diff options
author | Matt Thode <prometheanfire@gentoo.org> | 2013-12-19 03:30:09 +0000 |
---|---|---|
committer | Matt Thode <prometheanfire@gentoo.org> | 2013-12-19 03:30:09 +0000 |
commit | 2242312218562fe949e7394491106f44e867cf8b (patch) | |
tree | d90c77339cd6726e237a21db43c6c9d468700e9b /sys-cluster | |
parent | Version bump. (diff) | |
download | historical-2242312218562fe949e7394491106f44e867cf8b.tar.gz historical-2242312218562fe949e7394491106f44e867cf8b.tar.bz2 historical-2242312218562fe949e7394491106f44e867cf8b.zip |
fixes for CVE-2013-6437
Package-Manager: portage-2.2.7/cvs/Linux x86_64
Manifest-Sign-Key: 0x2471EB3E40AC5AC3
Diffstat (limited to 'sys-cluster')
-rw-r--r-- | sys-cluster/nova/ChangeLog | 11 | ||||
-rw-r--r-- | sys-cluster/nova/Manifest | 36 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch | 127 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch | 127 | ||||
-rw-r--r-- | sys-cluster/nova/nova-2013.1.4-r3.ebuild (renamed from sys-cluster/nova/nova-2013.1.4-r2.ebuild) | 3 | ||||
-rw-r--r-- | sys-cluster/nova/nova-2013.2-r3.ebuild | 128 | ||||
-rw-r--r-- | sys-cluster/nova/nova-2013.2.1-r1.ebuild (renamed from sys-cluster/nova/nova-2013.2.1.ebuild) | 3 |
7 files changed, 286 insertions, 149 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog index f889d7a7ab01..8069fa09a7ad 100644 --- a/sys-cluster/nova/ChangeLog +++ b/sys-cluster/nova/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for sys-cluster/nova # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.45 2013/12/19 03:18:19 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.46 2013/12/19 03:30:01 prometheanfire Exp $ + +*nova-2013.1.4-r3 (19 Dec 2013) +*nova-2013.2.1-r1 (19 Dec 2013) + + 19 Dec 2013; Matthew Thode <prometheanfire@gentoo.org> + +files/CVE-2013-6437-2012.1.4.patch, +files/CVE-2013-6437-2012.2.1.patch, + +nova-2013.1.4-r3.ebuild, +nova-2013.2.1-r1.ebuild, -nova-2013.1.4-r2.ebuild, + -nova-2013.2-r3.ebuild, -nova-2013.2.1.ebuild: + fixes for CVE-2013-6437 *nova-2013.2.1 (19 Dec 2013) diff --git a/sys-cluster/nova/Manifest b/sys-cluster/nova/Manifest index 85cccb78e0d7..8aae5308d2c5 100644 --- a/sys-cluster/nova/Manifest +++ b/sys-cluster/nova/Manifest @@ -5,34 +5,34 @@ AUX CVE-2013-4463_4469-grizzly.patch 19603 SHA256 72abd5f11fa8bf4c5900d4beef4111 AUX CVE-2013-4497-grizzly-1.patch 4853 SHA256 b4477a17f45d505f0f09462888f6fdf59c2c5c89efbf38339a357f00e098c877 SHA512 9d9f4edbdcbffe9abe96526be454f68675543cf8601dac622943389350cc9d2ed28addb5e51fa61305142bd981e80d2f79f6f2b13d9bdc2ec76a1a5438d52798 WHIRLPOOL e30cd6d15c5fad7227c23a9b5a10b57cc7100b626d862a794108dd0ef3caa903bbafb1b497af2d18acbc3f371e59b924f848356134e43df323eef3db483b0c47 AUX CVE-2013-4497-grizzly-2.patch 1945 SHA256 8c4be7bc42b485afd64d5ec1dd61ecfb5540555640c370649afc5312a3ddcac1 SHA512 1153e89733d0e8cffe1c6cbcaf9b3cabf8ebbf797e578c8ab379df9b01bd88758606ca450f0d7741efdc92869c078f4e1229b29cbb4fa9b8107ef9b92935452a WHIRLPOOL 843758c9f16fa476f0c1e67c2f3596b8adaba26f6d4dfd7c7213294221fe048b22356ba504bd264dab7313a48ce2ca0a8d968767184fe1cdb7b8ac815269ee27 AUX CVE-2013-6419_2013.1.4.patch 5711 SHA256 0af9859e7cd0373c3c69fbb7d2256976412599cd079e696344288a81d3422bcd SHA512 b6f2fd940278cf7fa7b0a1d54d6c069f73a5c3462c4adb536c03d611c197ba3509d4464a7ef7539213ba51d749efc5ecc85800a4f86998464cdc2beb42bafd7e WHIRLPOOL ba62d91c0135a8328ca3e4048223630d2c2c133a2231e80655dc4d7dd0b772d1f81402aafaf7ec8742a77ee7cc58e7cf03d915e2058669a105c4553ccc976b48 +AUX CVE-2013-6437-2012.1.4.patch 