Revert pyghmi to insecure version

- Pyghmi 1.0.44 uses pycrypto 2.6.1 which has an open CVE
  against it.
- Updating Pyghmi to 1.1.0+ to absorb the change to cryptography
  breaks functionality in all testing against baremetal IPMI
  interfaces.
- This reversion has minimal risk because the only usage of pycrypto
  in Drydock is via the Pyghmi library to initiate connections to
  server IPMI interfaces. Arbitrary user input is not used for any
  pycrypto arguments.
- This is a temporary solution, longterm Drydock will move away from
  Pyghmi - either to a different IPMI library or to no IPMI support
  and instead using Redfish.

Change-Id: Ie5cd021528f61a3a2c04b156bf60b94b8f42dd5c
This commit is contained in:
Scott Hussey 2018-09-21 11:59:12 -05:00
parent b1d24ad254
commit 6697c0f23f
2 changed files with 5 additions and 8 deletions

View File

@ -1,5 +1,5 @@
PyYAML==3.12
pyghmi==1.1.0
pyghmi==1.0.44
netaddr
falcon
oslo.versionedobjects==1.23.0

View File

@ -1,15 +1,12 @@
alembic==0.8.2
amqp==2.3.2
asn1crypto==0.24.0
Babel==2.6.0
Beaker==1.9.1
cachetools==2.1.0
certifi==2018.8.24
cffi==1.11.5
chardet==3.0.4
click==6.7
contextlib2==0.5.5
cryptography==2.3.1
debtcollector==1.20.0
defusedxml==0.5.0
dnspython==1.15.0
@ -54,10 +51,10 @@ prettytable==0.7.2
psycopg2==2.7.3.1
PTable==0.9.2
pycadf==2.8.0
pycparser==2.18
pyghmi==1.1.0
pycrypto==2.6.1
pyghmi==1.0.44
pymongo==3.6.1
pyparsing==2.2.0
pyparsing==2.2.1
python-dateutil==2.7.3
python-editor==1.0.3
python-keystoneclient==3.17.0
@ -68,7 +65,7 @@ repoze.lru==0.7
requests==2.19.1
rfc3986==1.1.0
Routes==2.4.1
setuptools==40.3.0
setuptools==40.4.1
six==1.11.0
SQLAlchemy==1.2.8
statsd==3.3.0