diff options
| author |   Matt Thode <prometheanfire@gentoo.org> | 2014-06-16 03:35:59 +0000 |
|---|---|---|
| committer | Matt Thode <prometheanfire@gentoo.org> | 2014-06-16 03:35:59 +0000 |
| commit | 386543c65273011709823213499a0e9370503705 (patch) | |
| tree | bc081992d85635321d35e03c96c463b652a44c1f /sys-cluster | |
| parent | 2014.1.1 bup (diff) | |
| download | historical-386543c65273011709823213499a0e9370503705.tar.gz historical-386543c65273011709823213499a0e9370503705.tar.bz2 historical-386543c65273011709823213499a0e9370503705.zip | |
2014.1.1 bup
Package-Manager: portage-2.2.8-r1/cvs/Linux x86_64
Manifest-Sign-Key: 0x2471EB3E40AC5AC3
Diffstat (limited to 'sys-cluster')
| -rw-r--r-- | sys-cluster/neutron/ChangeLog | 9 | ||||
| -rw-r--r-- | sys-cluster/neutron/Manifest | 33 | ||||
| -rw-r--r-- | sys-cluster/neutron/files/2014.1-CVE-2014-0187.patch | 255 | ||||
| -rw-r--r-- | sys-cluster/neutron/neutron-2014.1.1.ebuild (renamed from sys-cluster/neutron/neutron-2014.1-r2.ebuild) | 3 | ||||
| -rw-r--r-- | sys-cluster/nova/ChangeLog | 9 | ||||
| -rw-r--r-- | sys-cluster/nova/Manifest | 34 | ||||
| -rw-r--r-- | sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch | 103 | ||||
| -rw-r--r-- | sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch | 182 | ||||
| -rw-r--r-- | sys-cluster/nova/nova-2014.1.1.ebuild (renamed from sys-cluster/nova/nova-2014.1-r2.ebuild) | 4 |
9 files changed, 50 insertions, 582 deletions
diff --git a/sys-cluster/neutron/ChangeLog b/sys-cluster/neutron/ChangeLog index 573c6597ab7f..70cbd91277a2 100644 --- a/sys-cluster/neutron/ChangeLog +++ b/sys-cluster/neutron/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-cluster/neutron # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/ChangeLog,v 1.32 2014/06/15 04:27:28 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/ChangeLog,v 1.33 2014/06/16 03:30:46 prometheanfire Exp $ + +*neutron-2014.1.1 (16 Jun 2014) + + 16 Jun 2014; Matthew Thode <prometheanfire@gentoo.org> + +neutron-2014.1.1.ebuild, -files/2014.1-CVE-2014-0187.patch, + -neutron-2014.1-r2.ebuild: + 2014.1.1 bup 15 Jun 2014; Matthew Thode <prometheanfire@gentoo.org> -files/2013.2.2-CVE-2014-0056.patch, -files/2013.2.3-CVE-2014-0187.patch, diff --git a/sys-cluster/neutron/Manifest b/sys-cluster/neutron/Manifest index 709d50953344..fdf3bfad3640 100644 --- a/sys-cluster/neutron/Manifest +++ b/sys-cluster/neutron/Manifest @@ -1,7 +1,6 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 -AUX 2014.1-CVE-2014-0187.patch 10926 SHA256 16001df86c4de12352ff3d0e45e7d978622c35f48c1682c1efd69982dc592765 SHA512 d17d18928452c98a3e8fe553c127f449024bfe0ffcd3b8674983bd82b4c9cb54025347f196d6467ba104c5120ca807dfc70f30973a18b27d4bc6bf1fdcc4fc9e WHIRLPOOL ff6c34b68bf6bf0e900cd37efa64813be924b34854bf5bac2d76cb1a92ab3f4bf1201e787cde740b88db630f0c29ddcfea98051baef5d1022cbdbba5dd5710c4 AUX neutron-confd 75 SHA256 2e03d5dee96eb235d3d2742fb59b52376914dae1d8683144396d796dd35ea9f5 SHA512 fefe7dd1924fabed3cdddae2a407b254c62f39c49abeae238486896e9d26863caebfdfea6d52c5eef34d25452b163c373105929bd069b969c2af0f7d62d6c0e6 WHIRLPOOL 