5005 SHA256 75f90ee952d352d739c4702d72b9301c7bacd1a38fcf6601dd432cd4b057a85f SHA512 bdaba7dac2e98f251f6da04052b3bc0167068191685317b05a532372931d1c85c87a091133375b39a84ca87d961730e6f19c3aaae2ca9b7affc9fd0e47825d75 WHIRLPOOL 0404d151b89bb9852f359e27d7f553d9b80ed610a6f960a2d4a2372bf98817f7e0e69c177f2cfd15ff85a0f1043fa013b36f848c6a5b00b4a78a857bd2767a33 +AUX CVE-2013-6437-2012.2.1.patch 5116 SHA256 bca9608d40b0c70abebad6911ddb14a49f81412242465294dac0b809966f7303 SHA512 d948575d99e30663a6ab4ab84099b1a1990d1423e83ab353bf81ab1f89f2f6d69e822bc24c2f92a8f25447f6b8faf4891a6174d6c901b5703dfa897c4342d748 WHIRLPOOL 0d78c7d87d73366c6892a7c3170838c30788807e5b82766bd3bb01f0c3123c5107d1557ea7a074836dc7af6d28dc79a868adae3336e9e3a5284ea289b666f816 AUX nova-confd 101 SHA256 d9013141618d1e8b8ba85297155747d9c8fc362238de7bba3108b9a2539c8c73 SHA512 4c7ec1d123f2cdaf394d1f4824df861bbe309b0b329db44080160d81746cd0fc9d4cc1b35da0f66ab075f1d4e835ababfb7bccaf4a2e931e60f2c0ac572a552e WHIRLPOOL 6a237357a3905d29a96b32c37f6d189e4f5cefc0986bb091e24a79295191332143741c604c2a9fd44484c75b3be89742a5570862cf0cd4ba225425f7f32b5348 AUX nova-initd 1496 SHA256 5b5f928335ac345103492555c3bc57407f547915b099762d0087aef172e5edf8 SHA512 cca06baba484d505f3a96643d836204a08e9dde50197531cdab2d95188b992a95a375a386b9c54fcc8e0a4f6167babba975db7510db1087f044afa39effe4eec WHIRLPOOL 4c667a5cc469826063a65879c1beddc98371edf295a273c9b8f679627cabfe2260d8b3bbdf9550d3894fc1525d63b9f98d6e939406f90ac5f2f745daa59311c2 AUX nova-sudoers 78 SHA256 9e88c2843fb74cc46802c0b103067ad12915ec50335d05e546a5dba76acb4a76 SHA512 22c0606c6335b2d1a03bd18a319a54f16f76f091b2e8416dbba05ce7c15890beff7f32f0322eb5ba3f2a5c750436cacbe0cee189b390b878e3f0c0df219ef984 WHIRLPOOL bc42ae1d12e9f900b263fd5c3d0f59062f46fbec1ff97c0bceb234082bea5943eb64795b4f5e102b8e2749c6868163e5924467088cad42df09345e3406e5f83c DIST nova-2013.1.4.tar.gz 5801779 SHA256 0491ec81552b9c407021941ea1c477d5bcd93ec1dcc66d5fc0c1cef594dac760 SHA512 de1addcbc4577c4a376d8762e44d6f7c455bd63ba0be9d8a6a7176ef7a24e85f2bf9014e31d1180e42e48308ee6a17dcf039da2739388501a5fedbad8e5a7f0c WHIRLPOOL 08898e55b7380bd1852c00dcd8e03d4eb06c8c888688d66ba717842929973235eb9d6d34dda4be2700f208a7ff9e088de2690a74acd97f5cb6b81bcce743ece3 DIST nova-2013.2.1.tar.gz 8937179 SHA256 b1a4ccb24d9a55b7ef0edc1a2b4ba374d52360a1f41148c92823787e8747401e SHA512 34b8e05128e000770731c63c4240071b8a764913b42bc9284a79af3d76fb10d6c825ca78e490762237a8ee416ce04a9a3f0c7ddcad54cb6830fd6376851d050f WHIRLPOOL 9a54affc20c10d88f0f559528b5d24ce71a073b90d710b7d84be53d150a2cfe47e766a4eda3638620ba8d7075b7f354af1ada2489eb04f8d18cdeb9cee5d5016 -DIST nova-2013.2.tar.gz 8909222 SHA256 55a51f8d8b6c7b0ba6f8ff9c48604bb82a90bdc3f21460ed325d1cee2dfea95a SHA512 655d6f5a4ab9ddfb741a920417061808bf22521c967d324f0fa1856c801795969df6f4982362bce26836975c09e7f41e25575309cde5c6788ed32e69304381ea WHIRLPOOL d88272c8101426ed4930a924b254d045a5c965f867573039b72b51f7aa5ba2daa47f54332f63e09e781dd22ca55c142acdb432dc92ad366e13b56138ff8f3186 -EBUILD nova-2013.1.4-r2.ebuild 5370 SHA256 6727132e94a6c7331788a849b9f1ee1713de695655b5b48f95d271c2186272b0 SHA512 d02ad60d18972a485e2d5b3e047efb2546826522f644ab6e9270e6aef8aa9a0199728d8aa4d5a14d2464313824988bb4fb803e9d7e980833a03e051c231ce298 WHIRLPOOL b16ad90f3ae370149072880cdb793800d5a4755ea6e19fee17060662d3d8623c4f862aec64e10e13ca97c3aaa1b1444007d168e10815501d3d52d253a638748d +EBUILD nova-2013.1.4-r3.ebuild 5414 SHA256 657c54a88120e051e5278c8669b19d03490e597d4e2e24593fd9e231a8a3d0ff SHA512 