fixes for CVE-2013-6437

Package-Manager: portage-2.2.7/cvs/Linux x86_64 Manifest-Sign-Key: 0x2471EB3E40AC5AC3
author: Matt Thode <prometheanfire@gentoo.org> 2013-12-19 03:30:09 +0000
committer: Matt Thode <prometheanfire@gentoo.org> 2013-12-19 03:30:09 +0000
commit: 2242312218562fe949e7394491106f44e867cf8b (patch)
tree: d90c77339cd6726e237a21db43c6c9d468700e9b /sys-cluster
parent: Version bump. (diff)
download: historical-2242312218562fe949e7394491106f44e867cf8b.tar.gz
historical-2242312218562fe949e7394491106f44e867cf8b.tar.bz2
historical-2242312218562fe949e7394491106f44e867cf8b.zip
7 files changed, 286 insertions, 149 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index f889d7a7ab01..8069fa09a7ad 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-cluster/nova
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.45 2013/12/19 03:18:19 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.46 2013/12/19 03:30:01 prometheanfire Exp $
+
+*nova-2013.1.4-r3 (19 Dec 2013)
+*nova-2013.2.1-r1 (19 Dec 2013)
+
+  19 Dec 2013; Matthew Thode <prometheanfire@gentoo.org>
+  +files/CVE-2013-6437-2012.1.4.patch, +files/CVE-2013-6437-2012.2.1.patch,
+  +nova-2013.1.4-r3.ebuild, +nova-2013.2.1-r1.ebuild, -nova-2013.1.4-r2.ebuild,
+  -nova-2013.2-r3.ebuild, -nova-2013.2.1.ebuild:
+  fixes for CVE-2013-6437
 
 *nova-2013.2.1 (19 Dec 2013)
 
diff --git a/sys-cluster/nova/Manifest b/sys-cluster/nova/Manifest
index 85cccb78e0d7..8aae5308d2c5 100644
--- a/sys-cluster/nova/Manifest
+++ b/sys-cluster/nova/Manifest
@@ -5,34 +5,34 @@ AUX CVE-2013-4463_4469-grizzly.patch 19603 SHA256 72abd5f11fa8bf4c5900d4beef4111
 AUX CVE-2013-4497-grizzly-1.patch 4853 SHA256 b4477a17f45d505f0f09462888f6fdf59c2c5c89efbf38339a357f00e098c877 SHA512 9d9f4edbdcbffe9abe96526be454f68675543cf8601dac622943389350cc9d2ed28addb5e51fa61305142bd981e80d2f79f6f2b13d9bdc2ec76a1a5438d52798 WHIRLPOOL e30cd6d15c5fad7227c23a9b5a10b57cc7100b626d862a794108dd0ef3caa903bbafb1b497af2d18acbc3f371e59b924f848356134e43df323eef3db483b0c47
 AUX CVE-2013-4497-grizzly-2.patch 1945 SHA256 8c4be7bc42b485afd64d5ec1dd61ecfb5540555640c370649afc5312a3ddcac1 SHA512 1153e89733d0e8cffe1c6cbcaf9b3cabf8ebbf797e578c8ab379df9b01bd88758606ca450f0d7741efdc92869c078f4e1229b29cbb4fa9b8107ef9b92935452a WHIRLPOOL 843758c9f16fa476f0c1e67c2f3596b8adaba26f6d4dfd7c7213294221fe048b22356ba504bd264dab7313a48ce2ca0a8d968767184fe1cdb7b8ac815269ee27
 AUX CVE-2013-6419_2013.1.4.patch 5711 SHA256 0af9859e7cd0373c3c69fbb7d2256976412599cd079e696344288a81d3422bcd SHA512 b6f2fd940278cf7fa7b0a1d54d6c069f73a5c3462c4adb536c03d611c197ba3509d4464a7ef7539213ba51d749efc5ecc85800a4f86998464cdc2beb42bafd7e WHIRLPOOL ba62d91c0135a8328ca3e4048223630d2c2c133a2231e80655dc4d7dd0b772d1f81402aafaf7ec8742a77ee7cc58e7cf03d915e2058669a105c4553ccc976b48
+AUX CVE-2013-6437-2012.1.4.patch 5005 SHA256 75f90ee952d352d739c4702d72b9301c7bacd1a38fcf6601dd432cd4b057a85f SHA512 bdaba7dac2e98f251f6da04052b3bc0167068191685317b05a532372931d1c85c87a091133375b39a84ca87d961730e6f19c3aaae2ca9b7affc9fd0e47825d75 WHIRLPOOL 0404d151b89bb9852f359e27d7f553d9b80ed610a6f960a2d4a2372bf98817f7e0e69c177f2cfd15ff85a0f1043fa013b36f848c6a5b00b4a78a857bd2767a33
