fixes for CVE-2013-6437

(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
author: Matthew Thode <prometheanfire@gentoo.org> 2013-12-19 03:30:01 +0000
committer: Matthew Thode <prometheanfire@gentoo.org> 2013-12-19 03:30:01 +0000
commit: 658523134c89d5d9d14092926f096ed6748186cd (patch)
tree: f3621be022e0decafc0b981f5f76a4b2e4fa452d /sys-cluster
parent: Version bump. (diff)
download: gentoo-2-658523134c89d5d9d14092926f096ed6748186cd.tar.gz
gentoo-2-658523134c89d5d9d14092926f096ed6748186cd.tar.bz2
gentoo-2-658523134c89d5d9d14092926f096ed6748186cd.zip
6 files changed, 268 insertions, 131 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index f889d7a7ab01..8069fa09a7ad 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-cluster/nova
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.45 2013/12/19 03:18:19 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.46 2013/12/19 03:30:01 prometheanfire Exp $
+
+*nova-2013.1.4-r3 (19 Dec 2013)
+*nova-2013.2.1-r1 (19 Dec 2013)
+
+  19 Dec 2013; Matthew Thode <prometheanfire@gentoo.org>
+  +files/CVE-2013-6437-2012.1.4.patch, +files/CVE-2013-6437-2012.2.1.patch,
+  +nova-2013.1.4-r3.ebuild, +nova-2013.2.1-r1.ebuild, -nova-2013.1.4-r2.ebuild,
+  -nova-2013.2-r3.ebuild, -nova-2013.2.1.ebuild:
+  fixes for CVE-2013-6437
 
 *nova-2013.2.1 (19 Dec 2013)
 
diff --git a/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch b/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch
new file mode 100644
index 000000000000..f679668b2c39
--- /dev/null
+++ b/sys-cluster/nova/files/CVE-2013-6437-2012.1.4.patch
@@ -0,0 +1,127 @@
+From 3e451f1bac57d24e47171cffb3ad59bb1610d836 Mon Sep 17 00:00:00 2001
+From: Ryan Moore <ryan.moore@hp.com>
+Date: Fri, 29 Nov 2013 14:21:19 +0000
+Subject: [PATCH] use 'os_type' in ephemeral filename only if mkfs defined
+
+Currently for undefined os-types it will use the default mkfs
+command, but use the meta 'os_type' in the name of the
+ephemeral file (e.g. ephemeral_20_abcdef). Which can result
+in a lot of files (DoS?)
+This change will only use 'os_type' in the ephemeral filename
+if there is a specific mkfs command defined, otherwise it will
+use 'default' (e.g. ephemeral_20_default)
+
+Modifed the tests to test for:
+  os_type=''
+  os_type=None
+  os_type='test' - with no mkfs command specified
+  os_type='test' - with a mkfs command specified
+
+Closes-Bug: 1253980
+
+Backport of Original Change-Id: Ie4c10f99ce690c5e4ef181624bd688c38923855c
+to stable/grizzly
+
+Change-Id: Ia040910e90861a2987eff345ad1c01863655b124
+---
+ nova/tests/test_libvirt.py  | 28 ++++++++++++++++++++++++++--
+ nova/virt/disk/api.py       |  4 ++++
+ nova/virt/libvirt/driver.py |  5 ++---
+ 3 files changed, 32 insertions(+), 5 deletions(-)
+
+diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
+index 4b07d65..d2ac73b 100644
+--- a/nova/tests/test_libvirt.py
++++ b/nova/tests/test_libvirt.py
+@@ -2725,7 +2725,7 @@ def fake_get_info(instance):
+         self.assertTrue(self.cache_called_for_disk)
+         db.instance_destroy(self.context, instance['uuid'])
+ 
+-    def test_create_image_plain(self):
++    def _test_create_image_plain(self, os_type='', filename='', mkfs=False):
+         gotFiles = []
+ 
+         def fake_image(self, instance, name, image_type=''):
+@@ -2760,11 +2760,15 @@ def fake_get_info(instance):
+         instance_ref = self.test_instance
+         instance_ref['image_ref'] = 1
+         instance = db.instance_create(self.context, instance_ref)
++        instance['os_type'] = os_type