92827e0b0b9ae0650558f65a0c890335c6b3f30a80c643ad9ed57672630d0fd50aa82b7e95025b3dad6ac95a73d2f3c86569694b29f4b08f5b1737cbaf507300 WHIRLPOOL 49a6e904c2484c5be096a8d848547dc2019646254b7c05f1dcacb73eaeab6b972d66c6293784eadc6a8cd47a11359897cbb37bdcc6b580d6f19af8fa578f72a7 EBUILD nova-2013.1.9999.ebuild 5073 SHA256 cd1b26465d4bbdbf9daa606fb4787e075461e45acf624eee0753424c2facdb44 SHA512 2d2f40807775654e9e277a8c6910555686dc7d481f75c18d710bb0c12442e92ab852b2243dfd9236ef327aec91899fcacbed55b5429bf158f3714c866b47a453 WHIRLPOOL bbe37fe1d3f294b9d871433b303c4c3265f7e6095263e10954ccd30796d57236dde2aa742bd134ff762de27d4ee3866e1da232d99b6aef68269e66bd52dc632f -EBUILD nova-2013.2-r3.ebuild 5172 SHA256 a05a48b973ef7533cb505dfaf4b4fd13a0aa1b2978d72c1e1610300cd25198f9 SHA512 91249672afa1b797f652f6cf82173c334544a1a154752c92c787b38de2e5ad753f0aeb94f1aca626941b9d3c8a07aa5b2c43a099e6eb021eb5f397709009511d WHIRLPOOL 2912ddaec0179af7cb882c6b179256d4431a7e47be0249f1d00671f8a363b2300947fe2d389fbca5bebc59389694f3c0d5c18ca996db3332d40eb4b4c1898fc4 -EBUILD nova-2013.2.1.ebuild 5080 SHA256 159c7875c4350fb8d05632ed4e5a8524287f3167aee4d700ba4389ab593b7c48 SHA512 7fbaf143d871a7d2da8f303822cb12dbafb4c9b924dae6796d9f2dd6444e0b482481b0a5be65b99cd6756be101e6ac58b9b23fe68d640eff93c58f2287b1685a WHIRLPOOL 89b2f558266a8da8a5ee09313b4ca3518813a1af1b84bd7c76d68de95be67fa79adf6d2f832ed060cb087fbbb6837cbf3e9e25acb6136bb0fc0aa76aab049703 +EBUILD nova-2013.2.1-r1.ebuild 5127 SHA256 ee716667f991e334b7965a1b9749bac5ea19350e50c3ff2fc80fa88903b10d5f SHA512 7a67d063ce994c9f1a40f73ba466faf91c21c7fb97552d1fdc9c1d08dee4124ad1a6ff81fd9140aa8d76dc1d77a14c32d3d50ccc890528457236b0750986b580 WHIRLPOOL a7f7b7afed4fd9fd34ac8fe76084dcb57536585d4142c24ae59773b3f7cdc717b39fe693da972dcd115fcd1d37ed6ba2605f7d6cebe630f56285976fb5f3b589 EBUILD nova-2013.2.9999.ebuild 5088 SHA256 2e0a8db3ad0eea45951794607a01b98c692557fdce6425270ce503a617c6db40 SHA512 3d4581853a013042a5bbc971998b04ee72f4b8c05e8600e07539e8d98ef83429a32058465089293016f6f571b85ead32c453b7f31d29951c792d8a86510572eb WHIRLPOOL 001e39da91eeb090ef3ef0cad66afccf3e8f91578ac8c034fc688ac3955675b0e855cfee76922402c02248488133e0916004fb4e3551aca42d39af1d017780fd EBUILD nova-9999.ebuild 5221 SHA256 96934150733f53305da5cbfd377e4608fb5b43932e5f98b74017fb1174f7f144 SHA512 fe2f7aa7eb89883edabe37008e1fc02f5b54ab9f0487d636765832e728c42bd447bc1490375c1d99a3677f1bf1e5e60af89eee90efcb49be046f94c95d923a0e WHIRLPOOL fac835027124b39f8f434199e1b4eaa9240b361c037d6961f6d02584e2b2a204eb9ed0ce89c39b7989b22d8d1dcf08c5c1a8437e3b39604f999979634d7c68ff -MISC ChangeLog 10751 SHA256 191ee05eb851eb0b21660ee54f750253c9752928399d06a12ab0d220b20eae15 SHA512 71e4e216a03301e7b32736d8d3539252935626a6eb70f9717a77b5b590189355260adcf66c664eba1fb86dd1d3596139ffdbf7ca76868ce79a35d64b69d3782e WHIRLPOOL 48c62aa315da19721f5773abb802fb246d214e898ae815e96ed938b74af219fc86150a2ea49173fc684d64768b6a0ada185d2aaabe8f40eaacb17c8835315b9a +MISC ChangeLog 11105 SHA256 c369d72b32929c35222515dbcd3efceb3fd1bf217d3eb9ea4456968508352c7d SHA512 198ffc74bde838f0662ca0320c12d12467ffd9975696f899bab27eacf6006d460a6bd0068718dcd3be71fa76eb5c81040de50e62ab6390c1104a4150ff1d4f56 WHIRLPOOL 84645e296cc56058ab9ec9d7461524db1c5a26a358fba7d1372160de51249e784e5bc24d6fc55f82b267546a2464a0b4feb0a5d328c3c6be2def80eefb77f43d MISC metadata.xml 1452 SHA256 29bf3efaab7a4e45f5e442b26a7606edaed3f47e4ffec3e8990f95aea6bf2450 SHA512 537664b6ff29f4afe09eb4635c2cb06d87a6c3c3101e8ef89d1ab9b5b802c79024e94a0cce5a44ec2fd5b1cc37a251dd42156a015b6a294f219b90daff17c9c1 