+AUX CVE-2013-6437-2012.2.1.patch 5116 SHA256 bca9608d40b0c70abebad6911ddb14a49f81412242465294dac0b809966f7303 SHA512 d948575d99e30663a6ab4ab84099b1a1990d1423e83ab353bf81ab1f89f2f6d69e822bc24c2f92a8f25447f6b8faf4891a6174d6c901b5703dfa897c4342d748 WHIRLPOOL 0d78c7d87d73366c6892a7c3170838c30788807e5b82766bd3bb01f0c3123c5107d1557ea7a074836dc7af6d28dc79a868adae3336e9e3a5284ea289b666f816
 AUX nova-confd 101 SHA256 d9013141618d1e8b8ba85297155747d9c8fc362238de7bba3108b9a2539c8c73 SHA512 4c7ec1d123f2cdaf394d1f4824df861bbe309b0b329db44080160d81746cd0fc9d4cc1b35da0f66ab075f1d4e835ababfb7bccaf4a2e931e60f2c0ac572a552e WHIRLPOOL 6a237357a3905d29a96b32c37f6d189e4f5cefc0986bb091e24a79295191332143741c604c2a9fd44484c75b3be89742a5570862cf0cd4ba225425f7f32b5348
 AUX nova-initd 1496 SHA256 5b5f928335ac345103492555c3bc57407f547915b099762d0087aef172e5edf8 SHA512 cca06baba484d505f3a96643d836204a08e9dde50197531cdab2d95188b992a95a375a386b9c54fcc8e0a4f6167babba975db7510db1087f044afa39effe4eec WHIRLPOOL 4c667a5cc469826063a65879c1beddc98371edf295a273c9b8f679627cabfe2260d8b3bbdf9550d3894fc1525d63b9f98d6e939406f90ac5f2f745daa59311c2
 AUX nova-sudoers 78 SHA256 9e88c2843fb74cc46802c0b103067ad12915ec50335d05e546a5dba76acb4a76 SHA512 22c0606c6335b2d1a03bd18a319a54f16f76f091b2e8416dbba05ce7c15890beff7f32f0322eb5ba3f2a5c750436cacbe0cee189b390b878e3f0c0df219ef984 WHIRLPOOL bc42ae1d12e9f900b263fd5c3d0f59062f46fbec1ff97c0bceb234082bea5943eb64795b4f5e102b8e2749c6868163e5924467088cad42df09345e3406e5f83c
 DIST nova-2013.1.4.tar.gz 5801779 SHA256 0491ec81552b9c407021941ea1c477d5bcd93ec1dcc66d5fc0c1cef594dac760 SHA512 de1addcbc4577c4a376d8762e44d6f7c455bd63ba0be9d8a6a7176ef7a24e85f2bf9014e31d1180e42e48308ee6a17dcf039da2739388501a5fedbad8e5a7f0c WHIRLPOOL 08898e55b7380bd1852c00dcd8e03d4eb06c8c888688d66ba717842929973235eb9d6d34dda4be2700f208a7ff9e088de2690a74acd97f5cb6b81bcce743ece3
 DIST nova-2013.2.1.tar.gz 8937179 SHA256 b1a4ccb24d9a55b7ef0edc1a2b4ba374d52360a1f41148c92823787e8747401e SHA512 34b8e05128e000770731c63c4240071b8a764913b42bc9284a79af3d76fb10d6c825ca78e490762237a8ee416ce04a9a3f0c7ddcad54cb6830fd6376851d050f WHIRLPOOL 9a54affc20c10d88f0f559528b5d24ce71a073b90d710b7d84be53d150a2cfe47e766a4eda3638620ba8d7075b7f354af1ada2489eb04f8d18cdeb9cee5d5016
-DIST nova-2013.2.tar.gz 8909222 SHA256 55a51f8d8b6c7b0ba6f8ff9c48604bb82a90bdc3f21460ed325d1cee2dfea95a SHA512 655d6f5a4ab9ddfb741a920417061808bf22521c967d324f0fa1856c801795969df6f4982362bce26836975c09e7f41e25575309cde5c6788ed32e69304381ea WHIRLPOOL d88272c8101426ed4930a924b254d045a5c965f867573039b72b51f7aa5ba2daa47f54332f63e09e781dd22ca55c142acdb432dc92ad366e13b56138ff8f3186
-EBUILD nova-2013.1.4-r2.ebuild 5370 SHA256 6727132e94a6c7331788a849b9f1ee1713de695655b5b48f95d271c2186272b0 SHA512 d02ad60d18972a485e2d5b3e047efb2546826522f644ab6e9270e6aef8aa9a0199728d8aa4d5a14d2464313824988bb4fb803e9d7e980833a03e051c231ce298 WHIRLPOOL b16ad90f3ae370149072880cdb793800d5a4755ea6e19fee17060662d3d8623c4f862aec64e10e13ca97c3aaa1b1444007d168e10815501d3d52d253a638748d