1ac7ed6b2287e66bc51be8b521e355a48e888e1e57371362bfd41fb831d63cc90aab542c1668b4acc1c087cb6bacd418a480e2732a7611b8df290bf63444c902 AUX neutron-confd-2 75 SHA256 0fce0e6f6cec493b9b0bcb96fa3211ba47a6420b9ea675ef65979fd9505121c7 SHA512 e64116f6cab81a2ee56d797f8144dbc8b214fb627bc8d6c3045488b1fec694cee8e8f3f3fbd327fb28f704cdfae40ea468d8a212c819abd45e809a1fa56b9670 WHIRLPOOL fb027c386c99448c29b265adc234abbc4d23a8be015690fd024b1f39ccc18dd64a1ab57c6cc26a054d576a0bbbed797058b19db90abf0318ae79dddc4efd2056 AUX neutron-dhcp-agent.confd 75 SHA256 e36fe3d370ad2b4c82ccf1f4caac60882334d93e3abd7e0e6e268d23cb069d71 SHA512 94cf300c9a9d0275e4fcab4ffdb7e29ca26b73c120d6ff683b48ea0e9c21e46123289522aedd295e4d5d28307133b50084541a90a48db456802d675eed6c2d3e WHIRLPOOL 9e77fe1ef65fa8ef46f8272ddea7213a46e71c6f2884eab20f09eaddc977f5cc202c8529c1a75347132c667e4e2d39d5bdd3ab2c94812c4b1f95f398af75c38c @@ -18,26 +17,26 @@ AUX neutron.initd 792 SHA256 2170e60f05a3f41b47b80def27195fc3b67517adcdf8c6d5376 AUX neutron.sudoersd 117 SHA256 b40ea04a95deedbb66fe504df61b55905cbd746e5ba26321c01cd25b5cc9dcbe SHA512 143f8a1faa7650bc66b2566d0bd62f71eb743231b9efc4c7df265e53d664418b23182e3f271b86845ed76c537b7f60157e87af59413cf659379f367924d14366 WHIRLPOOL bb0e35d7b7471fab424f86f181601bc87d4bba98f4fbc282cc6302a05128992613097afe1fea159e9c718cd688a03c280b53d72bfe47fc91bd24967a4b4618da AUX nicira.patch 5757 SHA256 62484fa9d817feee1edc0a51ea1eeca068406f8f76e34c845b85ea51664e20d6 SHA512 f160a36f78d9a1186e19cdfb4f97b17e39e1a6f3e20bcaf84e76e71c632b0a6e8af89645d507f2c6f60a9f7d09a741302d476731c2fc798dfa999aaf38f1e273 WHIRLPOOL b7b5e0618caa8c6acc65f46c315d81b427810f3d6b1e89b48fc79567717c90a2e81e091d532ea192ac68ad432374fb9debe79d7b2c0a5a82d7d8cec8ca64f50e AUX sphinx_mapping.patch 835 SHA256 f4745338474c9191ba386f81705cc8c9a6effb09116c65664654eb733d081252 SHA512 988236676ef0550ca96cc05e606d43280969e89b31971244ece89d63cdcbcbcfd3ac595adca03a6308996ef58ebc4f75b0dfd65a938ad7c3fb67fb785e09f8c9 WHIRLPOOL 6154ee51ecd63040d9a6c2058f369a7243c719cbda3f73484d55ea9425a5c9982d3921d91d152aa27c61c5635d74f2afa57ff1b5aaa10b1be1e7c1475ff74e5f -DIST neutron-2014.1.tar.gz 6386204 SHA256 455c0e7c8d59a6c41f0596977441d970669859272e2303ba9852290f60a3d0a6 SHA512 a00c5896a459efcc83cd48812fe378e40aaaac0756f7a51c489b14ddebb1cbecc444370fd3904b4adedde5c8fe2409beb4f4d9676a57c7d6729275328cb5c123 WHIRLPOOL 847043a76c5b6038fb2f61e495af820f3671eff26089be33153c806709212196420acce0da4b8c394d10e9ff7239dbefe8e0b061bf4b4320354cb3e7cf318b68 -EBUILD neutron-2014.1-r2.ebuild 6478 SHA256 28a59b4756f196cccd0399a4ff0c902c38655c5ee852d03bf9ea186ff5e1c550 SHA512 1f850f17d1a234b9f8ac8f5bb5ca225c809611c4a7dca668b2870ebb058cf4e88fe4e35d086ce3eadb540d80ca7f105817399ec1ee1c62a27785d0128e3153d2 WHIRLPOOL 9a2e52d50d88af5ae0dd7c575f27ea5d9700bde70f6707f4a225ea0f39f3d8f2552686456621d29906899efa69aa30cc91df6d5e1df69370649dd57366a2ef83 +DIST neutron-2014.1.1.tar.gz 6404237 SHA256 4723713b124ec7be0ae5f280d30a53b00ab5bec8a27be6165bdc630b8f22c1b5 SHA512 8a586741c035700ed8f33089830278e9eee9745a8fa58ef4ec71638ffecbd7c8689387f1597d948ca18a7f7edbad1ff67aab6d5304b61069556d5418e55738c5 WHIRLPOOL 