fixing CVE-2015-1851

Package-Manager: portage-2.2.18/cvs/Linux x86_64 Manifest-Sign-Key: 0x33ED3FD25AFC78BA
author: Matt Thode <prometheanfire@gentoo.org> 2015-06-17 21:50:30 +0000
committer: Matt Thode <prometheanfire@gentoo.org> 2015-06-17 21:50:30 +0000
commit: 97487cfb70e64b0a071366466a362f4dbfb184aa (patch)
tree: de1d2bf1d1e66df4089c3da9eef086b5a048a70d /sys-cluster
parent: adding s6 suport for bug 550594 (diff)
download: historical-97487cfb70e64b0a071366466a362f4dbfb184aa.tar.gz
historical-97487cfb70e64b0a071366466a362f4dbfb184aa.tar.bz2
historical-97487cfb70e64b0a071366466a362f4dbfb184aa.zip
6 files changed, 354 insertions, 18 deletions
diff --git a/sys-cluster/cinder/ChangeLog b/sys-cluster/cinder/ChangeLog
index 19e20e272557..69af9267be59 100644
--- a/sys-cluster/cinder/ChangeLog
+++ b/sys-cluster/cinder/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-cluster/cinder
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/cinder/ChangeLog,v 1.56 2015/06/17 21:16:47 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/cinder/ChangeLog,v 1.57 2015/06/17 21:50:18 prometheanfire Exp $
+
+*cinder-2015.1.0-r1 (17 Jun 2015)
+*cinder-2014.2.3-r1 (17 Jun 2015)
+
+  17 Jun 2015; Matthew Thode <prometheanfire@gentoo.org>
+  +cinder-2014.2.3-r1.ebuild, +cinder-2015.1.0-r1.ebuild,
+  +files/CVE-2015-1851_2014.2.3.patch, +files/CVE-2015-1851_2015.1.0.patch,
+  -cinder-2015.1.0.ebuild:
+  fixing CVE-2015-1851
 
   17 Jun 2015; Matthew Thode <prometheanfire@gentoo.org> cinder-2015.1.0.ebuild,
   cinder-2015.1.9999.ebuild, metadata.xml:
diff --git a/sys-cluster/cinder/Manifest b/sys-cluster/cinder/Manifest
index 35cd5575e493..11a18e8637a8 100644
--- a/sys-cluster/cinder/Manifest
+++ b/sys-cluster/cinder/Manifest
@@ -1,6 +1,8 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
+AUX CVE-2015-1851_2014.2.3.patch 3724 SHA256 770232ee23c0c6636677c06aa5936448eaf08cdc2a0393d3aa20270ec4bac458 SHA512 4ce7a3d4c85af90bc27c3a5fb623be9face1ff820362b8ebdff4b9e611c0c6cd203706561ba5ee5453803b681234eb94c6106c4345d1a06403dc2cd242a84337 WHIRLPOOL c2389ab144d943071faf28c1b450a90d7372a72a7fed99596e90df6a7c0c98e8f730fa26194c62924726cd914345333e20fea781fa9b0e37714351c3bb5d90c9
+AUX CVE-2015-1851_2015.1.0.patch 4043 SHA256 54f3c8fecf96c7418472e331bed5b526a613a05b7a3f1f3663defc64be5c39e6 SHA512 36276816f0099719d4d46ab773d2f5ba5e894544b913608dbc24e418b4eaaa47b8e81523ad21c4d090898bc39b0196f9c6accdb3f45bfc0df909a0ac5e0e8bf4 WHIRLPOOL c7f0ebaf40553781434d15c2552a999f5aaa5f6469a64d23b9f02d258017b301e3de796ae00817962e99cdc48f9af86d3e583a34de5adfae80369b5fffce72b0