+EBUILD nova-2013.1.4-r3.ebuild 5414 SHA256 657c54a88120e051e5278c8669b19d03490e597d4e2e24593fd9e231a8a3d0ff SHA512 92827e0b0b9ae0650558f65a0c890335c6b3f30a80c643ad9ed57672630d0fd50aa82b7e95025b3dad6ac95a73d2f3c86569694b29f4b08f5b1737cbaf507300 WHIRLPOOL 49a6e904c2484c5be096a8d848547dc2019646254b7c05f1dcacb73eaeab6b972d66c6293784eadc6a8cd47a11359897cbb37bdcc6b580d6f19af8fa578f72a7
 EBUILD nova-2013.1.9999.ebuild 5073 SHA256 cd1b26465d4bbdbf9daa606fb4787e075461e45acf624eee0753424c2facdb44 SHA512 2d2f40807775654e9e277a8c6910555686dc7d481f75c18d710bb0c12442e92ab852b2243dfd9236ef327aec91899fcacbed55b5429bf158f3714c866b47a453 WHIRLPOOL bbe37fe1d3f294b9d871433b303c4c3265f7e6095263e10954ccd30796d57236dde2aa742bd134ff762de27d4ee3866e1da232d99b6aef68269e66bd52dc632f
-EBUILD nova-2013.2-r3.ebuild 5172 SHA256 a05a48b973ef7533cb505dfaf4b4fd13a0aa1b2978d72c1e1610300cd25198f9 SHA512 91249672afa1b797f652f6cf82173c334544a1a154752c92c787b38de2e5ad753f0aeb94f1aca626941b9d3c8a07aa5b2c43a099e6eb021eb5f397709009511d WHIRLPOOL 2912ddaec0179af7cb882c6b179256d4431a7e47be0249f1d00671f8a363b2300947fe2d389fbca5bebc59389694f3c0d5c18ca996db3332d40eb4b4c1898fc4
-EBUILD nova-2013.2.1.ebuild 5080 SHA256 159c7875c4350fb8d05632ed4e5a8524287f3167aee4d700ba4389ab593b7c48 SHA512 7fbaf143d871a7d2da8f303822cb12dbafb4c9b924dae6796d9f2dd6444e0b482481b0a5be65b99cd6756be101e6ac58b9b23fe68d640eff93c58f2287b1685a WHIRLPOOL 89b2f558266a8da8a5ee09313b4ca3518813a1af1b84bd7c76d68de95be67fa79adf6d2f832ed060cb087fbbb6837cbf3e9e25acb6136bb0fc0aa76aab049703
+EBUILD nova-2013.2.1-r1.ebuild 5127 SHA256 ee716667f991e334b7965a1b9749bac5ea19350e50c3ff2fc80fa88903b10d5f SHA512 7a67d063ce994c9f1a40f73ba466faf91c21c7fb97552d1fdc9c1d08dee4124ad1a6ff81fd9140aa8d76dc1d77a14c32d3d50ccc890528457236b0750986b580 WHIRLPOOL a7f7b7afed4fd9fd34ac8fe76084dcb57536585d4142c24ae59773b3f7cdc717b39fe693da972dcd115fcd1d37ed6ba2605f7d6cebe630f56285976fb5f3b589
 EBUILD nova-2013.2.9999.ebuild 5088 SHA256 2e0a8db3ad0eea45951794607a01b98c692557fdce6425270ce503a617c6db40 SHA512 3d4581853a013042a5bbc971998b04ee72f4b8c05e8600e07539e8d98ef83429a32058465089293016f6f571b85ead32c453b7f31d29951c792d8a86510572eb WHIRLPOOL 001e39da91eeb090ef3ef0cad66afccf3e8f91578ac8c034fc688ac3955675b0e855cfee76922402c02248488133e0916004fb4e3551aca42d39af1d017780fd
 EBUILD nova-9999.ebuild 5221 SHA256 96934150733f53305da5cbfd377e4608fb5b43932e5f98b74017fb1174f7f144 SHA512 fe2f7aa7eb89883edabe37008e1fc02f5b54ab9f0487d636765832e728c42bd447bc1490375c1d99a3677f1bf1e5e60af89eee90efcb49be046f94c95d923a0e WHIRLPOOL fac835027124b39f8f434199e1b4eaa9240b361c037d6961f6d02584e2b2a204eb9ed0ce89c39b7989b22d8d1dcf08c5c1a8437e3b39604f999979634d7c68ff
-MISC ChangeLog 10751 SHA256 191ee05eb851eb0b21660ee54f750253c9752928399d06a12ab0d220b20eae15 SHA512 71e4e216a03301e7b32736d8d3539252935626a6eb70f9717a77b5b590189355260adcf66c664eba1fb86dd1d3596139ffdbf7ca76868ce79a35d64b69d3782e WHIRLPOOL 48c62aa315da19721f5773abb802fb246d214e898ae815e96ed938b74af219fc86150a2ea49173fc684d64768b6a0ada185d2aaabe8f40eaacb17c8835315b9a