6b7d139f1265a719edf05dbe2648fb7a056f708984da3e2b7b89f17746694137b5201bc69587e0af1a9729710205538c5841c860180ea9d7e7f5f0a17ece43dc +EBUILD neutron-2014.1.1.ebuild 6435 SHA256 1f780a8850172ae5ee5049a1dcdfc681b4d41457259e04c967ee80006b461e97 SHA512 59944fc500d85a7c93e05547513f2dc49aa23a0466ede16b1057c6a6486ef9fc1b388ffaf38b73d529a102f932493ef26471d5f2e98f51369893ad745b333ac8 WHIRLPOOL 638d82b88a8cd3b7db9303a6293695335acbd368fa4151a4a78cf5bfa293e028e12217d7a6275b3afc752f83f9c7833b34af36b270b7ab25fda6792898ed0709 EBUILD neutron-2014.1.9999.ebuild 5617 SHA256 551cf0325acae198f8f42eb72e8407a010c802918b64a237e3b736cc4aada45b SHA512 5341b3a021e9cb0f538764a6912b9db84862aad5759512cf89f62223e445e102aa35e418f6c6e55faf71dc8c1e9fefe1f9dcc12d13081c1a8b9cb8b2c5a3a3f1 WHIRLPOOL f32cc118fc3346226ae3586b349c42bab8d9915ba8b88f7deeb34df738d31ed50bc46ef8f7f86794d31100509610fa9dc08869258f0ddd77ec36b489efff5b92 EBUILD neutron-9999.ebuild 4409 SHA256 7e81a4614bc6813ac6c71f330f02afdd4986de592bed8deb9ff662823f349b97 SHA512 cdca470997f7b31d5f99a682ae21f22870678437a1bd8128e3e7140589b3b6041f133108fdb3f390f8da768f4e131f327000ee3f3c7adb1bcc7332e038adde9d WHIRLPOOL 2288062acc8e99c6707917fc2ff80bf54ebf736cac1b3158b42148c6575e3f23c01257383ac030d75af9d0dcb422486bccc8f0d564c6eb805ff5c245d3cbcd4a -MISC ChangeLog 11352 SHA256 b9adf606219210fa585b0b784dd796644269b30c41810735c01200dcefc1ea5f SHA512 9171bd8e9acf7b5a751edad79e6924fc2ff7ed37c48716bc4999580eac4d5740a3e68e7239a858b791363f0defe71f058d2f161801bb4f97ee018926ac4550f6 WHIRLPOOL 62951b9a655ebd72707c9db7982dd50b2ade478d026c7f0659e828e9d92768743aaed9bb874c29f02154f85dd861ca1bc8913df49c87f3bd0b13b35243d4b3d3 +MISC ChangeLog 11550 SHA256 7340bafbf7629f5170c93877d1f102c97ec1696fa93795c2913995be62aa3aa7 SHA512 1c255a41f32a5c962f2a73849550fcd400bfde90ef7d0e96207297b5cf98c3e06cf4d851ea97d5027b7b8db1373daab5ee9bcfb45bcbdb544d49417fa08ccee6 WHIRLPOOL 3d92847a393b7a15dea0fae9cc3116182860ba203fc673ee2a09d8d9e5f58da22104851dceeccac348e65e3c468d4b6f0468a9eea2c015de4c6929ce84d64c4b MISC metadata.xml 1296 SHA256 7d6de6c9dc0602e7ea1147c40e8798aa61e01a891eade2b291628850d52889ab SHA512 e49d4872a6fefdb93f20665cf1a176744a1eaa3c068617dbb41e2591d084776d55334997c8046d725e84f5a7280481392f3fccf42f6cb02bbf1751d43076c49d WHIRLPOOL 0b3e08407b951bffdaa54e646d35c000e5b1df43381132386b77056e26773d6344ec7ace4b7a87ae14f29090fcdd490f05730ece3597b8e7a2d4389dfe816312 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iQIcBAEBCAAGBQJTnSDEAAoJECRx6z5ArFrDFgEQAJhJUHRhC/AcYC7HY76mUhnI -SgdLpFl9VrWJt1qLA3p0J2GUvC78nKNVKr05iSPzg1ssnPTHkTk4g4URSuwLDitT -CUdd+9pYJtzZT5vbEE5kQaJFbr9CORLQGebd8mrN1mm6biN8j9FUGz2n8xEodfvp -ipSnfE1haTd+6ibnupLZvpdavmKLjIW6pGli/c44XsLzUf1eNXDrt4IKByw/js6m -p+qjRkuLX3vTi+VjAdmoy/T9P77eA4yyXY+fAFq8Bzoj8vYPjiOlzj43wEeDs6G1 -J08Lfu10XCkvYz6jzi17LOrnh1AbRD1Bgtx0qkMfH6Qli6w1JHq4Nz713IGks9sN -zotQvwJJO2b2OYQelLWrpmke2I2BtD/yhF1nymazGiI2ZQG7VhXjbrBle6jWjzmU -IbZPggtYM9fwVv7+MMVaisrJi3dQ4pAZEja4vKLOYGmgGekV9Tz0z7EXkrBm6e6G -Nwi2cBTYgqYnfiDACtRxB+H9Yb5B9pewhxvQx31ZbcH3KowNNfzm7ssUr0Y3cOnj -KZX+3iOSFKeFG3piVY/LmJ1yICJ8OYGzPHKldFkj0hKpRtsPD38/alnbvKx1mDy/ -YfnVWup9xxIB8wKlh5N+QUTw+0KjheWIrzirZjuPj46qncdVQhVRJHMyTq1jx8cc -yqF7vljSESpU2WzI0Aog -=RnLk +iQIcBAEBCAAGBQJTnmTuAAoJECRx6z5ArFrDKeUQAM4hMONtAA5o7FrBXR+iwUwQ +KyyE3MhID341BVEILzEQh6/yTAw5H0Rhm5pCCV3iYEBfyc5IJoTU2NwQGnwnm4xM +dXoWJy88czXn3dh/t/xW8Xzx31ZaRMnK1Bij1obN7mzX0t5LADZKOO7wfPQSix0x +MJkquzEgwaFrhjQzYIKbECoHPSjG/PxXoWQCKQUyIz26SPldUpEVH+p1nibxuA1+ +3LbNe3VDPnnt2eK2j6RBr9A9OQ61sEkJBGr5ugH//GZEFOkF++Yj0fpqloarfv8u +E97exKNOLAtcBWLwSRfmBfMKQ+rQj0oy8HzN3qpzWLhWBfD1/eSug9iSVcVUUT3+ +rJuUnrpCFBonLNybrwMj1fQ23lodEeyks9W/eesXUraMuJLAfOutaY6hgHEiGwUC +BfFSfEA9UvnEeKOrTOmM45/rV0uc6WX43OaZOrvhGSYhZbCvnlSLZBS7appmRqe0 +q1xvH8qs8nZlVzZIhzZXnOsvqUu9P5mDUfPwxWA9YktkHwKbBy/7wF3Jt49MWwXo +PAYV2QAX33nBa7Mj0lhfkAOnSLX66lyyH3uNyQTUdY2r0yHA0wZPd2kUPj+0OJFk +siCB3RovDtpNwLO3+Rmfn2sjIgEeWq4QKJyQV88Ra6qxYNnAzOvMqdCM4LJkyXCp +tnk8lDGxYMAB0Gwz/G5d +=G8qd -----END PGP SIGNATURE----- diff --git a/sys-cluster/neutron/files/2014.1-CVE-2014-0187.patch b/sys-cluster/neutron/files/2014.1-CVE-2014-0187.patch deleted file mode 100644 index 8a723aebc645..000000000000 --- a/sys-cluster/neutron/files/2014.1-CVE-2014-0187.patch +++ /dev/null @@ -1,255 +0,0 @@ -From 68a24e5f908412b83ca7c3f2d2d2014678e79570 Mon Sep 17 00:00:00 2001 -From: marios <marios@redhat.com> -Date: Fri, 29 Nov 2013 18:23:54 +0200 -Subject: [PATCH] Validate CIDR given as ip-prefix in - security-group-rule-create - -There was no validation for the provided ip prefix. This just adds -a simple parse using netaddr and explodes with appropriate message. -Also makes sure ip prefix _is_ cidr (192.168.1.1-->192.168.1.1/32). - -Validation occurs at the attribute level (API model) as well as at -the db level, where the ethertype is validated against the ip_prefix -address type. - -Unit test cases added - bad prefix, unmasked prefix and incorrect -ethertype. Also adds attribute test cases for the added -convert_ip_prefix_to_cidr method - -Closes-Bug: 1255338 - -Conflicts: - neutron/tests/unit/test_security_groups_rpc.py - -Change-Id: I71fb8c887963a122a5bd8cfdda800026c1cd3954 -(cherry picked from commit 65aa92b0348b7ab8413f359b00825610cdf66607) ---- - neutron/common/exceptions.py | 4 + - neutron/db/securitygroups_db.py | 20 +++++ - neutron/extensions/securitygroup.py | 18 ++++- - .../tests/unit/test_extension_security_group.py | 86 ++++++++++++++++++++++ - 4 files changed, 127 insertions(+), 1 deletion(-) - -diff --git a/neutron/common/exceptions.py b/neutron/common/exceptions.py -index bfd267e..e81b4af 100644 ---- a/neutron/common/exceptions.py -+++ b/neutron/common/exceptions.py -@@ -319,3 +319,7 @@ class DuplicatedExtension(NeutronException): - class DeviceIDNotOwnedByTenant(Conflict): - message = _("The following device_id %(device_id)s is not owned by your " - "tenant or matches another tenants router.") -+ -+ -+class InvalidCIDR(BadRequest): -+ message = _("Invalid CIDR %(input)s given as IP prefix") -diff --git a/neutron/db/securitygroups_db.py b/neutron/db/securitygroups_db.py -index 882a43d..de464d6 100644 ---- a/neutron/db/securitygroups_db.py -+++ b/neutron/db/securitygroups_db.py -@@ -12,6 +12,7 @@ - # License for the specific language governing permissions and