 AUX cinder-confd 75 SHA256 178148ecb30d9d1a03e4f5210dfa235be3028dc2af7d6f7a4c2e4d0ef190f0f3 SHA512 4dd3db170c1234906fa679ec6684cde16a6bdad4ac90d6a9c00bc0c4afc7ee40ebcebdc7071ad0a34f8eb5bd9c0ab32c6f8fc40624b6c575c4fbb58dad1c91e3 WHIRLPOOL 3f32cbe4f4935a5c5c34de77d638b4cbc10a7a75ba230be5be75af85b12179741bb970603252ec74f098319dffce6eef7e5f0c9bfa34a5b84119fb7642f22d22
 AUX cinder-init 1436 SHA256 ef93804e171364da98232fca2bf25adfb16e062c8b4dd69ce12f280b08ca8154 SHA512 b6d9d5a949cd43669a28b4e2c54cf795c92f070d10b56130f5a024fcbf9934d9e4f910e78972f427c979e68ee71c55006ecc9008eacf5c8abbe4c81c7b0731bf WHIRLPOOL 5983f6cbf500359d4e03b89d240f7652bd22655c0edcb858052062c4886c4da1d72ded228dd79847f74c279d5592dab2945807f611db1bf847a2c6d2b9f8f619
 AUX cinder-sudoers 86 SHA256 a2c2b8f50b21deaceaa2184c00725492cd96db44736cb3fe4bf4aaecc0805b6f SHA512 c158be54e721abc6916db2e710092ca75aac65ac88b19849ccd0f3ebbb7c8879aab6b73aba36537e806abd5b8b5e8fbc24fca79d00015d3308198d5270e51fe1 WHIRLPOOL 52642c53b34b089fb9c82c1307c02cd611ea834492a2919a12902bc974a146348a3dcde3db6058eb417395acaff8131398e70fbfa74c7325abcd695102f372c3
@@ -10,26 +12,27 @@ DIST cinder-2014.2.2.tar.gz 1792693 SHA256 2c779bf9d208163af6c425da9043bbdcb345c
 DIST cinder-2014.2.3.tar.gz 1787308 SHA256 1112da6c28b92fe6bab1ab493b5a99d8695e78272d0c1d20c1793cc9c5a0243a SHA512 2f5b00a87da50e2f5b3acc1a05e1890542834431c406d2450631b41df05fcdd8591b625c58291441a929c731b274093e034365cf599a54f2a79334a3b48143a2 WHIRLPOOL f67b73f96a923369e5d3dbfa09b3a6a858c1f85232505e99e9cdf72ce28b3a87fd07193a4fabda11cfdc1450ab44d7de9cc4aa0ac9af89a96179dd63a0daf4c2
 DIST cinder-2015.1.0.tar.gz 2060773 SHA256 d89d588f35ce66dc7af6e9d63ebb9b3a929670db90ed2ad43d129f32928a4270 SHA512 9dddab335dae0660a59ea80b2579bca16c0cc6e5220f5f8d150f239b026fdbf085c55383d44833da5ea21fb554d9ed6f0700d503322e5467a3c6959cfcb3bd93 WHIRLPOOL 6383b7482587eb1bb298a9b6650f75225a306fe2e398a6377416f182fdc8a1614e4b0a3847bf21cb31454ad3b3c7cb87884c6770b6f4c619fa078db783cc3683
 EBUILD cinder-2014.2.2.ebuild 5650 SHA256 76398d96edce4fed41949883527224e53efcf52c46b143a7c0b934f3f017358f SHA512 999b55fed869f687d44223e20ab22a556ad4bd4988eac9c0277ff199e5fe2941b610389af7d229631eb3d49fc2faf0a8dd16e40fc10a3453357cec2aceada949 WHIRLPOOL 305918fdf146291684be969766b88e297a8e7ffb2106a60d8144a5d0e2abf9a1fc97e52b430d42cb1cd069a6fda2a5ffcceb78989a9737c7c88115d055ac84c1
+EBUILD cinder-2014.2.3-r1.ebuild 5701 SHA256 aa9b749b70aaca442ce548f895a27da763547dbaff669642f7ffd7e70d8fdae6 SHA512 899fc0bf0fdde66993b8f678027f892aaa8498f6a5ed1c15e1aa403c7c72dc129b91ab0540b41ccd301145214abb4d2e2d088732e5236eb45bd48e991d37ea59 WHIRLPOOL bae442dcc2e358ad75a09ff91cd2c074e455381c6f24135df42e593956bedb4989a9cadc4fb9661eb8dde76db185fc610a197e2e7d819cc1c243d312e098cbd6
