requires: fence-agents-common python-suds
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: python-suds python-requests
Obsoletes: fence-agents
%description vmware-soap
The fence-agents-vmware-soap package contains a fence agent for VMWare with SOAP API v4.1+
@@ -528,7 +591,8 @@ The fence-agents-vmware-soap package contains a fence agent for VMWare with SOAP
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
Summary: Fence agent for WTI Network power switches
-Requires: fence-agents-common telnet openssh-clients
+Requires: fence-agents-common >= %{version}-%{release}
+Requires: telnet openssh-clients
Obsoletes: fence-agents
%description wti
The fence-agents-wti package contains a fence agent for WTI network power switches that are accessed via telnet or SSH.
@@ -538,6 +602,72 @@ The fence-agents-wti package contains a fence agent for WTI network power switch
%{_mandir}/man8/fence_wti.8*
%changelog
+* Wed Mar 19 2014 Marek Grac <mgrac@redhat.com> - 4.0.2-21
+- fencing: Add --ssl-secure and --ssl-insecure for fence_vmware_soap
+ Resolves: rhbz#1072564
+
+* Fri Mar 07 2014 Marek Grac <mgrac@redhat.com> - 4.0.2-20
+- fencing: Add --ssl-secure and --ssl-insecure for fence_vmware_soap
+ Resolves: rhbz#1072564
+
+* Wed Mar 05 2014 Marek Grac <mgrac@redhat.com> - 4.0.2-19
+- fencing: Add --ssl-secure and --ssl-insecure
+ Resolves: rhbz#1072564
+
+* Thu Feb 27 2014 Fabio M. Di Nitto <fdinitto@redhat.com> - 4.0.2-18
+- fence_vmware_soap: fix short/long option parsing traceback
+ Resolves: rhbz#1018780
+
+* Wed Feb 26 2014 Fabio M. Di Nitto <fdinitto@redhat.com> - 4.0.2-17
+- Fix fence-agents-* Requires on proper fence-agents-common and silence
+ suds error
+ Resolves: rhbz#1018780
+
+* Thu Feb 20 2014 Fabio M. Di Nitto <fdinitto@redhat.com> - 4.0.2-16
+- Allow ssl connections to disable TLS negotiation with "notls" option.
+ Resolves: rhbz#990539
+
+* Wed Feb 19 2014 Marek Grac <mgrac@redhat.com> - 4.0.2-15
+- Fix dependencies issues
+
+* Mon Feb 17 2014 Marek Grac <mgrac@redhat.com> - 4.0.2-14
+- fence_vmware_soap: Fix unexpected exception
+ Resolves: rhbz#1018780
+- nss_wrapper was replaced by gnutls-cli
+ Resolves: rhbz#990539
+
+* Wed Jan 29 2014 Marek Grac <mgrac@redhat.com> - 4.0.2-13
+- fencing: Do not use public key if identity file is not defined
+ Resolves: rhbz#1048843
+- fence_vmware_soap: Add support for --delay option
+ Resolves: rhbz#1057299
+- fence_wti: Add support for named groups (also for firmware 1.43)
+ Resolves: rhbz#1022536
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 4.0.2-12
+- Mass rebuild 2014-01-24
+
+* Thu Jan 23 2014 Marek Grac <mgrac@redhat.com> - 4.0.2-11
+- fencing: Ensure validity of XML metadata using Relax NG
+ Resolves: rhbz#1022529
+
+* Thu Jan 23 2014 Marek Grac <mgrac@redhat.com> - 4.0.2-10
+- fix default action for fabric fencing agents
+ Resolves: rhbz#1021392
+- modify key generation in fence_scsi to support pacemaker/corosync cluster
+ Resolves: rhbz#994466
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 4.0.2-9
+- Mass rebuild 2013-12-27
+
+* Wed Nov 20 2013 Marek Grac <mgrac@redhat.com> - 4.0.2-8
+- fence-agents-all now includes fence-virt which is not available everywhere
+ Resolves: rhbz#1028940
+
+* Tue Nov 12 2013 Marek Grac <mgrac@redhat.com> - 4.0.2-7
+- fence-agents-all now includes fence-virt
+ Resolves: rhbz#1028940
+
* Mon Nov 04 2013 Marek Grac <mgrac@redhat.com> - 4.0.2-6
- fencing: Ensure validity of XML metadata using Relax NG
Resolves: rhbz#1022529