WHIRLPOOL c6e44f9a48fea6ae2a323e9e03d8805301fb0d94bb5634b1946909715f6c05d45c49180204d00221aae1e6dc6748347b4273fae838216b5d5d07932bc473a851 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iQIcBAEBCAAGBQJSsmY9AAoJECRx6z5ArFrD5MsQAM1vnVbhsoFRmxxFIWyge2Fs -nUTpTQ97MsGToqPnPgppf7VRqeXebs+9M5SPYz8Vxj7xVP8ZiyCWgysD80hUYvCu -Mu9nb3nGWhX1qkO3DInV1GCOvpbjz3VHbaxHJeFqdAoiKTCA2SwKYvoq1UE7Vka6 -AvGaEuQJ6zs2tqxEsa91fonI9P8iyFRngme151+AkBo2BnZSqAG9kdGd4OLjTJHS -R5truEi+NHXsYh6K74TaVjmbPKU+1BrSEFKb01NYrhl9s+HcGp9QVoI3G6V+OVvG -5eLIZEJ33LTHQHurnacPXZDkvkLjlV7NQ5VJHGpHrFuEDuTYGR1wwBcNMkUWya9/ -4G28CxM7aBlXA6B0eSaDyEg/gp0t1XT8c/dS2ZQVKHoIIPsULHwdWKbkd9+bs6GH -TxXgdfTJmzCm9PWSwv1kzYGSRd5UxL2sVEM+qeJaFqMmgvV4+mr8G2Soa6lW6kq6 -7ZMLzgm7dODHJTMwUUpBn4QCOz0vJVSFgAUC8Lx43QddEnSUXvIri16RwwBGNmAT -+gCQcdJ/wCaxgdE3BxhYk5OV0gWavIJXM9wVARooqFFXuLhsXs02igukRuMAMV3H -C1VBC82W/tWkFeNvVyojOXwYbPDzz3KlgavNuCGYvFqhlB8SDIFTevy/SkLT48Tz -xN62zPOQIR4vGXcdFLGb -=YkbM +iQIcBAEBCAAGBQJSsmhHAAoJECRx6z5ArFrDTDAP/j3ggk+OexHq0IYWwuL5vrn9 +XujcjbKEhG3FFV40S8fNZJ3TFaJ2BsCoCSLL07bVoZgNQ+/30qSGZsvpxKG4Ce3V +LpP4GQy4ZmgQvmUbKskPJ93MWWPeixKfbg/JjhngTNcINVIYpxX3KPdWsZoQofkB +cfaRltNxMC9EC9hdHHzF55bNGxzYVYDcoZcFxnXIn5tYsYOV9bki7VdgOOyX8jVi +sqIKlrBGSLZatolDt92jIcJbPvjh0Ef40N1b/3zcmaoJPLh0iCcL7hj1XVKpiWm9 ++gRlPRrItH/SMOh0b+wXtnFejSWmE87LOEC5DasUvmMj+qxW+25GvDFRNsXsBTww +/A/UOTYq/8ivlEhdup2ttbC9L7GLulnhGEra2QymOMIGVG1mwg7Czfy5LHvFaUEr +poCnNgqckHItxxEH1lEHLzyxp+dFkB9WD2SS5DbUxrv323J18qwLkRjw0JLm6jvN +oSZBn2cIMD5j+HO3E95csi3UbXc9VMqkcsOfAx4GpoKxMfgR7CF1YM4yCaYrkHgi +S/qcKU20Hwc9iX47SjpiAAKECbUp0WgPQGQoAYfO+TWtIBle7l/+Kz2MeeMzLwkT +tUV+JiulGdBeKYUBF4uun6a03+3gl9UYadEofaiR/hzDkx5jrzqIS/MLoVZAdNxX +btTpVFWNtPnhgFiIfSGY +=jbUW -----END PGP SIGNATURE----- diff --git a/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch b/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch new file mode 100644 index 000000000000..f679668b2c39 --- /dev/null +++ b/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch @@ -0,0 +1,127 @@ +From 3e451f1bac57d24e47171cffb3ad59bb1610d836 Mon Sep 17 00:00:00 2001 +From: Ryan Moore <ryan.moore@hp.com> +Date: Fri, 29 Nov 2013 14:21:19 +0000 +Subject: [PATCH] use 'os_type' in ephemeral filename only if mkfs defined + +Currently for undefined os-types it will use the default mkfs +command, but use the meta 'os_type' in the name of the +ephemeral file (e.g. ephemeral_20_abcdef). Which can result +in a lot of files (DoS?) +This change will only use 'os_type' in the ephemeral filename +if there is a specific mkfs command defined, otherwise it will +use 'default' (e.g. ephemeral_20_default) + +Modifed the tests to test for: + os_type='' + os_type=None + os_type='test' - with no mkfs command specified + os_type='test' - with a mkfs command specified + +Closes-Bug: 1253980 + +Backport of Original Change-Id: Ie4c10f99ce690c5e4ef181624bd688c38923855c +to stable/grizzly + +Change-Id: Ia040910e90861a2987eff345ad1c01863655b124 +--- + nova/tests/test_libvirt.py | 28 ++++++++++++++++++++++++++-- + nova/virt/disk/api.py | 4 ++++ + nova/virt/libvirt/driver.py | 5 ++--- + 3 files changed, 32 insertions(+), 5 deletions(-) + +diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py +index 4b07d65..d2ac73b 100644 +--- a/nova/tests/test_libvirt.py ++++ b/nova/tests/test_libvirt.py +@@ -2725,7 +2725,7 @@ def fake_get_info(instance): + self.assertTrue(self.cache_called_for_disk) + db.instance_destroy(self.context, instance['uuid']) + +- def