+MISC ChangeLog 11105 SHA256 c369d72b32929c35222515dbcd3efceb3fd1bf217d3eb9ea4456968508352c7d SHA512 198ffc74bde838f0662ca0320c12d12467ffd9975696f899bab27eacf6006d460a6bd0068718dcd3be71fa76eb5c81040de50e62ab6390c1104a4150ff1d4f56 WHIRLPOOL 84645e296cc56058ab9ec9d7461524db1c5a26a358fba7d1372160de51249e784e5bc24d6fc55f82b267546a2464a0b4feb0a5d328c3c6be2def80eefb77f43d
 MISC metadata.xml 1452 SHA256 29bf3efaab7a4e45f5e442b26a7606edaed3f47e4ffec3e8990f95aea6bf2450 SHA512 537664b6ff29f4afe09eb4635c2cb06d87a6c3c3101e8ef89d1ab9b5b802c79024e94a0cce5a44ec2fd5b1cc37a251dd42156a015b6a294f219b90daff17c9c1 WHIRLPOOL c6e44f9a48fea6ae2a323e9e03d8805301fb0d94bb5634b1946909715f6c05d45c49180204d00221aae1e6dc6748347b4273fae838216b5d5d07932bc473a851
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCAAGBQJSsmY9AAoJECRx6z5ArFrD5MsQAM1vnVbhsoFRmxxFIWyge2Fs
-nUTpTQ97MsGToqPnPgppf7VRqeXebs+9M5SPYz8Vxj7xVP8ZiyCWgysD80hUYvCu
-Mu9nb3nGWhX1qkO3DInV1GCOvpbjz3VHbaxHJeFqdAoiKTCA2SwKYvoq1UE7Vka6
-AvGaEuQJ6zs2tqxEsa91fonI9P8iyFRngme151+AkBo2BnZSqAG9kdGd4OLjTJHS
-R5truEi+NHXsYh6K74TaVjmbPKU+1BrSEFKb01NYrhl9s+HcGp9QVoI3G6V+OVvG
-5eLIZEJ33LTHQHurnacPXZDkvkLjlV7NQ5VJHGpHrFuEDuTYGR1wwBcNMkUWya9/
-4G28CxM7aBlXA6B0eSaDyEg/gp0t1XT8c/dS2ZQVKHoIIPsULHwdWKbkd9+bs6GH
-TxXgdfTJmzCm9PWSwv1kzYGSRd5UxL2sVEM+qeJaFqMmgvV4+mr8G2Soa6lW6kq6
-7ZMLzgm7dODHJTMwUUpBn4QCOz0vJVSFgAUC8Lx43QddEnSUXvIri16RwwBGNmAT
-+gCQcdJ/wCaxgdE3BxhYk5OV0gWavIJXM9wVARooqFFXuLhsXs02igukRuMAMV3H
-C1VBC82W/tWkFeNvVyojOXwYbPDzz3KlgavNuCGYvFqhlB8SDIFTevy/SkLT48Tz
-xN62zPOQIR4vGXcdFLGb
-=YkbM
+iQIcBAEBCAAGBQJSsmhHAAoJECRx6z5ArFrDTDAP/j3ggk+OexHq0IYWwuL5vrn9
+XujcjbKEhG3FFV40S8fNZJ3TFaJ2BsCoCSLL07bVoZgNQ+/30qSGZsvpxKG4Ce3V
+LpP4GQy4ZmgQvmUbKskPJ93MWWPeixKfbg/JjhngTNcINVIYpxX3KPdWsZoQofkB
+cfaRltNxMC9EC9hdHHzF55bNGxzYVYDcoZcFxnXIn5tYsYOV9bki7VdgOOyX8jVi
+sqIKlrBGSLZatolDt92jIcJbPvjh0Ef40N1b/3zcmaoJPLh0iCcL7hj1XVKpiWm9
++gRlPRrItH/SMOh0b+wXtnFejSWmE87LOEC5DasUvmMj+qxW+25GvDFRNsXsBTww
+/A/UOTYq/8ivlEhdup2ttbC9L7GLulnhGEra2QymOMIGVG1mwg7Czfy5LHvFaUEr
+poCnNgqckHItxxEH1lEHLzyxp+dFkB9WD2SS5DbUxrv323J18qwLkRjw0JLm6jvN
+oSZBn2cIMD5j+HO3E95csi3UbXc9VMqkcsOfAx4GpoKxMfgR7CF1YM4yCaYrkHgi
+S/qcKU20Hwc9iX47SjpiAAKECbUp0WgPQGQoAYfO+TWtIBle7l/+Kz2MeeMzLwkT
+tUV+JiulGdBeKYUBF4uun6a03+3gl9UYadEofaiR/hzDkx5jrzqIS/MLoVZAdNxX
+btTpVFWNtPnhgFiIfSGY
+=jbUW
 -----END PGP SIGNATURE-----
diff --git a/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch b/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch
new file mode 100644
index 000000000000..f679668b2c39
--- /dev/null
+++ b/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch
@@ -0,0 +1,127 @@
+From 3e451f1bac57d24e47171cffb3ad59bb1610d836 Mon Sep 17 00:00:00 2001
+From: Ryan Moore <ryan.moore@hp.com>
+Date: Fri, 29 Nov 2013 14:21:19 +0000
+Subject: [PATCH] use 'os_type' in ephemeral filename only if mkfs defined
+
+Currently for undefined os-types it will use the default mkfs
+command, but use the meta 'os_type' in the name of the
+ephemeral file (e.g. ephemeral_20_abcdef). Which can result
+in a lot of files (DoS?)
