diff options
author | Ian Delaney <idella4@gentoo.org> | 2014-02-24 02:58:01 +0000 |
---|---|---|
committer | Ian Delaney <idella4@gentoo.org> | 2014-02-24 02:58:01 +0000 |
commit | 57b5076ea47375faff238f217f89b02eaa10c70b (patch) | |
tree | e8be00ef02c8137df3fd9bd353044ef2e1db377d /sys-cluster | |
parent | x86 stable wrt bug #492002 (diff) | |
download | gentoo-2-57b5076ea47375faff238f217f89b02eaa10c70b.tar.gz gentoo-2-57b5076ea47375faff238f217f89b02eaa10c70b.tar.bz2 gentoo-2-57b5076ea47375faff238f217f89b02eaa10c70b.zip |
rm old 2013.2.1 and assoc. patches by request of maintainer
(Portage version: 2.2.8/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
Diffstat (limited to 'sys-cluster')
-rw-r--r-- | sys-cluster/nova/ChangeLog | 7 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch | 127 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-7048-havana.patch | 35 | ||||
-rw-r--r-- | sys-cluster/nova/files/CVE-2013-7130-stable-havana.patch | 130 | ||||
-rw-r--r-- | sys-cluster/nova/nova-2013.2.1-r3.ebuild | 129 |
5 files changed, 6 insertions, 422 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog index dbb23decacc5..0b3e09048afe 100644 --- a/sys-cluster/nova/ChangeLog +++ b/sys-cluster/nova/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for sys-cluster/nova # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.50 2014/02/20 21:15:02 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.51 2014/02/24 02:58:01 idella4 Exp $ + + 24 Feb 2014; Ian Delaney <idella4@gentoo.org> + -files/CVE-2013-6437-2012.2.1.patch, -files/CVE-2013-7048-havana.patch, + -files/CVE-2013-7130-stable-havana.patch, -nova-2013.2.1-r3.ebuild: + rm old 2013.2.1 and assoc. patches by request of maintainer *nova-2013.2.2 (20 Feb 2014) diff --git a/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch b/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch deleted file mode 100644 index 3689c4f174e1..000000000000 --- a/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch +++ /dev/null @@ -1,127 +0,0 @@ -From ca38774ebcf5b67d16c202c8f218c0c433973ca9 Mon Sep 17 00:00:00 2001 -From: Ryan Moore <ryan.moore@hp.com> -Date: Fri, 29 Nov 2013 14:21:19 +0000 -Subject: [PATCH] use 'os_type' in ephemeral filename only if mkfs defined - -Currently for undefined os-types it will use the default mkfs -command, but use the meta 'os_type' in the name of the -ephemeral file (e.g. ephemeral_20_abcdef). Which can result -in a lot of files (DoS?) -This change will only use 'os_type' in the ephemeral filename -if there is a specific mkfs command defined, otherwise it will -use 'default' (e.g. ephemeral_20_default) - -Modifed the tests to test for: - os_type='' - os_type=None - os_type='test' - with no mkfs command specified - os_type='test' - with a mkfs command specified - -Closes-Bug: 1253980 - -Backport of Original Change-Id: Ie4c10f99ce690c5e4ef181624bd688c38923855c -to stable/havana - -Change-Id: Ifa2b94e79dabd586d7e904da247d099360229313 ---- - nova/tests/virt/libvirt/test_libvirt.py | 28 ++++++++++++++++++++++++++-- - nova/virt/disk/api.py | 4 ++++ - nova/virt/libvirt/driver.py | 5 ++--- - 3 files changed, 32 insertions(+), 5 deletions(-) - -diff --git a/nova/tests/virt/libvirt/test_libvirt.py b/nova/tests/virt/libvirt/test_libvirt.py -index 6410be3..cf82168 100644 ---- a/nova/tests/virt/libvirt/test_libvirt.py -+++ b/nova/tests/virt/libvirt/test_libvirt.py -@@ -3551,7 +3551,7 @@ def test_chown_disk_config_for_instance(self): - self.mox.ReplayAll() - conn._chown_disk_config_for_instance(instance) - -- def test_create_image_plain(self): -+ def _test_create_image_plain(self, os_type='', filename='', mkfs=False): - gotFiles = [] - - def fake_image(self, instance, name, image_type=''): -@@ -3586,11 +3586,15 @@ def fake_get_info(instance): - instance_ref = self.test_instance - instance_ref['image_ref'] = 1 - instance = db.instance_create(self.context, instance_ref) -+ instance['os_type'] = os_type - - conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False) - self.stubs.Set(conn, 'to_xml', fake_none) - self.stubs.Set(conn, '_create_domain_and_network', fake_none) - self.stubs.Set(conn, 'get_info', fake_get_info) -+ if mkfs: -+ self.stubs.Set(nova.virt.disk.api, '_MKFS_COMMAND', -+ {os_type: 'mkfs.ext3 --label %(fs_label)s %(target)s'}) - - image_meta = {'id': instance['image_ref']} - disk_info = blockinfo.get_disk_info(CONF.libvirt_type, -@@ -3605,11 +3609,31 @@ def fake_get_info(instance): - wantFiles = [ - {'filename': '356a192b7913b04c54574d18c28d46e6395428ab', - 'size': 10 * 1024 * 1024 * 1024}, -- {'filename': 'ephemeral_20_default', -+ {'filename': filename, - 'size': 20 * 1024 * 1024 * 1024}, - ] - self.assertEquals(gotFiles, wantFiles) - -+ def test_create_image_plain_os_type_blank(self): -+ self._test_create_image_plain(os_type='', -+ filename='ephemeral_20_default', -+ mkfs=False) -+ -+ def test_create_image_plain_os_type_none(self): -+ self._test_create_image_plain(os_type=None, -+ filename='ephemeral_20_default', -+ mkfs=False) -+ -+ def test_create_image_plain_os_type_set_no_fs(self): -+ self._test_create_image_plain(os_type='test', -+ filename='ephemeral_20_default', -+ mkfs=False) -+ -+ def test_create_image_plain_os_type_set_with_fs(self): -+ self._test_create_image_plain(os_type='test', -+ filename='ephemeral_20_test', -+ mkfs=True) -+ - def test_create_image_with_swap(self): - gotFiles = [] - -diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py -index 3ac7adb..a51efa6 100644 ---- a/nova/virt/disk/api.py -+++ b/nova/virt/disk/api.py -@@ -100,6 +100,10 @@ - _DEFAULT_MKFS_COMMAND = mkfs_command - - -+def get_fs_type_for_os_type(os_type): -+ return os_type if _MKFS_COMMAND.get(os_type) else 'default' -+ -+ - def mkfs(os_type, fs_label, target): - mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or - '') % {'fs_label': fs_label, 'target': target} -diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py -index 5c05307..39e0ce9 100644 ---- a/nova/virt/libvirt/driver.py -+++ b/nova/virt/libvirt/driver.py -@@ -2368,9 +2368,8 @@ def raw(fname): - project_id=instance['project_id']) - - # Lookup the filesystem type if required -- os_type_with_default = instance['os_type'] -- if not os_type_with_default: -- os_type_with_default = 'default' -+ os_type_with_default = disk.get_fs_type_for_os_type( -+ instance['os_type']) - - ephemeral_gb = instance['ephemeral_gb'] - if 'disk.local' in disk_mapping: --- -1.8.5.1 - diff --git a/sys-cluster/nova/files/CVE-2013-7048-havana.patch b/sys-cluster/nova/files/CVE-2013-7048-havana.patch deleted file mode 100644 index aabc52d302d6..000000000000 --- a/sys-cluster/nova/files/CVE-2013-7048-havana.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d Mon Sep 17 00:00:00 2001 -From: Xavier Queralt <xqueralt@redhat.com> -Date: Wed, 27 Nov 2013 19:44:36 +0000 -Subject: Enforce permissions in snapshots temporary dir - -Live snapshots creates a temporary directory where libvirt driver -creates a new image from the instance's disk using blockRebase. -Currently this directory is created with 777 permissions making this -directory accessible by all the users in the system. - -This patch changes the tempdir permissions so they have the o+x -flag set, which is what libvirt needs to be able to write in it and - -Closes-Bug: #1227027 -Change-Id: I767ff5247b4452821727e92b668276004fc0f84d -(cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f) ---- -diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py -index 5c05307..d427d65 100644 ---- a/nova/virt/libvirt/driver.py -+++ b/nova/virt/libvirt/driver.py -@@ -1390,9 +1390,8 @@ class LibvirtDriver(driver.ComputeDriver): - try: - out_path = os.path.join(tmpdir, snapshot_name) - if live_snapshot: -- # NOTE (rmk): libvirt needs to be able to write to the -- # temp directory, which is owned nova. -- utils.execute('chmod', '777', tmpdir, run_as_root=True) -+ # NOTE(xqueralt): libvirt needs o+x in the temp directory -+ os.chmod(tmpdir, 0o701) - self._live_snapshot(virt_dom, disk_path, out_path, - image_format) - else: --- -cgit v0.9.2 diff --git a/sys-cluster/nova/files/CVE-2013-7130-stable-havana.patch b/sys-cluster/nova/files/CVE-2013-7130-stable-havana.patch deleted file mode 100644 index 6e2c55de2a88..000000000000 --- a/sys-cluster/nova/files/CVE-2013-7130-stable-havana.patch +++ /dev/null @@ -1,130 +0,0 @@ -From c8423d648d578397e2742f9d0b21c90171e2efc3 Mon Sep 17 00:00:00 2001
-From: Nikola Dipanov <ndipanov@redhat.com>
-Date: Tue, 10 Dec 2013 17:43:17 +0100
-Subject: [PATCH] libvirt: Fix root disk leak in live mig
-
-This patch makes sure that i_create_images_and_backing method of the
-libvirt driver (called in several places, but most problematic one is
-the call in the pre_live_migration method) creates all the files the
-instance needs that are not present.