test_create_image_plain(self): ++ def _test_create_image_plain(self, os_type='', filename='', mkfs=False): + gotFiles = [] + + def fake_image(self, instance, name, image_type=''): +@@ -2760,11 +2760,15 @@ def fake_get_info(instance): + instance_ref = self.test_instance + instance_ref['image_ref'] = 1 + instance = db.instance_create(self.context, instance_ref) ++ instance['os_type'] = os_type + + conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) + self.stubs.Set(conn, 'to_xml', fake_none) + self.stubs.Set(conn, '_create_domain_and_network', fake_none) + self.stubs.Set(conn, 'get_info', fake_get_info) ++ if mkfs: ++ self.stubs.Set(nova.virt.disk.api, '_MKFS_COMMAND', ++ {os_type: 'mkfs.ext3 --label %(fs_label)s %(target)s'}) + + image_meta = {'id': instance['image_ref']} + disk_info = blockinfo.get_disk_info(CONF.libvirt_type, +@@ -2779,11 +2783,31 @@ def fake_get_info(instance): + wantFiles = [ + {'filename': '356a192b7913b04c54574d18c28d46e6395428ab', + 'size': 10 * 1024 * 1024 * 1024}, +- {'filename': 'ephemeral_20_default', ++ {'filename': filename, + 'size': 20 * 1024 * 1024 * 1024}, + ] + self.assertEquals(gotFiles, wantFiles) + ++ def test_create_image_plain_os_type_blank(self): ++ self._test_create_image_plain(os_type='', ++ filename='ephemeral_20_default', ++ mkfs=False) ++ ++ def test_create_image_plain_os_type_none(self): ++ self._test_create_image_plain(os_type=None, ++ filename='ephemeral_20_default', ++ mkfs=False) ++ ++ def test_create_image_plain_os_type_set_no_fs(self): ++ self._test_create_image_plain(os_type='test', ++ filename='ephemeral_20_default', ++ mkfs=False) ++ ++ def test_create_image_plain_os_type_set_with_fs(self): ++ self._test_create_image_plain(os_type='test', ++ filename='ephemeral_20_test', ++ mkfs=True) ++ + def test_create_image_with_swap(self): + gotFiles = [] + +diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py +index e1af0bf..a17ba59 100755 +--- a/nova/virt/disk/api.py ++++ b/nova/virt/disk/api.py +@@ -90,6 +90,10 @@ + _DEFAULT_MKFS_COMMAND = mkfs_command + + ++def get_fs_type_for_os_type(os_type): ++ return os_type if _MKFS_COMMAND.get(os_type) else 'default' ++ ++ + def mkfs(os_type, fs_label, target): + mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or + '') % locals() +diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py +index ff1117c..0f0ea46 100755 +--- a/nova/virt/libvirt/driver.py ++++ b/nova/virt/libvirt/driver.py +@@ -1826,9 +1826,8 @@ def raw(fname): + project_id=instance['project_id']) + + # Lookup the filesystem type if required +- os_type_with_default = instance['os_type'] +- if not os_type_with_default: +- os_type_with_default = 'default' ++ os_type_with_default = disk.get_fs_type_for_os_type( ++ instance['os_type']) + + ephemeral_gb = instance['ephemeral_gb'] + if 'disk.local' in disk_mapping: +-- +1.8.5.1 + diff --git a/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch b/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch new file mode 100644 index 000000000000..3689c4f174e1 --- /dev/null +++ b/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch @@ -0,0 +1,127 @@ +From ca38774ebcf5b67d16c202c8f218c0c433973ca9 Mon Sep 17 00:00:00 2001 +From: Ryan Moore <ryan.moore@hp.com> +Date: Fri, 29 Nov 2013 14:21:19 +0000 +Subject: [PATCH] use 'os_type' in ephemeral filename only if mkfs defined + +Currently for undefined os-types it will use the default mkfs +command, but use the meta 'os_type' in the name of the +ephemeral file (e.g. ephemeral_20_abcdef). Which can result +in a lot of files (DoS?) +This change will only use 'os_type' in the ephemeral filename +if there is a specific mkfs command defined, otherwise it will +use 'default' (e.g. ephemeral_20_default) + +Modifed the tests to test for: + os_type='' + os_type=None + os_type='test' - with no mkfs command specified + os_type='test' - with a mkfs command specified + +Closes-Bug: 1253980 + +Backport of Original Change-Id: Ie4c10f99ce690c5e4ef181624bd688c38923855c +to stable/havana + +Change-Id: Ifa2b94e79dabd586d7e904da247d099360229313 +--- + nova/tests/virt/libvirt/test_libvirt.py | 28 ++++++++++++++++++++++++++-- + nova/virt/disk/api.py | 4 ++++ + nova/virt/libvirt/driver.py | 5 ++--- + 3 files changed, 32 insertions(+), 5 deletions(-) + +diff --git a/nova/tests/virt/libvirt/test_libvirt.py b/nova/tests/virt/libvirt/test_libvirt.py +index 6410be3..cf82168 100644 +--- a/nova/tests/virt/libvirt/test_libvirt.py ++++ b/nova/tests/virt/libvirt/test_libvirt.py +@@ -3551,7 +3551,7 @@ def test_chown_disk_config_for_instance(self): + self.mox.ReplayAll() + conn._chown_disk_config_for_instance(instance) + +- def test_create_image_plain(self): ++ def _test_create_image_plain(self, os_type='', filename='', mkfs=False): + gotFiles = [] + + def fake_image(self, instance, name, image_type=''): +@@ -3586,11 +3586,15 @@ def fake_get_info(instance): + instance_ref = self.test_instance + instance_ref['image_ref'] = 1 + instance = db.instance_create(self.context, instance_ref) ++ instance['os_type'] = os_type + + conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) + self.stubs.Set(conn, 'to_xml', fake_none) + self.stubs.Set(conn, '_create_domain_and_network', fake_none) + self.stubs.Set(conn, 'get_info', fake_get_info) ++ if mkfs: ++ self.stubs.Set(nova.virt.disk.api, '_MKFS_COMMAND', ++ {os_type: 'mkfs.ext3 --label %(fs_label)s %(target)s'}) + + image_meta = {'id': instance['image_ref']} + disk_info = blockinfo.get_disk_info(CONF.libvirt_type, +@@ -3605,11 +3609,31 @@ def fake_get_info(instance): + wantFiles = [ + {'filename': '356a192b7913b04c54574d18c28d46e6395428ab', + 'size': 10 * 1024 * 1024 * 1024}, +- {'filename': 'ephemeral_20_default', ++ {'filename': filename, + 'size': 20 * 1024 * 1024 * 1024}, + ] + self.assertEquals(gotFiles, wantFiles) + ++ def test_create_image_plain_os_type_blank(self): ++ self._test_create_image_plain(os_type='', ++ filename='ephemeral_20_default', ++ mkfs=False) ++ ++ def test_create_image_plain_os_type_none(self): ++ self._test_create_image_plain(os_type=None, ++ filename='ephemeral_20_default', ++ mkfs=False) ++ ++ def test_create_image_plain_os_type_set_no_fs(self): ++ self._test_create_image_plain(os_type='test', ++ filename='ephemeral_20_default', ++ mkfs=False) ++ ++ def test_create_image_plain_os_type_set_with_fs(self): ++ self._test_create_image_plain(os_type='test', ++ filename='ephemeral_20_test', ++ mkfs=True) ++ + def test_create_image_with_swap(self): + gotFiles = [] + +diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py +index 3ac7adb..a51efa6 100644 +--- a/nova/virt/disk/api.py ++++ b/nova/virt/disk/api.py +@@ -100,6 +100,10 @@ + _DEFAULT_MKFS_COMMAND = mkfs_command + + ++def get_fs_type_for_os_type(os_type): ++ return os_type if _MKFS_COMMAND.get(os_type) else 'default' ++ ++ + def mkfs(os_type, fs_label, target): + mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or + '') % {'fs_label': fs_label, 'target': target} +diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py +index 5c05307..39e0ce9 100644 +--- a/nova/virt/libvirt/driver.py ++++ b/nova/virt/libvirt/driver.py +@@ -2368,9 +2368,8 @@ def raw(fname): + project_id=instance['project_id']) + + # Lookup the filesystem type if required +- os_type_with_default = instance['os_type'] +- if not os_type_with_default: +- os_type_with_default = 'default' ++ os_type_with_default = disk.get_fs_type_for_os_type( ++ instance['os_type']) + + ephemeral_gb = instance['ephemeral_gb'] + if 'disk.local' in disk_mapping: +-- +1.8.5.1 + diff --git a/sys-cluster/nova/nova-2013.1.4-r2.ebuild b/sys-cluster/nova/nova-2013.1.4-r3.ebuild index f9b1429d40ae..edb0ac290b01 100644 --- a/sys-cluster/nova/nova-2013.1.4-r2.ebuild +++ b/sys-cluster/nova/nova-2013.1.4-r3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r2.ebuild,v 1.1 2013/12/13 21:10:35 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r3.ebuild,v 1.1 2013/12/19 03:30:01 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -74,6 +74,7 @@ PATCHES=( "${FILESDIR}/CVE-2013-4497-grizzly-1.patch" "${FILESDIR}/CVE-2013-4497-grizzly-2.patch" "${FILESDIR}/CVE-2013-6419_2013.1.4.patch" + "${FILESDIR}/CVE-2013-6437-2012.1.4.patch" ) pkg_setup() { diff --git a/sys-cluster/nova/nova-2013.2-r3.ebuild b/sys-cluster/nova/nova-2013.2-r3.ebuild deleted file mode 100644 index fe1912f5f7ce..000000000000 --- a/sys-cluster/nova/nova-2013.2-r3.ebuild +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2-r3.ebuild,v 1.1 2013/12/13 21:10:35 prometheanfire Exp $ - -EAPI=5 -PYTHON_COMPAT=( python2_7 ) - -inherit distutils-r1 eutils multilib - -DESCRIPTION="A cloud computing fabric controller (main part of an IaaS system) written in Python." -HOMEPAGE="https://launchpad.net/nova" -SRC_URI="http://launchpad.net/${PN}/havana/${PV}/+download/${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+api +cert +compute +conductor +consoleauth +kvm +network +novncproxy +scheduler +spicehtml5proxy +xvpvncproxy sqlite mysql postgres xen" -REQUIRED_USE="|| ( mysql postgres sqlite ) - || ( kvm xen )" - -DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] - >=dev-python/pbr-0.5.21[${PYTHON_USEDEP}] - <dev-python/pbr-1.0[${PYTHON_USEDEP}] - app-admin/sudo" - -RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[sqlite,${PYTHON_USEDEP}] ) - mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[mysql,${PYTHON_USEDEP}] ) - postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[postgres,${PYTHON_USEDEP}] ) - >=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}] - >=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}] - virtual/python-argparse[${PYTHON_USEDEP}] - >=dev-python/boto-2.4.0[${PYTHON_USEDEP}] - !~dev-python/boto-2.13.0[${PYTHON_USEDEP}] - >=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}] - dev-python/jinja[${PYTHON_USEDEP}] - >=dev-python/kombu-2.4.8[${PYTHON_USEDEP}] - >=dev-python/lxml-2.3[${PYTHON_USEDEP}] - >=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}] - >=dev-python/webob-1.2.3[${PYTHON_USEDEP}] - <dev-python/webob-1.3[${PYTHON_USEDEP}] - >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] - >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}] - dev-python/paste[${PYTHON_USEDEP}] - >=dev-python/sqlalchemy-migrate-0.7.2[${PYTHON_USEDEP}] - dev-python/netaddr[${PYTHON_USEDEP}] - >=dev-python/suds-0.4[${PYTHON_USEDEP}] - >=dev-python/paramiko-1.8.0[${PYTHON_USEDEP}] - dev-python/pyasn1[${PYTHON_USEDEP}] - >=dev-python/Babel-0.9.6[${PYTHON_USEDEP}] - >=dev-python/iso8601-0