+This change will only use 'os_type' in the ephemeral filename
+if there is a specific mkfs command defined, otherwise it will
+use 'default' (e.g. ephemeral_20_default)
+
+Modifed the tests to test for:
+  os_type=''
+  os_type=None
+  os_type='test' - with no mkfs command specified
+  os_type='test' - with a mkfs command specified
+
+Closes-Bug: 1253980
+
+Backport of Original Change-Id: Ie4c10f99ce690c5e4ef181624bd688c38923855c
+to stable/grizzly
+
+Change-Id: Ia040910e90861a2987eff345ad1c01863655b124
+---
+ nova/tests/test_libvirt.py  | 28 ++++++++++++++++++++++++++--
+ nova/virt/disk/api.py       |  4 ++++
+ nova/virt/libvirt/driver.py |  5 ++---
+ 3 files changed, 32 insertions(+), 5 deletions(-)
+
+diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
+index 4b07d65..d2ac73b 100644
+--- a/nova/tests/test_libvirt.py
++++ b/nova/tests/test_libvirt.py
+@@ -2725,7 +2725,7 @@ def fake_get_info(instance):
+         self.assertTrue(self.cache_called_for_disk)
+         db.instance_destroy(self.context, instance['uuid'])
+ 
+-    def test_create_image_plain(self):
++    def _test_create_image_plain(self, os_type='', filename='', mkfs=False):
+         gotFiles = []
+ 
+         def fake_image(self, instance, name, image_type=''):
+@@ -2760,11 +2760,15 @@ def fake_get_info(instance):
+         instance_ref = self.test_instance
+         instance_ref['image_ref'] = 1
+         instance = db.instance_create(self.context, instance_ref)
++        instance['os_type'] = os_type
+ 
+         conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
+         self.stubs.Set(conn, 'to_xml', fake_none)
+         self.stubs.Set(conn, '_create_domain_and_network', fake_none)
+         self.stubs.Set(conn, 'get_info', fake_get_info)
++        if mkfs:
++            self.stubs.Set(nova.virt.disk.api, '_MKFS_COMMAND',
++                       {os_type: 'mkfs.ext3 --label %(fs_label)s %(target)s'})
+ 
+         image_meta = {'id': instance['image_ref']}
+         disk_info = blockinfo.get_disk_info(CONF.libvirt_type,
+@@ -2779,11 +2783,31 @@ def fake_get_info(instance):
+         wantFiles = [
+             {'filename': '356a192b7913b04c54574d18c28d46e6395428ab',
+              'size': 10 * 1024 * 1024 * 1024},
+-            {'filename': 'ephemeral_20_default',
++            {'filename': filename,
+              'size': 20 * 1024 * 1024 * 1024},
+             ]
+         self.assertEquals(gotFiles, wantFiles)
+ 
++    def test_create_image_plain_os_type_blank(self):
++        self._test_create_image_plain(os_type='',
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_none(self):
++        self._test_create_image_plain(os_type=None,
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_set_no_fs(self):
++        self._test_create_image_plain(os_type='test',
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_set_with_fs(self):
++        self._test_create_image_plain(os_type='test',
++                                      filename='ephemeral_20_test',
++                                      mkfs=True)
++
+     def test_create_image_with_swap(self):
+         gotFiles = []
+ 
+diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py
+index e1af0bf..a17ba59 100755
+--- a/nova/virt/disk/api.py
++++ b/nova/virt/disk/api.py
+@@ -90,6 +90,10 @@
+         _DEFAULT_MKFS_COMMAND = mkfs_command
+ 
+ 
++def get_fs_type_for_os_type(os_type):
++    return os_type if _MKFS_COMMAND.get(os_type) else 'default'
++
++
+ def mkfs(os_type, fs_label, target):
+     mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or
+                     '') % locals()
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index ff1117c..0f0ea46 100755
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -1826,9 +1826,8 @@ def raw(fname):
+                                 project_id=instance['project_id'])
+ 
+         # Lookup the filesystem type if required
+-        os_type_with_default = instance['os_type']
+-        if not os_type_with_default:
+-            os_type_with_default = 'default'
++        os_type_with_default = disk.get_fs_type_for_os_type(
++                                                          instance['os_type'])
+ 
+         ephemeral_gb = instance['ephemeral_gb']
+         if 'disk.local' in disk_mapping:
+-- 
+1.8.5.1
+
diff --git a/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch b/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch
new file mode 100644
index 000000000000..3689c4f174e1
--- /dev/null
+++ b/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch
@@ -0,0 +1,127 @@
+From ca38774ebcf5b67d16c202c8f218c0c433973ca9 Mon Sep 17 00:00:00 2001
+From: Ryan Moore <ryan.moore@hp.com>
+Date: Fri, 29 Nov 2013 14:21:19 +0000
+Subject: [PATCH] use 'os_type' in ephemeral filename only if mkfs defined
+
+Currently for undefined os-types it will use the default mkfs
+command, but use the meta 'os_type' in the name of the
+ephemeral file (e.g. ephemeral_20_abcdef). Which can result
+in a lot of files (DoS?)