limitations - # under the License. - -+import netaddr - import sqlalchemy as sa - from sqlalchemy import orm - from sqlalchemy.orm import exc -@@ -327,6 +328,7 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): - new_rules.add(rule['security_group_id']) - - self._validate_port_range(rule) -+ self._validate_ip_prefix(rule) - - if rule['remote_ip_prefix'] and rule['remote_group_id']: - raise ext_sg.SecurityGroupRemoteGroupAndRemoteIpPrefix() -@@ -407,6 +409,24 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase): - if (i['security_group_rule'] == db_rule): - raise ext_sg.SecurityGroupRuleExists(id=id) - -+ def _validate_ip_prefix(self, rule): -+ """Check that a valid cidr was specified as remote_ip_prefix -+ -+ No need to check that it is in fact an IP address as this is already -+ validated by attribute validators. -+ Check that rule ethertype is consistent with remote_ip_prefix ip type. -+ Add mask to ip_prefix if absent (192.168.1.10 -> 192.168.1.10/32). -+ """ -+ input_prefix = rule['remote_ip_prefix'] -+ if input_prefix: -+ addr = netaddr.IPNetwork(input_prefix) -+ # set input_prefix to always include the netmask: -+ rule['remote_ip_prefix'] = str(addr) -+ # check consistency of ethertype with addr version -+ if rule['ethertype'] != "IPv%d" % (addr.version): -+ raise ext_sg.SecurityGroupRuleParameterConflict( -+ ethertype=rule['ethertype'], cidr=input_prefix) -+ - def get_security_group_rules(self, context, filters=None, fields=None, - sorts=None, limit=None, marker=None, - page_reverse=False): -diff --git a/neutron/extensions/securitygroup.py b/neutron/extensions/securitygroup.py -index ad2960f..637dbe3 100644 ---- a/neutron/extensions/securitygroup.py -+++ b/neutron/extensions/securitygroup.py -@@ -17,6 +17,7 @@ - - from abc import ABCMeta - from abc import abstractmethod -+import netaddr - - from oslo.config import cfg - import six -@@ -103,6 +104,10 @@ class SecurityGroupRuleExists(qexception.InUse): - message = _("Security group rule already exists. Group id is %(id)s.") - - -+class SecurityGroupRuleParameterConflict(qexception.InvalidInput): -+ message = _("Conflicting value ethertype %(ethertype)s for CIDR %(cidr)s") -+ -+ - def convert_protocol(value): - if value is None: - return -@@ -153,6 +158,16 @@ def convert_to_uuid_list_or_none(value_list): - return value_list - - -+def convert_ip_prefix_to_cidr(ip_prefix): -+ if not ip_prefix: -+ return -+ try: -+ cidr = netaddr.IPNetwork(ip_prefix) -+ return str(cidr) -+ except (TypeError, netaddr.AddrFormatError): -+ raise qexception.InvalidCIDR(input=ip_prefix) -+ -+ - def _validate_name_not_default(data, valid_values=None): - if data == "default": - raise SecurityGroupDefaultAlreadyExists() -@@ -208,7 +223,8 @@ RESOURCE_ATTRIBUTE_MAP = { - 'convert_to': convert_ethertype_to_case_insensitive, - 'validate': {'type:values': sg_supported_ethertypes}}, - 'remote_ip_prefix': {'allow_post': True, 'allow_put': False, -- 'default': None, 'is_visible': True}, -+ 'default': None, 'is_visible': True, -+ 'convert_to': convert_ip_prefix_to_cidr}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'required_by_policy': True, - 