.1.4[${PYTHON_USEDEP}] - >=dev-python/python-cinderclient-1.0.5[${PYTHON_USEDEP}] - >=dev-python/python-neutronclient-2.3.0[${PYTHON_USEDEP}] - <=dev-python/python-neutronclient-3.0.0[${PYTHON_USEDEP}] - >=dev-python/python-glanceclient-0.9.0[${PYTHON_USEDEP}] - >=dev-python/python-keystoneclient-0.3.2[${PYTHON_USEDEP}] - >=dev-python/stevedore-0.10[${PYTHON_USEDEP}] - >=dev-python/websockify-0.5.1[${PYTHON_USEDEP}] - <dev-python/websockify-0.6[${PYTHON_USEDEP}] - >=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}] - dev-python/libvirt-python[${PYTHON_USEDEP}] - novncproxy? ( www-apps/novnc ) - sys-apps/iproute2 - net-misc/openvswitch - sys-fs/sysfsutils - sys-fs/multipath-tools - kvm? ( app-emulation/qemu ) - xen? ( app-emulation/xen - app-emulation/xen-tools )" - -PATCHES=( - "${FILESDIR}/CVE-2013-4463_4469-havana.patch" - "${FILESDIR}/CVE-2013-6419_2013.2.patch" -) - -pkg_setup() { - enewgroup nova - enewuser nova -1 -1 /var/lib/nova nova -} - -python_install() { - distutils-r1_python_install - newconfd "${FILESDIR}/nova-confd" "nova" - newinitd "${FILESDIR}/nova-initd" "nova" - use api && dosym /etc/init.d/nova /etc/init.d/nova-api - use cert && dosym /etc/init.d/nova /etc/init.d/nova-cert - use compute && dosym /etc/init.d/nova /etc/init.d/nova-compute - use conductor && dosym /etc/init.d/nova /etc/init.d/nova-conductor - use consoleauth && dosym /etc/init.d/nova /etc/init.d/nova-consoleauth - use network && dosym /etc/init.d/nova /etc/init.d/nova-network - use novncproxy &&dosym /etc/init.d/nova /etc/init.d/nova-novncproxy - use scheduler && dosym /etc/init.d/nova /etc/init.d/nova-scheduler - use spicehtml5proxy && dosym /etc/init.d/nova /etc/init.d/nova-spicehtml5proxy - use xvpvncproxy && dosym /etc/init.d/nova /etc/init.d/nova-xvpncproxy - - diropts -m 0750 - dodir /var/run/nova /var/log/nova /var/lock/nova - fowners nova:nova /var/log/nova /var/lock/nova /var/run/nova - - diropts -m 0755 - dodir /var/lib/nova/instances - fowners nova:nova /var/lib/nova/instances - - keepdir /etc/nova - insinto /etc/nova - newins "etc/nova/nova.conf.sample" "nova.conf" - doins "etc/nova/api-paste.ini" - doins "etc/nova/logging_sample.conf" - doins "etc/nova/policy.json" - doins "etc/nova/rootwrap.conf" - insinto /etc/nova/rootwrap.d - doins "etc/nova/rootwrap.d/api-metadata.filters" - doins "etc/nova/rootwrap.d/compute.filters" - doins "etc/nova/rootwrap.d/network.filters" - - #copy migration conf file (not coppied on install via setup.py script) - insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/ - doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg" - - #copy the CA cert dir (not coppied on install via setup.py script) - cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "isntalling CA files failed" - - #add sudoers definitions for user nova - insinto /etc/sudoers.d/ - doins "${FILESDIR}/nova-sudoers" -} diff --git a/sys-cluster/nova/nova-2013.2.1.ebuild b/sys-cluster/nova/nova-2013.2.1-r1.ebuild index bd9f21fda68e..e42f6174b322 100644 --- a/sys-cluster/nova/nova-2013.2.1.ebuild +++ b/sys-cluster/nova/nova-2013.2.1-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1.ebuild,v 1.1 2013/12/19 03:18:19 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1-r1.ebuild,v 1.1 2013/12/19 03:30:01 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -71,6 +71,7 @@ RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}] app-emulation/xen-tools )" PATCHES=( + "${FILESDIR}/CVE-2013-6437-2012.2.1.patch" ) pkg_setup() { |