+This change will only use 'os_type' in the ephemeral filename
+if there is a specific mkfs command defined, otherwise it will
+use 'default' (e.g. ephemeral_20_default)
+
+Modifed the tests to test for:
+  os_type=''
+  os_type=None
+  os_type='test' - with no mkfs command specified
+  os_type='test' - with a mkfs command specified
+
+Closes-Bug: 1253980
+
+Backport of Original Change-Id: Ie4c10f99ce690c5e4ef181624bd688c38923855c
+to stable/havana
+
+Change-Id: Ifa2b94e79dabd586d7e904da247d099360229313
+---
+ nova/tests/virt/libvirt/test_libvirt.py | 28 ++++++++++++++++++++++++++--
+ nova/virt/disk/api.py                   |  4 ++++
+ nova/virt/libvirt/driver.py             |  5 ++---
+ 3 files changed, 32 insertions(+), 5 deletions(-)
+
+diff --git a/nova/tests/virt/libvirt/test_libvirt.py b/nova/tests/virt/libvirt/test_libvirt.py
+index 6410be3..cf82168 100644
+--- a/nova/tests/virt/libvirt/test_libvirt.py
++++ b/nova/tests/virt/libvirt/test_libvirt.py
+@@ -3551,7 +3551,7 @@ def test_chown_disk_config_for_instance(self):
+         self.mox.ReplayAll()
+         conn._chown_disk_config_for_instance(instance)
+ 
+-    def test_create_image_plain(self):
++    def _test_create_image_plain(self, os_type='', filename='', mkfs=False):
+         gotFiles = []
+ 
+         def fake_image(self, instance, name, image_type=''):
+@@ -3586,11 +3586,15 @@ def fake_get_info(instance):
+         instance_ref = self.test_instance
+         instance_ref['image_ref'] = 1
+         instance = db.instance_create(self.context, instance_ref)
++        instance['os_type'] = os_type
+ 
+         conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
+         self.stubs.Set(conn, 'to_xml', fake_none)
+         self.stubs.Set(conn, '_create_domain_and_network', fake_none)
+         self.stubs.Set(conn, 'get_info', fake_get_info)
++        if mkfs:
++            self.stubs.Set(nova.virt.disk.api, '_MKFS_COMMAND',
++                       {os_type: 'mkfs.ext3 --label %(fs_label)s %(target)s'})
+ 
+         image_meta = {'id': instance['image_ref']}
+         disk_info = blockinfo.get_disk_info(CONF.libvirt_type,
+@@ -3605,11 +3609,31 @@ def fake_get_info(instance):
+         wantFiles = [
+             {'filename': '356a192b7913b04c54574d18c28d46e6395428ab',
+              'size': 10 * 1024 * 1024 * 1024},
+-            {'filename': 'ephemeral_20_default',
++            {'filename': filename,
+              'size': 20 * 1024 * 1024 * 1024},
+             ]
+         self.assertEquals(gotFiles, wantFiles)
+ 
++    def test_create_image_plain_os_type_blank(self):
++        self._test_create_image_plain(os_type='',
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_none(self):
++        self._test_create_image_plain(os_type=None,
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_set_no_fs(self):
++        self._test_create_image_plain(os_type='test',
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_set_with_fs(self):
++        self._test_create_image_plain(os_type='test',
++                                      filename='ephemeral_20_test',
++                                      mkfs=True)
++
+     def test_create_image_with_swap(self):
+         gotFiles = []
+ 
+diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py
+index 3ac7adb..a51efa6 100644
+--- a/nova/virt/disk/api.py
++++ b/nova/virt/disk/api.py
+@@ -100,6 +100,10 @@
+         _DEFAULT_MKFS_COMMAND = mkfs_command
+ 
+ 
++def get_fs_type_for_os_type(os_type):
++    return os_type if _MKFS_COMMAND.get(os_type) else 'default'
++
++
+ def mkfs(os_type, fs_label, target):
+     mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or
+                     '') % {'fs_label': fs_label, 'target': target}
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index 5c05307..39e0ce9 100644
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -2368,9 +2368,8 @@ def raw(fname):