 EBUILD cinder-2014.2.3.ebuild 5655 SHA256 a5f398acf0125c6502ea53f4eb57ea06c8ce5a8db4ad64dd84132075d360416d SHA512 5581cfdda3c2914eac8104735d7a435bc2cfc7f8a43efd1b638967702215ba912173164bc8d3d616d1d23ef763e7641e02b1891bd96fd70207400695c049f5c8 WHIRLPOOL 8cd89b218ec10ff4f14228b31a690b8eb12279ccf00b8766d3abaeb5c093083c72693110aa8fcc0b8f50b283b564bc97194d87fedd6f9031df9bfc5e73bf803f
 EBUILD cinder-2014.2.9999.ebuild 5665 SHA256 d7bd99ea76758a2891a259dcf44f2286407adfbf1262b83cdd870ae3bcc489a5 SHA512 f70a9e1a82524e895ffce6e6b8b8d39173a6493c92bc4adfa84675aad928e95035cfcb4d8c86b858a920a758ddf604eab59d2072ac976e4fe4a97d829cfd7fa7 WHIRLPOOL 50d839c6a81bb508a352c6b85a8b80aa8d9ba702c25fb2aaf892af4915d172cb97a2d47ed352025d23036bb577e181d82a988b8a739b772aaab0c5be3950c578
-EBUILD cinder-2015.1.0.ebuild 7139 SHA256 5ccdf6ee74fd11823c39151fc9af3adf719a8a22a46d7ca3f50b605c6bb68065 SHA512 32d1d22a531876c3e730e9f59f9bc5e7e3a12f1810d5296efe4e9b6aabd86a7b87752a0e4e82804dd817ff235814c9d1c698a621198679a50f1a0432826637f2 WHIRLPOOL ef8763b50f386fb369e1845444e5e1a8850ef0b2f98e88afadc5811cdf62162bcf0038afcd638d269c5e52c57b64e41a7775f43e88770e23d9031dad1527329b
+EBUILD cinder-2015.1.0-r1.ebuild 7185 SHA256 b886a0b22d76911ea511ce40749403d42a473d4216f69e40a0e32d5e3a57318c SHA512 5a44d14df81bff5bd6f7483dcb82c9b564924eecd9139ea1f15c07bb38136217b6b831eafde0cc0ac90162a577e607ebf4d389bdeb76a452b98dc427a3ec1c94 WHIRLPOOL 4d47e701280f674f9220f14d5e87d7c4394ff8bb959d9984ff34edcf9431ab7ec73680475fc7ae5b44806ed1309da99a68d53d64fbf6b2d7a71581da419c9dfc
 EBUILD cinder-2015.1.9999.ebuild 7149 SHA256 b7798b6d71f1621d26616ee800d13f3c365d0bdb5c6284c45a1d15c3f53d0a2c SHA512 9a0477d6d6e47bb55f66da809a52da127faf3188e3e1dc0253f622a55ff46ea0627a4c341285a641aa200cbf1ecc34807181ce01bca71cbd8b475ceb0e6d78df WHIRLPOOL bb39de9f23e1239ea71f3ba4a4e124d93b19de07aba63cf0c16417acb59f96f5b78ac75908ace088226c9b684856c42fe07a1384bed528dcd2964d140099e8ba
-MISC ChangeLog 10094 SHA256 83883270280ee397ac786a8afc028f68e83b20093b797be9370f719adbda84c5 SHA512 08775796b3b8af51d4f83fa1faa4fe73e60892805297170aa2babbfb7025740eac3e4fa244f902c59a5d99ec72bf9dbd5c7a0d0588df6ee3f52ee6ed3cceabe0 WHIRLPOOL efbe9b6931aff634f9850fd7e3be6c137aeaf2fece4b89a29b5f607b5d70649be79e193ad6beb78ce827b89cc518afa3fcb223486ef5042bd58454b27f06342a
+MISC ChangeLog 10405 SHA256 3105468773308cd40ecb8b5a9cf001e35ecaf1be2a8025c2f289a6ade213850e SHA512 e2360b6a6a9b2e9b563fbeaf5df8eacba76066f71ec5a9de526c6a6c7bfe86239211061fc61b5e3402efe9f05836ce330a00dd4920bd222b11d45b342a195d89 WHIRLPOOL be52262b065a8d30fb0bea2c2f512166b3351d1c3e6ea12595ceed7ee395028e9bf3586094cd01171063c8e38c3f826643c97b04a7b21523778aec2fd9af954d