-
-Prioir to this patch - the method would only attempt to download the
-image, and if it did so with the path of the ephemeral drives, it could
-expose the image to other users as an ephemeral devices. See the related
-bug for more detaiis.
-
-After this patch - we properly distinguish between image, ephemeral and
-swap files, and make sure that the imagebackend does the correct thing.
-
-Closes-bug: #1251590
-
-Co-authored-by: Loganathan Parthipan <parthipan@hp.com>
-
-Change-Id: I78aa2f4243899db4f4941e77014a7e18e27fc63e
-(cherry picked from commit c69a619668b5f44e94a8fe1a23f3d887ba2834d7)
-
-Conflicts:
- nova/virt/libvirt/driver.py
----
- nova/tests/virt/libvirt/test_libvirt.py | 42 +++++++++++++++++++++++++++++++++
- nova/virt/libvirt/driver.py | 31 +++++++++++++++++-------
- 2 files changed, 65 insertions(+), 8 deletions(-)
-
-diff --git a/nova/tests/virt/libvirt/test_libvirt.py b/nova/tests/virt/libvirt/test_libvirt.py
-index c176985..191b3f8 100644
---- a/nova/tests/virt/libvirt/test_libvirt.py
-+++ b/nova/tests/virt/libvirt/test_libvirt.py
-@@ -3047,6 +3047,48 @@ class LibvirtConnTestCase(test.TestCase):
- conn._create_images_and_backing(self.context, self.test_instance,
- "/fake/instance/dir", disk_info_json)
-
-+ def test_create_images_and_backing_ephemeral_gets_created(self):
-+ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
-+ disk_info_json = jsonutils.dumps(
-+ [{u'backing_file': u'fake_image_backing_file',
-+ u'disk_size': 10747904,
-+ u'path': u'disk_path',
-+ u'type': u'qcow2',
-+ u'virt_disk_size': 25165824},
-+ {u'backing_file': u'ephemeral_1_default',
-+ u'disk_size': 393216,
-+ u'over_committed_disk_size': 1073348608,
-+ u'path': u'disk_eph_path',
-+ u'type': u'qcow2',
-+ u'virt_disk_size': 1073741824}])
-+
-+ base_dir = os.path.join(CONF.instances_path,
-+ CONF.image_cache_subdirectory_name)
-+ self.test_instance.update({'name': 'fake_instance',
-+ 'user_id': 'fake-user',
-+ 'os_type': None,
-+ 'project_id': 'fake-project'})
-+
-+ with contextlib.nested(
-+ mock.patch.object(conn, '_fetch_instance_kernel_ramdisk'),
-+ mock.patch.object(libvirt_driver.libvirt_utils, 'fetch_image'),
-+ mock.patch.object(conn, '_create_ephemeral')
-+ ) as (fetch_kernel_ramdisk_mock, fetch_image_mock,
-+ create_ephemeral_mock):
-+ conn._create_images_and_backing(self.context, self.test_instance,
-+ "/fake/instance/dir",
-+ disk_info_json)
-+ self.assertEqual(len(create_ephemeral_mock.call_args_list), 1)
-+ m_args, m_kwargs = create_ephemeral_mock.call_args_list[0]
-+ self.assertEqual(
-+ os.path.join(base_dir, 'ephemeral_1_default'),
-+ m_kwargs['target'])
-+ self.assertEqual(len(fetch_image_mock.call_args_list), 1)
-+ m_args, m_kwargs = fetch_image_mock.call_args_list[0]
-+ self.assertEqual(
-+ os.path.join(base_dir, 'fake_image_backing_file'),
-+ m_kwargs['target'])
-+
- def test_create_images_and_backing_disk_info_none(self):
- conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
- self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
-diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
-index 500ce51..c74b2ad 100644
---- a/nova/virt/libvirt/driver.py
-+++ b/nova/virt/libvirt/driver.py
-@@ -4209,14 +4209,29 @@ class LibvirtDriver(driver.ComputeDriver):