+ 
+         conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
+         self.stubs.Set(conn, 'to_xml', fake_none)
+         self.stubs.Set(conn, '_create_domain_and_network', fake_none)
+         self.stubs.Set(conn, 'get_info', fake_get_info)
++        if mkfs:
++            self.stubs.Set(nova.virt.disk.api, '_MKFS_COMMAND',
++                       {os_type: 'mkfs.ext3 --label %(fs_label)s %(target)s'})
+ 
+         image_meta = {'id': instance['image_ref']}
+         disk_info = blockinfo.get_disk_info(CONF.libvirt_type,
+@@ -2779,11 +2783,31 @@ def fake_get_info(instance):
+         wantFiles = [
+             {'filename': '356a192b7913b04c54574d18c28d46e6395428ab',
+              'size': 10 * 1024 * 1024 * 1024},
+-            {'filename': 'ephemeral_20_default',
++            {'filename': filename,
+              'size': 20 * 1024 * 1024 * 1024},
+             ]
+         self.assertEquals(gotFiles, wantFiles)
+ 
++    def test_create_image_plain_os_type_blank(self):
++        self._test_create_image_plain(os_type='',
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_none(self):
++        self._test_create_image_plain(os_type=None,
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_set_no_fs(self):
++        self._test_create_image_plain(os_type='test',
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_set_with_fs(self):
++        self._test_create_image_plain(os_type='test',
++                                      filename='ephemeral_20_test',
++                                      mkfs=True)
++
+     def test_create_image_with_swap(self):
+         gotFiles = []
+ 
+diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py
+index e1af0bf..a17ba59 100755
+--- a/nova/virt/disk/api.py
++++ b/nova/virt/disk/api.py
+@@ -90,6 +90,10 @@
+         _DEFAULT_MKFS_COMMAND = mkfs_command
+ 
+ 
++def get_fs_type_for_os_type(os_type):
++    return os_type if _MKFS_COMMAND.get(os_type) else 'default'
++
++
+ def mkfs(os_type, fs_label, target):
+     mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or
+                     '') % locals()
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index ff1117c..0f0ea46 100755
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -1826,9 +1826,8 @@ def raw(fname):
+                                 project_id=instance['project_id'])
+ 
+         # Lookup the filesystem type if required
+-        os_type_with_default = instance['os_type']
+-        if not os_type_with_default:
+-            os_type_with_default = 'default'
++        os_type_with_default = disk.get_fs_type_for_os_type(
++                                                          instance['os_type'])
+ 
+         ephemeral_gb = instance['ephemeral_gb']
+         if 'disk.local' in disk_mapping:
+-- 
+1.8.5.1
+
diff --git a/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch b/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch
new file mode 100644
index 000000000000..3689c4f174e1
--- /dev/null
+++ b/sys-cluster/nova/files/CVE-2013-6437-2012.2.1.patch
@@ -0,0 +1,127 @@
+From ca38774ebcf5b67d16c202c8f218c0c433973ca9 Mon Sep 17 00:00:00 2001
+From: Ryan Moore <ryan.moore@hp.com>
+Date: Fri, 29 Nov 2013 14:21:19 +0000
+Subject: [PATCH] use 'os_type' in ephemeral filename only if mkfs defined
+
+Currently for undefined os-types it will use the default mkfs
+command, but use the meta 'os_type' in the name of the
+ephemeral file (e.g. ephemeral_20_abcdef). Which can result
+in a lot of files (DoS?)