 MISC metadata.xml 1031 SHA256 616141da0a68b35bdf1cb238a3ff954b5acfc05a32b5082d9cd5ee7cef31a239 SHA512 3daccea177c31c85a854c1700e4d39e79b967c4833c9156f0db7d8a133a44c380aa98b842e05830264d6ffc9fbbd1817aa88a808b2835b80f5064ff6afcc2783 WHIRLPOOL 18b4d280c105cc21e084e01c8e3b80ea48ac7c6cebad2f5fdc5716723b346362416b31a5872c486d11ce9d313446db0994c857d5fe7dd5d7cc9d391fa82ea4a3
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQIcBAEBCAAGBQJVgeP8AAoJEGSje+quGaTovAIP/jdhb7AItmwdNFsYjZcrmryA
-41ytuUtUbn1zeQJrN8Esese9J0FBoLCKRjyN/w6sucznhob0gBtM+m3wH068Y28i
-qH0jjI+MecbjQT7h891XKNPt73YNfhzoJJCw6RRJoSNVMds7OESQfvRDD6woc75G
-+qr4AEp5YU/VkCP2Opj18NC5vYEdARkhE+36hXwQjN5pK5+HFV2JRPKUXc3GZxHC
-/CbmPzI8I14dvWGetOecK9bDRESPfzZW5XLlvyWvalL4Sh8Jtg3QdcT3Oo7x/Fmz
-v10/iGXLdT8B+inX0O1NDPniEcfN3I7x4aOClKQ1NgyzXyVtt1JgAkDdWZTQAnIe
-Wk9FYgYxx/cgEIlzlvW1H3nFFvWdaA/Au1yoBW4szOf6LS5npVjpAhBgGR/oXPs0
-ULZu1cB0t6zD4IFS0yKqLxArcBiR2BXcRUsoGbGN1lokzN1ekN42ctPHPOgjPQD/
-8/UwSY0Fvb8u8s1sZastL3+wlOPn3/0BgsdueerfqvM3z54arH4G2ENvL0k1pTgg
-CBDDsdVMeejGL+mhRp5Gr2s+kOZYmZIbTRigLPputgw/Z/lBjOvIi5tGpoof/MeM
-yhmrLjosKeztPcLQddK4ezh6uMrlsAByAk3zvkGeNHo+7bnr+vCtT7hNzeBlLcQ+
-+xhTcDgpXvxwQr8tZFZ6
-=hgTa
+iQIcBAEBCAAGBQJVgevXAAoJEGSje+quGaToRYMP/iz0PejCVj8AVGexzCgfdIia
+YEJoZjAj4xRE5i9jyZusA1VlmpehiN1DL9MGU1d/AiL2f5a9qMdM8sPHciWCK8Ds
+Cr8vDPVDNgfqx8cPKTrXBsOcuILn8098SmE8wmuGNzHibvSsSETCqvYRJ35F1JZA
+IkVx/CDT2OWSRNvW40R5NY2sncF/3mAIA69TZtKAhDa0IUZ7a+U6Rff21oPfcYrW
+7eCtNfkSCInkWDh+2WkqY2y3BiLCZKIRhVALziCBkDwhgOYYVanHAvUGNOjL8P35
+vFWOrl3j5NsOJew3hrC714Kj11M9H5Q1uUsw0qPYrOUMTT7yJu7l82axSLL4bhJH
+E4McICE8XaMtCV4o50soAqyCqQV3E/KmHlrzDmOCRsH//C9iaEkB4i2wRLTKUqoh
+aYRduB2spicT0sksqt0Z6xI+4FbI8LI5vfK1lNQm+DdvWmR3YDF6nwp7CLl4geB8
+APLZxmXKeEA44l8DeQMnqlw0wJDgDT8EkfxPtwfY6P8aHDREJRomCJrM0oFVrvef
+rNTEpMpK57ESyXLyiTp2Nsj0FQpz2EPdMkon1MNgdYsMgSTig3lpaS/TSqPjgAid
+EcfRX/0mNVfxOFYOAilBYb4owr96qbqB2JmvcopjkSqZpTsmErztYwnjtkKKnSXO
+ekPfbfqwo/nwrmOw4VrK
+=F9KW
 -----END PGP SIGNATURE-----
diff --git a/sys-cluster/cinder/cinder-2014.2.3-r1.ebuild b/sys-cluster/cinder/cinder-2014.2.3-r1.ebuild
new file mode 100644
index 000000000000..375aed3e35c6
--- /dev/null
+++ b/sys-cluster/cinder/cinder-2014.2.3-r1.ebuild
@@ -0,0 +1,154 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/cinder/cinder-2014.2.3-r1.ebuild,v 1.1 2015/06/17 21:50:18 prometheanfire Exp $
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 eutils linux-info user
+
+DESCRIPTION="Cinder is the OpenStack Block storage service, a spin out of nova-volumes"
+HOMEPAGE="https://launchpad.net/cinder"
+SRC_URI="http://launchpad.net/${PN}/juno/${PV}/+download/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+api +scheduler +volume iscsi lvm mysql postgres sqlite test"
+REQUIRED_USE="|| ( mysql postgres sqlite )"
+
+#sudo is a build dep because I want the sudoers.d directory to exist, lazy.
+DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
+		>=dev-python/pbr-0.8[${PYTHON_USEDEP}]
+		<dev-python/pbr-1.0[${PYTHON_USEDEP}]
+		app-admin/sudo
+		test? (
+			${RDEPEND}
+			>=dev-python/hacking-0.9.2[${PYTHON_USEDEP}]
+			<dev-python/hacking-0.10[${PYTHON_USEDEP}]
+			>=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+			>=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
+			>=dev-python/mock-1.0[${PYTHON_USEDEP}]
+			>=dev-python/mox-0.5.3[${PYTHON_USEDEP}]
+			mysql? ( dev-python/mysql-python[${PYTHON_USEDEP}] )
+			postgres? ( dev-python/psycopg[${PYTHON_USEDEP}] )
+			>=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+			!~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
+			<dev-python/sphinx-1.3[${PYTHON_USEDEP}]
+			>=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
+			>=dev-python/testtools-0.9.34[${PYTHON_USEDEP}]
+			!~dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
+			>=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
+			>=dev-python/oslo-sphinx-2.2.0[${PYTHON_USEDEP}]
+		)"
+
+RDEPEND="
+	>=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}]
+	>=dev-python/Babel-1.3[${PYTHON_USEDEP}]
+	>=dev-python/eventlet-0.15.1[${PYTHON_USEDEP}]
+	<dev-python/eventlet-0.16.0[${PYTHON_USEDEP}]
+	>=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
+	>=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
+	>=dev-python/keystonemiddleware-1.0.0[${PYTHON_USEDEP}]
+	>=dev-python/kombu-2.5.0[${PYTHON_USEDEP}]
+	>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
+	>=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
+	>=dev-python/oslo-config-1.4.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-db-1.0.0[${PYTHON_USEDEP}]
+	<dev-python/oslo-db-1.1.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-messaging-1.4.0[${PYTHON_USEDEP}]
+	!~dev-python/oslo-messaging-1.5.0[${PYTHON_USEDEP}]
+	<dev-python/oslo-messaging-1.6.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-rootwrap-1.3.0[${PYTHON_USEDEP}]
+	>=dev-python/osprofiler-0.3.0[${PYTHON_USEDEP}]
+	>=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}]
+	dev-python/paste[${PYTHON_USEDEP}]
+	>=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}]
+	>=dev-python/python-barbicanclient-2.1.0[${PYTHON_USEDEP}]
+	!~dev-python/python-barbicanclient-3.0.0[${PYTHON_USEDEP}]
+	<dev-python/python-barbicanclient-3.0.2[${PYTHON_USEDEP}]
+	>=dev-python/python-glanceclient-0.14.0[${PYTHON_USEDEP}]
+	>=dev-python/python-novaclient-2.18.0[${PYTHON_USEDEP}]
+	>=dev-python/python-swiftclient-2.2.0[${PYTHON_USEDEP}]
+	>=dev-python/requests-2.1.0[${PYTHON_USEDEP}]
+	!~dev-python/requests-2.4.0[${PYTHON_USEDEP}]
+	>=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
+	!~dev-python/routes-2.0[${PYTHON_USEDEP}]
+	>=dev-python/taskflow-0.4[${PYTHON_USEDEP}]
+	<dev-python/taskflow-0.7.0[${PYTHON_USEDEP}]
+	>=dev-python/rtslib-fb-2.1.39[${PYTHON_USEDEP}]
+	>=dev-python/six-1.7.0[${PYTHON_USEDEP}]
+	sqlite? (
+		>=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}]
+		<=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}]
+	)
+	mysql? (
+		dev-python/mysql-python
+		>=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+		<=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+	)
+	postgres? (
+		dev-python/psycopg:2
+		>=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+		<=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+	)