+                                 project_id=instance['project_id'])
+ 
+         # Lookup the filesystem type if required
+-        os_type_with_default = instance['os_type']
+-        if not os_type_with_default:
+-            os_type_with_default = 'default'
++        os_type_with_default = disk.get_fs_type_for_os_type(
++                                                          instance['os_type'])
+ 
+         ephemeral_gb = instance['ephemeral_gb']
+         if 'disk.local' in disk_mapping:
+-- 
+1.8.5.1
+
diff --git a/sys-cluster/nova/nova-2013.1.4-r2.ebuild b/sys-cluster/nova/nova-2013.1.4-r3.ebuild
index f9b1429d40ae..edb0ac290b01 100644
--- a/sys-cluster/nova/nova-2013.1.4-r2.ebuild
+++ b/sys-cluster/nova/nova-2013.1.4-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r2.ebuild,v 1.1 2013/12/13 21:10:35 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r3.ebuild,v 1.1 2013/12/19 03:30:01 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -74,6 +74,7 @@ PATCHES=(
 	"${FILESDIR}/CVE-2013-4497-grizzly-1.patch"
 	"${FILESDIR}/CVE-2013-4497-grizzly-2.patch"
 	"${FILESDIR}/CVE-2013-6419_2013.1.4.patch"
+	"${FILESDIR}/CVE-2013-6437-2012.1.4.patch"
 )
 
 pkg_setup() {
diff --git a/sys-cluster/nova/nova-2013.2-r3.ebuild b/sys-cluster/nova/nova-2013.2-r3.ebuild
deleted file mode 100644
index fe1912f5f7ce..000000000000
--- a/sys-cluster/nova/nova-2013.2-r3.ebuild
+++ /dev/null
@@ -1,128 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2-r3.ebuild,v 1.1 2013/12/13 21:10:35 prometheanfire Exp $
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit distutils-r1 eutils multilib
-
-DESCRIPTION="A cloud computing fabric controller (main part of an IaaS system) written in Python."
-HOMEPAGE="https://launchpad.net/nova"
-SRC_URI="http://launchpad.net/${PN}/havana/${PV}/+download/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="+api +cert +compute +conductor +consoleauth +kvm +network +novncproxy +scheduler +spicehtml5proxy +xvpvncproxy sqlite mysql postgres xen"
-REQUIRED_USE="|| ( mysql postgres sqlite )
-			  || ( kvm xen )"
-
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
-		>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
-		<dev-python/pbr-1.0[${PYTHON_USEDEP}]
-		app-admin/sudo"
-
-RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
-	          <dev-python/sqlalchemy-0.7.99[sqlite,${PYTHON_USEDEP}] )
-		mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}]
-	         <dev-python/sqlalchemy-0.7.99[mysql,${PYTHON_USEDEP}] )
-		postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}]
-	            <dev-python/sqlalchemy-0.7.99[postgres,${PYTHON_USEDEP}] )
-		>=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}]
-		>=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}]
-		virtual/python-argparse[${PYTHON_USEDEP}]
-		>=dev-python/boto-2.4.0[${PYTHON_USEDEP}]
-		!~dev-python/boto-2.13.0[${PYTHON_USEDEP}]
-		>=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}]
-		dev-python/jinja[${PYTHON_USEDEP}]
-		>=dev-python/kombu-2.4.8[${PYTHON_USEDEP}]
-		>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
-		>=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}]
-		>=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
-		<dev-python/webob-1.3[${PYTHON_USEDEP}]
-		>=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
-		>=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
-		dev-python/paste[${PYTHON_USEDEP}]
-		>=dev-python/sqlalchemy-migrate-0.7.2[${PYTHON_USEDEP}]
-		dev-python/netaddr[${PYTHON_USEDEP}]
-		>=dev-python/suds-0.4[${PYTHON_USEDEP}]
-		>=dev-python/paramiko-1.8.0[${PYTHON_USEDEP}]
-		dev-python/pyasn1[${PYTHON_USEDEP}]
-		>=dev-python/Babel-0.9.6[${PYTHON_USEDEP}]
-		>=dev-python/iso8601-0.1.4[${PYTHON_USEDEP}]
-		>=dev-python/python-cinderclient-1.0.5[${PYTHON_USEDEP}]
-		>=dev-python/python-neutronclient-2.3.0[${PYTHON_USEDEP}]