+This change will only use 'os_type' in the ephemeral filename
+if there is a specific mkfs command defined, otherwise it will
+use 'default' (e.g. ephemeral_20_default)
+
+Modifed the tests to test for:
+  os_type=''
+  os_type=None
+  os_type='test' - with no mkfs command specified
+  os_type='test' - with a mkfs command specified
+
+Closes-Bug: 1253980
+
+Backport of Original Change-Id: Ie4c10f99ce690c5e4ef181624bd688c38923855c
+to stable/havana
+
+Change-Id: Ifa2b94e79dabd586d7e904da247d099360229313
+---
+ nova/tests/virt/libvirt/test_libvirt.py | 28 ++++++++++++++++++++++++++--
+ nova/virt/disk/api.py                   |  4 ++++
+ nova/virt/libvirt/driver.py             |  5 ++---
+ 3 files changed, 32 insertions(+), 5 deletions(-)
+
+diff --git a/nova/tests/virt/libvirt/test_libvirt.py b/nova/tests/virt/libvirt/test_libvirt.py
+index 6410be3..cf82168 100644
+--- a/nova/tests/virt/libvirt/test_libvirt.py
++++ b/nova/tests/virt/libvirt/test_libvirt.py
+@@ -3551,7 +3551,7 @@ def test_chown_disk_config_for_instance(self):
+         self.mox.ReplayAll()
+         conn._chown_disk_config_for_instance(instance)
+ 
+-    def test_create_image_plain(self):
++    def _test_create_image_plain(self, os_type='', filename='', mkfs=False):
+         gotFiles = []
+ 
+         def fake_image(self, instance, name, image_type=''):
+@@ -3586,11 +3586,15 @@ def fake_get_info(instance):
+         instance_ref = self.test_instance
+         instance_ref['image_ref'] = 1
+         instance = db.instance_create(self.context, instance_ref)
++        instance['os_type'] = os_type
+ 
+         conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
+         self.stubs.Set(conn, 'to_xml', fake_none)
+         self.stubs.Set(conn, '_create_domain_and_network', fake_none)
+         self.stubs.Set(conn, 'get_info', fake_get_info)
++        if mkfs:
++            self.stubs.Set(nova.virt.disk.api, '_MKFS_COMMAND',
++                       {os_type: 'mkfs.ext3 --label %(fs_label)s %(target)s'})
+ 
+         image_meta = {'id': instance['image_ref']}
+         disk_info = blockinfo.get_disk_info(CONF.libvirt_type,
+@@ -3605,11 +3609,31 @@ def fake_get_info(instance):
+         wantFiles = [
+             {'filename': '356a192b7913b04c54574d18c28d46e6395428ab',
+              'size': 10 * 1024 * 1024 * 1024},
+-            {'filename': 'ephemeral_20_default',
++            {'filename': filename,
+              'size': 20 * 1024 * 1024 * 1024},
+             ]
+         self.assertEquals(gotFiles, wantFiles)
+ 
++    def test_create_image_plain_os_type_blank(self):
++        self._test_create_image_plain(os_type='',
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_none(self):
++        self._test_create_image_plain(os_type=None,
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_set_no_fs(self):
++        self._test_create_image_plain(os_type='test',
++                                      filename='ephemeral_20_default',
++                                      mkfs=False)
++
++    def test_create_image_plain_os_type_set_with_fs(self):
++        self._test_create_image_plain(os_type='test',
++                                      filename='ephemeral_20_test',
++                                      mkfs=True)
++
+     def test_create_image_with_swap(self):
+         gotFiles = []
+ 
+diff --git a/nova/virt/disk/api.py b/nova/virt/disk/api.py
+index 3ac7adb..a51efa6 100644
+--- a/nova/virt/disk/api.py
++++ b/nova/virt/disk/api.py
+@@ -100,6 +100,10 @@
+         _DEFAULT_MKFS_COMMAND = mkfs_command
+ 
+ 
++def get_fs_type_for_os_type(os_type):
++    return os_type if _MKFS_COMMAND.get(os_type) else 'default'
++
++
+ def mkfs(os_type, fs_label, target):
+     mkfs_command = (_MKFS_COMMAND.get(os_type, _DEFAULT_MKFS_COMMAND) or
+                     '') % {'fs_label': fs_label, 'target': target}
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index 5c05307..39e0ce9 100644
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -2368,9 +2368,8 @@ def raw(fname):
+                                 project_id=instance['project_id'])
+ 
+         # Lookup the filesystem type if required
+-        os_type_with_default = instance['os_type']
+-        if not os_type_with_default:
+-            os_type_with_default = 'default'
++        os_type_with_default = disk.get_fs_type_for_os_type(
++                                                          instance['os_type'])
+ 
+         ephemeral_gb = instance['ephemeral_gb']
+         if 'disk.local' in disk_mapping:
+-- 
+1.8.5.1
+
diff --git a/sys-cluster/nova/nova-2013.1.4-r2.ebuild b/sys-cluster/nova/nova-2013.1.4-r3.ebuild
index f9b1429d40ae..edb0ac290b01 100644
--- a/sys-cluster/nova/nova-2013.1.4-r2.ebuild
+++ b/sys-cluster/nova/nova-2013.1.4-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r2.ebuild,v 1.1 2013/12/13 21:10:35 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r3.ebuild,v 1.1 2013/12/19 03:30:01 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -74,6 +74,7 @@ PATCHES=(
 	"${FILESDIR}/CVE-2013-4497-grizzly-1.patch"
 	"${FILESDIR}/CVE-2013-4497-grizzly-2.patch"
 	"${FILESDIR}/CVE-2013-6419_2013.1.4.patch"
+	"${FILESDIR}/CVE-2013-6437-2012.1.4.patch"
 )
 
 pkg_setup() {
diff --git a/sys-cluster/nova/nova-2013.2-r3.ebuild b/sys-cluster/nova/nova-2013.2-r3.ebuild
deleted file mode 100644
index fe1912f5f7ce..000000000000
--- a/sys-cluster/nova/nova-2013.2-r3.ebuild
+++ /dev/null
@@ -1,128 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2-r3.ebuild,v 1.1 2013/12/13 21:10:35 prometheanfire Exp $
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit distutils-r1 eutils multilib
-
-DESCRIPTION="A cloud computing fabric controller (main part of an IaaS system) written in Python."