-
- image = self.image_backend.image(instance,
- instance_disk,
-- CONF.libvirt_images_type)
-- image.cache(fetch_func=libvirt_utils.fetch_image,
-- context=context,
-- filename=cache_name,
-- image_id=instance['image_ref'],
-- user_id=instance['user_id'],
-- project_id=instance['project_id'],
-- size=info['virt_disk_size'])
-+ CONF.libvirt.images_type)
-+ if cache_name.startswith('ephemeral'):
-+ image.cache(fetch_func=self._create_ephemeral,
-+ fs_label=cache_name,
-+ os_type=instance["os_type"],
-+ filename=cache_name,
-+ size=info['virt_disk_size'],
-+ ephemeral_size=instance['ephemeral_gb'])
-+ elif cache_name.startswith('swap'):
-+ inst_type = flavors.extract_flavor(instance)
-+ swap_mb = inst_type['swap']
-+ image.cache(fetch_func=self._create_swap,
-+ filename="swap_%s" % swap_mb,
-+ size=swap_mb * unit.Mi,
-+ swap_mb=swap_mb)
-+ else:
-+ image.cache(fetch_func=libvirt_utils.fetch_image,
-+ context=context,
-+ filename=cache_name,
-+ image_id=instance['image_ref'],
-+ user_id=instance['user_id'],
-+ project_id=instance['project_id'],
-+ size=info['virt_disk_size'])
-
- # if image has kernel and ramdisk, just download
- # following normal way.
---
-1.8.3.1
-
diff --git a/sys-cluster/nova/nova-2013.2.1-r3.ebuild b/sys-cluster/nova/nova-2013.2.1-r3.ebuild deleted file mode 100644 index 735b7e95f814..000000000000 --- a/sys-cluster/nova/nova-2013.2.1-r3.ebuild +++ /dev/null @@ -1,129 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1-r3.ebuild,v 1.1 2014/01/27 08:44:51 prometheanfire Exp $ - -EAPI=5 -PYTHON_COMPAT=( python2_7 ) - -inherit distutils-r1 eutils multilib user - -DESCRIPTION="A cloud computing fabric controller (main part of an IaaS system) written in Python." -HOMEPAGE="https://launchpad.net/nova" -SRC_URI="http://launchpad.net/${PN}/havana/${PV}/+download/${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+api +cert +compute +conductor +consoleauth +kvm +network +novncproxy +scheduler +spicehtml5proxy +xvpvncproxy sqlite mysql postgres xen" -REQUIRED_USE="|| ( mysql postgres sqlite ) - || ( kvm xen )" - -DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] - >=dev-python/pbr-0.5.21[${PYTHON_USEDEP}] - <dev-python/pbr-1.0[${PYTHON_USEDEP}] - app-admin/sudo" - -RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[sqlite,${PYTHON_USEDEP}] ) - mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[mysql,${PYTHON_USEDEP}] ) - postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}] - <dev-python/sqlalchemy-0.7.99[postgres,${PYTHON_USEDEP}] ) - >=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}] - >=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}] - virtual/python-argparse[${PYTHON_USEDEP}] - >=dev-python/boto-2.4.0[${PYTHON_USEDEP}] - !~dev-python/boto-2.13.0[${PYTHON_USEDEP}] - >=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}] - dev-python/jinja[${PYTHON_USEDEP}] - >=dev-python/kombu-2.4.8[${PYTHON_USEDEP}] - >=dev-python/lxml-2.3[${PYTHON_USEDEP}] - >=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}] - >=dev-python/webob-1.2.3[${PYTHON_USEDEP}] - <dev-python/webob-1.3[${PYTHON_USEDEP}] - >=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] - >=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}] - dev-python/paste