+	~dev-python/sqlalchemy-migrate-0.9.1[${PYTHON_USEDEP}]
+	>=dev-python/stevedore-1.0.0[${PYTHON_USEDEP}]
+	>=dev-python/suds-0.4[${PYTHON_USEDEP}]
+	>=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
+	>=dev-python/oslo-i18n-1.0.0[${PYTHON_USEDEP}]
+	iscsi? (
+		|| ( >=sys-block/iscsitarget-1.4.20.2_p20130821 sys-block/tgt )
+		sys-block/open-iscsi )
+	lvm? ( sys-fs/lvm2 )
+	sys-fs/sysfsutils"
+
+PATCHES=( "${FILESDIR}"/CVE-2015-1851_2014.2.3.patch )
+
+pkg_setup() {
+	linux-info_pkg_setup
+	CONFIG_CHECK_MODULES="ISCSI_TCP"
+	if linux_config_exists; then
+		for module in ${CONFIG_CHECK_MODULES}; do
+			linux_chkconfig_present ${module} || ewarn "${module} needs to be built as module (builtin doesn't work)"
+		done
+	fi
+	enewgroup cinder
+	enewuser cinder -1 -1 /var/lib/cinder cinder
+}
+
+#python_compile_all() { leave for next attempt
+#	use doc && emake -C doc html
+#}
+
+python_test() {
+	# Let's track progress of this # https://bugs.launchpad.net/swift/+bug/1249727
+	nosetests -I test_wsgi.py cinder/tests/ || die "tests failed under python2.7"
+}
+
+python_install() {
+	distutils-r1_python_install
+	keepdir /etc/cinder
+	dodir /etc/cinder/rootwrap.d
+
+	for svc in api scheduler volume; do
+		newinitd "${FILESDIR}/cinder.initd" cinder-${svc}
+	done
+
+	insinto /etc/cinder
+	newins "${S}/etc/cinder/cinder.conf.sample" "cinder.conf"
+	newins "${S}/etc/cinder/api-paste.ini" "api-paste.ini"
+	newins "${S}/etc/cinder/logging_sample.conf" "logging_sample.conf"
+	newins "${S}/etc/cinder/policy.json" "policy.json"
+	newins "${S}/etc/cinder/rootwrap.conf" "rootwrap.conf"
+	insinto /etc/cinder/rootwrap.d
+	newins "${S}/etc/cinder/rootwrap.d/volume.filters" "volume.filters"
+
+	dodir /var/log/cinder
+	fowners cinder:cinder /var/log/cinder
+
+	#add sudoers definitions for user nova
+	insinto /etc/sudoers.d/
+	insopts -m 0440 -o root -g root
+	newins "${FILESDIR}/cinder.sudoersd" cinder
+}
diff --git a/sys-cluster/cinder/cinder-2015.1.0.ebuild b/sys-cluster/cinder/cinder-2015.1.0-r1.ebuild
index 7a44cec89fe8..b37563471a4b 100644
--- a/sys-cluster/cinder/cinder-2015.1.0.ebuild
+++ b/sys-cluster/cinder/cinder-2015.1.0-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/cinder/cinder-2015.1.0.ebuild,v 1.5 2015/06/17 21:16:47 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/cinder/cinder-2015.1.0-r1.ebuild,v 1.1 2015/06/17 21:50:18 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -130,7 +130,7 @@ RDEPEND="
 	memcached? ( net-misc/memcached )
 	sys-fs/sysfsutils"
 
-PATCHES=( )
+PATCHES=( "${FILESDIR}"/CVE-2015-1851_2015.1.0.patch )
 
 pkg_setup() {
 	linux-info_pkg_setup
diff --git a/sys-cluster/cinder/files/CVE-2015-1851_2014.2.3.patch b/sys-cluster/cinder/files/CVE-2015-1851_2014.2.3.patch
new file mode 100644
index 000000000000..5335e5c02ad5
--- /dev/null
+++ b/sys-cluster/cinder/files/CVE-2015-1851_2014.2.3.patch
@@ -0,0 +1,85 @@
+From d31c937c566005dedf41a60c6b5bd5e7b26f221b Mon Sep 17 00:00:00 2001
+From: Eric Harney <eharney@redhat.com>
+Date: Tue, 31 Mar 2015 19:48:17 -0400
+Subject: [PATCH] Disallow backing files when uploading volumes to image
+
+Volumes with a header referencing a backing file can leak
+file data into the destination image when uploading a
+volume to an image.
+
+Halt the upload process if the volume data references a
+backing file to prevent this.