-HOMEPAGE="https://launchpad.net/nova"
-SRC_URI="http://launchpad.net/${PN}/havana/${PV}/+download/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="+api +cert +compute +conductor +consoleauth +kvm +network +novncproxy +scheduler +spicehtml5proxy +xvpvncproxy sqlite mysql postgres xen"
-REQUIRED_USE="|| ( mysql postgres sqlite )
-			  || ( kvm xen )"
-
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
-		>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
-		<dev-python/pbr-1.0[${PYTHON_USEDEP}]
-		app-admin/sudo"
-
-RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
-	          <dev-python/sqlalchemy-0.7.99[sqlite,${PYTHON_USEDEP}] )
-		mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}]
-	         <dev-python/sqlalchemy-0.7.99[mysql,${PYTHON_USEDEP}] )
-		postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}]
-	            <dev-python/sqlalchemy-0.7.99[postgres,${PYTHON_USEDEP}] )
-		>=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}]
-		>=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}]
-		virtual/python-argparse[${PYTHON_USEDEP}]
-		>=dev-python/boto-2.4.0[${PYTHON_USEDEP}]
-		!~dev-python/boto-2.13.0[${PYTHON_USEDEP}]
-		>=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}]
-		dev-python/jinja[${PYTHON_USEDEP}]
-		>=dev-python/kombu-2.4.8[${PYTHON_USEDEP}]
-		>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
-		>=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}]
-		>=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
-		<dev-python/webob-1.3[${PYTHON_USEDEP}]
-		>=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
-		>=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
-		dev-python/paste[${PYTHON_USEDEP}]
-		>=dev-python/sqlalchemy-migrate-0.7.2[${PYTHON_USEDEP}]
-		dev-python/netaddr[${PYTHON_USEDEP}]
-		>=dev-python/suds-0.4[${PYTHON_USEDEP}]
-		>=dev-python/paramiko-1.8.0[${PYTHON_USEDEP}]
-		dev-python/pyasn1[${PYTHON_USEDEP}]
-		>=dev-python/Babel-0.9.6[${PYTHON_USEDEP}]
-		>=dev-python/iso8601-0.1.4[${PYTHON_USEDEP}]
-		>=dev-python/python-cinderclient-1.0.5[${PYTHON_USEDEP}]
-		>=dev-python/python-neutronclient-2.3.0[${PYTHON_USEDEP}]
-		<=dev-python/python-neutronclient-3.0.0[${PYTHON_USEDEP}]
-		>=dev-python/python-glanceclient-0.9.0[${PYTHON_USEDEP}]
-		>=dev-python/python-keystoneclient-0.3.2[${PYTHON_USEDEP}]
-		>=dev-python/stevedore-0.10[${PYTHON_USEDEP}]
-		>=dev-python/websockify-0.5.1[${PYTHON_USEDEP}]
-		<dev-python/websockify-0.6[${PYTHON_USEDEP}]
-		>=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}]
-		dev-python/libvirt-python[${PYTHON_USEDEP}]
-		novncproxy? ( www-apps/novnc )
-		sys-apps/iproute2
-		net-misc/openvswitch
-		sys-fs/sysfsutils
-		sys-fs/multipath-tools
-		kvm? ( app-emulation/qemu )
-		xen? ( app-emulation/xen
-			   app-emulation/xen-tools )"
-
-PATCHES=(
-	"${FILESDIR}/CVE-2013-4463_4469-havana.patch"
-	"${FILESDIR}/CVE-2013-6419_2013.2.patch"
-)
-
-pkg_setup() {
-	enewgroup nova
-	enewuser nova -1 -1 /var/lib/nova nova
-}
-
-python_install() {