[${PYTHON_USEDEP}] - >=dev-python/sqlalchemy-migrate-0.7.2[${PYTHON_USEDEP}] - dev-python/netaddr[${PYTHON_USEDEP}] - >=dev-python/suds-0.4[${PYTHON_USEDEP}] - >=dev-python/paramiko-1.8.0[${PYTHON_USEDEP}] - dev-python/pyasn1[${PYTHON_USEDEP}] - >=dev-python/Babel-1.3[${PYTHON_USEDEP}] - >=dev-python/iso8601-0.1.8[${PYTHON_USEDEP}] - >=dev-python/python-cinderclient-1.0.5[${PYTHON_USEDEP}] - >=dev-python/python-neutronclient-2.3.0[${PYTHON_USEDEP}] - <=dev-python/python-neutronclient-3.0.0[${PYTHON_USEDEP}] - >=dev-python/python-glanceclient-0.9.0[${PYTHON_USEDEP}] - >=dev-python/python-keystoneclient-0.3.2[${PYTHON_USEDEP}] - >=dev-python/stevedore-0.10[${PYTHON_USEDEP}] - >=dev-python/websockify-0.5.1[${PYTHON_USEDEP}] - <dev-python/websockify-0.6[${PYTHON_USEDEP}] - >=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}] - dev-python/libvirt-python[${PYTHON_USEDEP}] - novncproxy? ( www-apps/novnc ) - sys-apps/iproute2 - net-misc/openvswitch - sys-fs/sysfsutils - sys-fs/multipath-tools - kvm? ( app-emulation/qemu ) - xen? ( app-emulation/xen - app-emulation/xen-tools )" - -PATCHES=( - "${FILESDIR}/CVE-2013-6437-2012.2.1.patch" - "${FILESDIR}/CVE-2013-7048-havana.patch" - "${FILESDIR}/CVE-2013-7130-stable-havana.patch" -) - -pkg_setup() { - enewgroup nova - enewuser nova -1 -1 /var/lib/nova nova -} - -python_install() { - distutils-r1_python_install - newconfd "${FILESDIR}/nova-confd" "nova" - newinitd "${FILESDIR}/nova-initd" "nova" - use api && dosym /etc/init.d/nova /etc/init.d/nova-api - use cert && dosym /etc/init.d/nova /etc/init.d/nova-cert - use compute && dosym /etc/init.d/nova /etc/init.d/nova-compute - use conductor && dosym /etc/init.d/nova /etc/init.d/nova-conductor - use consoleauth && dosym /etc/init.d/nova /etc/init.d/nova-consoleauth - use network && dosym /etc/init.d/nova /etc/init.d/nova-network - use novncproxy &&dosym /etc/init.d/nova /etc/init.d/nova-novncproxy - use scheduler && dosym /etc/init.d/nova /etc/init.d/nova-scheduler - use spicehtml5proxy && dosym /etc/init.d/nova /etc/init.d/nova-spicehtml5proxy - use xvpvncproxy && dosym /etc/init.d/nova /etc/init.d/nova-xvpncproxy - - diropts -m 0750 - dodir /var/run/nova /var/log/nova /var/lock/nova - fowners nova:nova /var/log/nova /var/lock/nova /var/run/nova - - diropts -m 0755 - dodir /var/lib/nova/instances - fowners nova:nova /var/lib/nova/instances - - keepdir /etc/nova - insinto /etc/nova - newins "etc/nova/nova.conf.sample" "nova.conf" - doins "etc/nova/api-paste.ini" - doins "etc/nova/logging_sample.conf" - doins "etc/nova/policy.json" - doins "etc/nova/rootwrap.conf" - insinto /etc/nova/rootwrap.d - doins "etc/nova/rootwrap.d/api-metadata.filters" - doins "etc/nova/rootwrap.d/compute.filters" - doins "etc/nova/rootwrap.d/network.filters" - - #copy migration conf file (not coppied on install via setup.py script) - insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/ - doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg" - - #copy the CA cert dir (not coppied on install via setup.py script) - cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "isntalling CA files failed" - - #add sudoers definitions for user nova - insinto /etc/sudoers.d/ - doins "${FILESDIR}/nova-sudoers" -} |