+
+Closes-Bug: #1415087
+Change-Id: Iab9718794e7f7e8444015712cfa08c46848ebf78
+(cherry picked from commit 9634b76ba5886d6c2f2128d550cb005dabf48213)
+Conflicts:
+    cinder/tests/test_image_utils.py (backport to old tests)
+---
+ cinder/image/image_utils.py      | 14 ++++++++++++++
+ cinder/tests/test_image_utils.py | 13 +++++++++++++
+ 2 files changed, 27 insertions(+)
+
+diff --git a/cinder/image/image_utils.py b/cinder/image/image_utils.py
+index 160dfe7..cac0072 100644
+--- a/cinder/image/image_utils.py
++++ b/cinder/image/image_utils.py
+@@ -312,6 +312,20 @@ def upload_volume(context, image_service, image_meta, volume_path,
+     with fileutils.remove_path_on_error(tmp):
+         LOG.debug("%s was %s, converting to %s" %
+                   (image_id, volume_format, image_meta['disk_format']))
++
++        data = qemu_img_info(volume_path)
++        backing_file = data.backing_file
++        fmt = data.file_format
++        if backing_file is not None:
++            # Disallow backing files as a security measure.
++            # This prevents a user from writing an image header into a raw
++            # volume with a backing file pointing to data they wish to
++            # access.
++            raise exception.ImageUnacceptable(
++                image_id=image_id,
++                reason=_("fmt=%(fmt)s backed by:%(backing_file)s")
++                % {'fmt': fmt, 'backing_file': backing_file})
++
+         convert_image(volume_path, tmp, image_meta['disk_format'],
+                       bps_limit=CONF.volume_copy_bps_limit)
+ 
+diff --git a/cinder/tests/test_image_utils.py b/cinder/tests/test_image_utils.py
+index 86168c0..2cf571a 100644
+--- a/cinder/tests/test_image_utils.py
++++ b/cinder/tests/test_image_utils.py
+@@ -462,6 +462,10 @@ def test_upload_volume(self, mock_stat, bps_limit=0):
+         volume_utils.setup_blkio_cgroup(mox.IgnoreArg(), mox.IgnoreArg(),
+                                         bps_limit).AndReturn(prefix)
+ 
++        utils.execute(
++            'env', 'LC_ALL=C', 'qemu-img', 'info',
++            mox.IgnoreArg(), run_as_root=True).AndReturn(
++                (TEST_RET, 'ignored'))
+         utils.execute(*cmd, run_as_root=True)
+         utils.execute(
+             'env', 'LC_ALL=C', 'qemu-img', 'info',
+@@ -497,6 +501,11 @@ def test_upload_volume_with_bps_limit(self, mock_stat):
+ 
+         volume_utils.setup_blkio_cgroup(mox.IgnoreArg(), mox.IgnoreArg(),
+                                         bps_limit).AndReturn(prefix)
++
++        utils.execute(
++            'env', 'LC_ALL=C', 'qemu-img', 'info',
++            mox.IgnoreArg(), run_as_root=True).AndReturn(
++                (TEST_RET, 'ignored'))
+         utils.execute(*cmd, run_as_root=True)
+         utils.execute(
+             'env', 'LC_ALL=C', 'qemu-img', 'info',
+@@ -534,6 +543,10 @@ def test_upload_volume_on_error(self, mock_stat):
+         m.StubOutWithMock(utils, 'execute')
+         m.StubOutWithMock(volume_utils, 'check_for_odirect_support')
+ 
++        utils.execute(
++            'env', 'LC_ALL=C', 'qemu-img', 'info',
++            mox.IgnoreArg(), run_as_root=True).AndReturn(
++                (TEST_RET, 'ignored'))
+         utils.execute('qemu-img', 'convert', '-O', 'qcow2',
+                       mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True)
+         utils.execute(
diff --git a/sys-cluster/cinder/files/CVE-2015-1851_2015.1.0.patch b/sys-cluster/cinder/files/CVE-2015-1851_2015.1.0.patch
new file mode 100644
index 000000000000..2e1d31970fc1
--- /dev/null
+++ b/sys-cluster/cinder/files/CVE-2015-1851_2015.1.0.patch
@@ -0,0 +1,85 @@
+From 9634b76ba5886d6c2f2128d550cb005dabf48213 Mon Sep 17 00:00:00 2001
+From: Eric Harney <eharney@redhat.com>
+Date: Tue, 31 Mar 2015 19:48:17 -0400
+Subject: [PATCH] Disallow backing files when uploading volumes to image
+
+Volumes with a header referencing a backing file can leak
+file data into the destination image when uploading a
+volume to an image.
+
+Halt the upload process if the volume data references a
+backing file to prevent this.