-	distutils-r1_python_install
-	newconfd "${FILESDIR}/nova-confd" "nova"
-	newinitd "${FILESDIR}/nova-initd" "nova"
-	use api && dosym /etc/init.d/nova /etc/init.d/nova-api
-	use cert && dosym /etc/init.d/nova /etc/init.d/nova-cert
-	use compute && dosym /etc/init.d/nova /etc/init.d/nova-compute
-	use conductor && dosym /etc/init.d/nova /etc/init.d/nova-conductor
-	use consoleauth && dosym /etc/init.d/nova /etc/init.d/nova-consoleauth
-	use network &&  dosym /etc/init.d/nova /etc/init.d/nova-network
-	use novncproxy &&dosym /etc/init.d/nova /etc/init.d/nova-novncproxy
-	use scheduler && dosym /etc/init.d/nova /etc/init.d/nova-scheduler
-	use spicehtml5proxy && dosym /etc/init.d/nova /etc/init.d/nova-spicehtml5proxy
-	use xvpvncproxy && dosym /etc/init.d/nova /etc/init.d/nova-xvpncproxy
-
-	diropts -m 0750
-	dodir /var/run/nova /var/log/nova /var/lock/nova
-	fowners nova:nova /var/log/nova /var/lock/nova /var/run/nova
-
-	diropts -m 0755
-	dodir /var/lib/nova/instances
-	fowners nova:nova /var/lib/nova/instances
-
-	keepdir /etc/nova
-	insinto /etc/nova
-	newins "etc/nova/nova.conf.sample" "nova.conf"
-	doins "etc/nova/api-paste.ini"
-	doins "etc/nova/logging_sample.conf"
-	doins "etc/nova/policy.json"
-	doins "etc/nova/rootwrap.conf"
-	insinto /etc/nova/rootwrap.d
-	doins "etc/nova/rootwrap.d/api-metadata.filters"
-	doins "etc/nova/rootwrap.d/compute.filters"
-	doins "etc/nova/rootwrap.d/network.filters"
-
-	#copy migration conf file (not coppied on install via setup.py script)
-	insinto /usr/$(get_libdir)/python2.7/site-packages/nova/db/sqlalchemy/migrate_repo/
-	doins "nova/db/sqlalchemy/migrate_repo/migrate.cfg"
-
-	#copy the CA cert dir (not coppied on install via setup.py script)
-	cp -R "${S}/nova/CA" "${D}/usr/$(get_libdir)/python2.7/site-packages/nova/" || die "isntalling CA files failed"
-
-	#add sudoers definitions for user nova
-	insinto /etc/sudoers.d/
-	doins "${FILESDIR}/nova-sudoers"
-}
diff --git a/sys-cluster/nova/nova-2013.2.1.ebuild b/sys-cluster/nova/nova-2013.2.1-r1.ebuild
index bd9f21fda68e..e42f6174b322 100644
--- a/sys-cluster/nova/nova-2013.2.1.ebuild
+++ b/sys-cluster/nova/nova-2013.2.1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1.ebuild,v 1.1 2013/12/19 03:18:19 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1-r1.ebuild,v 1.1 2013/12/19 03:30:01 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -71,6 +71,7 @@ RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
 			   app-emulation/xen-tools )"
 
 PATCHES=(
+	"${FILESDIR}/CVE-2013-6437-2012.2.1.patch"
 )
 
 pkg_setup() {
author	Matthew Thode <prometheanfire@gentoo.org>	2013-12-19 03:30:01 +0000
committer	Matthew Thode <prometheanfire@gentoo.org>	2013-12-19 03:30:01 +0000
commit	658523134c89d5d9d14092926f096ed6748186cd (patch)
tree	f3621be022e0decafc0b981f5f76a4b2e4fa452d /sys-cluster
parent	Version bump. (diff)
download	gentoo-2-658523134c89d5d9d14092926f096ed6748186cd.tar.gz gentoo-2-658523134c89d5d9d14092926f096ed6748186cd.tar.bz2 gentoo-2-658523134c89d5d9d14092926f096ed6748186cd.zip