-		<=dev-python/python-neutronclient-3.0.0[${PYTHON_USEDEP}]
-		>=dev-python/python-glanceclient-0.9.0[${PYTHON_USEDEP}]
-		>=dev-python/python-keystoneclient-0.3.2[${PYTHON_USEDEP}]
-		>=dev-python/stevedore-0.10[${PYTHON_USEDEP}]
-		>=dev-python/websockify-0.5.1[${PYTHON_USEDEP}]
-		<dev-python/websockify-0.6[${PYTHON_USEDEP}]
-		>=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}]
-		dev-python/libvirt-python[${PYTHON_USEDEP}]
-		novncproxy? ( www-apps/novnc )
-		sys-apps/iproute2
-		net-misc/openvswitch
-		sys-fs/sysfsutils
-		sys-fs/multipath-tools
-		kvm? ( app-emulation/qemu )
-		xen? ( app-emulation/xen
-			   app-emulation/xen-tools )"
-
-PATCHES=(
-	"${FILESDIR}/CVE-2013-4463_4469-havana.patch"
-	"${FILESDIR}/CVE-2013-6419_2013.2.patch"
-)
-
-pkg_setup() {
-	enewgroup nova
-	enewuser nova -1 -1 /var/lib/nova nova
-}
-
-python_install() {
-	distutils-r1_python_install
-	newconfd "${FILESDIR}/nova-confd" "nova"
-	newinitd "${FILESDIR}/nova-initd" "nova"
-	use api && dosym /etc/init.d/nova /etc/init.d/nova-api
-	use cert && dosym /etc/init.d/nova /etc/init.d/nova-cert
-	use compute && dosym /etc/init.d/nova /etc/init.d/nova-compute
-	use conductor && dosym /etc/init.d/nova /etc/init.d/nova-conductor
-	use consoleauth && dosym /etc/init.d/nova /etc/init.d/nova-consoleauth
-	use network &&  dosym /etc/init.d/nova /etc/init.d/nova-network
-	use novncproxy &&dosym /etc/init.d/nova /etc/init.d/nova-novncproxy
-	use scheduler && dosym /etc/init.d/nova /etc/init.d/nova-scheduler
-	use spicehtml5proxy && dosym /etc/init.d/nova /etc/init.d/nova-spicehtml5proxy
-	use xvpvncproxy && dosym /etc/init.d/nova /etc/init.d/nova-xvpncproxy
-
-	diropts -m 0750
-	dodir /var/run/nova /var/log/nova /var/lock/nova
-	fowners nova:nova /var/log/nova /var/lock/nova /var/run/nova
-
-	diropts -m 0755
-	dodir /var/lib/nova/instances
-	fowners nova:nova /var/lib/nova/instances
-
-	keepdir /etc/nova
-	insinto /etc/nova
-	newins "etc/nova/nova.conf.sample" "nova.conf"
-	doins "etc/nova/api-paste.ini"
-	doins "etc/nova/logging_sample.conf"
-	doins "etc/nova/policy.json"
-	doins "etc/nova/rootwrap.conf"
-	insinto /etc/nova/rootwrap.d
-	doins "etc/nova/rootwrap.d/api-metadata.filters"
-	doins "etc/nova/rootwrap.d/compute.filters"
-	doins "etc/nova/rootwrap.d/network.filters"
-
-	#copy migration conf file (not coppied on install via setup.py script)
-	insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
-	doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
-
-	#copy the CA cert dir (not coppied on install via setup.py script)
-	cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "isntalling CA files failed"
-
-	#add sudoers definitions for user nova
-	insinto /etc/sudoers.d/
-	doins "${FILESDIR}/nova-sudoers"
-}
diff --git a/sys-cluster/nova/nova-2013.2.1.ebuild b/sys-cluster/nova/nova-2013.2.1-r1.ebuild
index bd9f21fda68e..e42f6174b322 100644
--- a/sys-cluster/nova/nova-2013.2.1.ebuild
+++ b/sys-cluster/nova/nova-2013.2.1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1.ebuild,v 1.1 2013/12/19 03:18:19 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1-r1.ebuild,v 1.1 2013/12/19 03:30:01 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -71,6 +71,7 @@ RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
 			   app-emulation/xen-tools )"
 
 PATCHES=(
+	"${FILESDIR}/CVE-2013-6437-2012.2.1.patch"
 )
 
 pkg_setup() {
author	Matt Thode <prometheanfire@gentoo.org>	2013-12-19 03:30:09 +0000
committer	Matt Thode <prometheanfire@gentoo.org>	2013-12-19 03:30:09 +0000
commit	2242312218562fe949e7394491106f44e867cf8b (patch)
tree	d90c77339cd6726e237a21db43c6c9d468700e9b /sys-cluster
parent	Version bump. (diff)
download	historical-2242312218562fe949e7394491106f44e867cf8b.tar.gz historical-2242312218562fe949e7394491106f44e867cf8b.tar.bz2 historical-2242312218562fe949e7394491106f44e867cf8b.zip