+
+Closes-Bug: #1415087
+Change-Id: Iab9718794e7f7e8444015712cfa08c46848ebf78
+(cherry picked from commit b1143ee45323e63b965a3710f9063e65b252c978)
+---
+ cinder/image/image_utils.py      | 14 ++++++++++++++
+ cinder/tests/test_image_utils.py |  8 ++++++--
+ 2 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/cinder/image/image_utils.py b/cinder/image/image_utils.py
+index 6e5e2fb..6ae0f81 100644
+--- a/cinder/image/image_utils.py
++++ b/cinder/image/image_utils.py
+@@ -344,6 +344,20 @@ def upload_volume(context, image_service, image_meta, volume_path,
+     with temporary_file() as tmp:
+         LOG.debug("%s was %s, converting to %s",
+                   image_id, volume_format, image_meta['disk_format'])
++
++        data = qemu_img_info(volume_path, run_as_root=run_as_root)
++        backing_file = data.backing_file
++        fmt = data.file_format
++        if backing_file is not None:
++            # Disallow backing files as a security measure.
++            # This prevents a user from writing an image header into a raw
++            # volume with a backing file pointing to data they wish to
++            # access.
++            raise exception.ImageUnacceptable(
++                image_id=image_id,
++                reason=_("fmt=%(fmt)s backed by:%(backing_file)s")
++                % {'fmt': fmt, 'backing_file': backing_file})
++
+         convert_image(volume_path, tmp, image_meta['disk_format'],
+                       run_as_root=run_as_root)
+ 
+diff --git a/cinder/tests/test_image_utils.py b/cinder/tests/test_image_utils.py
+index ab41243..3f8e763 100644
+--- a/cinder/tests/test_image_utils.py
++++ b/cinder/tests/test_image_utils.py
+@@ -381,6 +381,7 @@ def test_diff_format(self, mock_os, mock_temp, mock_convert, mock_info,
+         mock_os.name = 'posix'
+         data = mock_info.return_value
+         data.file_format = mock.sentinel.disk_format
++        data.backing_file = None
+         temp_file = mock_temp.return_value.__enter__.return_value
+ 
+         output = image_utils.upload_volume(ctxt, image_service, image_meta,
+@@ -391,7 +392,8 @@ def test_diff_format(self, mock_os, mock_temp, mock_convert, mock_info,
+                                              temp_file,
+                                              mock.sentinel.disk_format,
+                                              run_as_root=True)
+-        mock_info.assert_called_once_with(temp_file, run_as_root=True)
++        mock_info.assert_called_with(temp_file, run_as_root=True)
++        self.assertEqual(mock_info.call_count, 2)
+         mock_open.assert_called_once_with(temp_file, 'rb')
+         image_service.update.assert_called_once_with(
+             ctxt, image_meta['id'], {},
+@@ -470,6 +472,7 @@ def test_convert_error(self, mock_os, mock_temp, mock_convert, mock_info,
+         mock_os.name = 'posix'
+         data = mock_info.return_value
+         data.file_format = mock.sentinel.other_disk_format
++        data.backing_file = None
+         temp_file = mock_temp.return_value.__enter__.return_value
+ 
+         self.assertRaises(exception.ImageUnacceptable,
+@@ -479,7 +482,8 @@ def test_convert_error(self, mock_os, mock_temp, mock_convert, mock_info,
+                                              temp_file,
+                                              mock.sentinel.disk_format,
+                                              run_as_root=True)
+-        mock_info.assert_called_once_with(temp_file, run_as_root=True)
++        mock_info.assert_called_with(temp_file, run_as_root=True)
++        self.assertEqual(mock_info.call_count, 2)
+         self.assertFalse(image_service.update.called)
+ 
+
author	Matt Thode <prometheanfire@gentoo.org>	2015-06-17 21:50:30 +0000
committer	Matt Thode <prometheanfire@gentoo.org>	2015-06-17 21:50:30 +0000
commit	97487cfb70e64b0a071366466a362f4dbfb184aa (patch)
tree	de1d2bf1d1e66df4089c3da9eef086b5a048a70d /sys-cluster
parent	adding s6 suport for bug 550594 (diff)
download	historical-97487cfb70e64b0a071366466a362f4dbfb184aa.tar.gz historical-97487cfb70e64b0a071366466a362f4dbfb184aa.tar.bz2 historical-97487cfb70e64b0a071366466a362f4dbfb184aa.zip