'is_visible': True}, -diff --git a/neutron/tests/unit/test_extension_security_group.py b/neutron/tests/unit/test_extension_security_group.py -index 1881d8c..6de9e2a 100644 ---- a/neutron/tests/unit/test_extension_security_group.py -+++ b/neutron/tests/unit/test_extension_security_group.py -@@ -21,10 +21,12 @@ import webob.exc - - from neutron.api.v2 import attributes as attr - from neutron.common import constants as const -+from neutron.common import exceptions as n_exc - from neutron import context - from neutron.db import db_base_plugin_v2 - from neutron.db import securitygroups_db - from neutron.extensions import securitygroup as ext_sg -+from neutron.tests import base - from neutron.tests.unit import test_db_plugin - - DB_PLUGIN_KLASS = ('neutron.tests.unit.test_extension_security_group.' -@@ -404,6 +406,70 @@ class TestSecurityGroups(SecurityGroupDBTestCase): - self.deserialize(self.fmt, res) - self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) - -+ def test_create_security_group_rule_invalid_ip_prefix(self): -+ name = 'webservers' -+ description = 'my webservers' -+ for bad_prefix in ['bad_ip', 256, "2001:db8:a::123/129", '172.30./24']: -+ with self.security_group(name, description) as sg: -+ sg_id = sg['security_group']['id'] -+ remote_ip_prefix = bad_prefix -+ rule = self._build_security_group_rule( -+ sg_id, -+ 'ingress', -+ const.PROTO_NAME_TCP, -+ '22', '22', -+ remote_ip_prefix) -+ res = self._create_security_group_rule(self.fmt, rule) -+ self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) -+ -+ def test_create_security_group_rule_invalid_ethertype_for_prefix(self): -+ name = 'webservers' -+ description = 'my webservers' -+ test_addr = {'192.168.1.1/24': 'ipv4', '192.168.1.1/24': 'IPv6', -+ '2001:db8:1234::/48': 'ipv6', -+ '2001:db8:1234::/48': 'IPv4'} -+ for prefix, ether in test_addr.iteritems(): -+ with self.security_group(name, description) as sg: -+ sg_id = sg['security_group']['id'] -+ ethertype = ether -+ remote_ip_prefix = prefix -+ rule = self._build_security_group_rule( -+ sg_id, -+ 'ingress', -+ const.PROTO_NAME_TCP, -+ '22', '22', -+ remote_ip_prefix, -+ None, -+ None, -+ ethertype) -+ res = self._create_security_group_rule(self.fmt, rule) -+ self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) -+ -+ def test_create_security_group_rule_with_unmasked_prefix(self): -+ name = 'webservers' -+ description = 'my webservers' -+ addr = {'10.1.2.3': {'mask': '32', 'ethertype': 'IPv4'}, -+ 'fe80::2677:3ff:fe7d:4c': {'mask': '128', 'ethertype': 'IPv6'}} -+ for ip in addr: -+ with self.security_group(name, description) as sg: -+ sg_id = sg['security_group']['id'] -+ ethertype = addr[ip]['ethertype'] -+ remote_ip_prefix = ip -+ rule = self._build_security_group_rule( -+ sg_id, -+ 'ingress', -+ const.PROTO_NAME_TCP, -+ '22', '22', -+ remote_ip_prefix, -+ None, -+ None, -+ ethertype) -+ res = self._create_security_group_rule(self.fmt, rule) -+ self.assertEqual(res.status_int, 201) -+ res_sg = self.deserialize(self.fmt, res) -+ prefix = res_sg['security_group_rule']['remote_ip_prefix'] -+ self.assertEqual(prefix, '%s/%s' % (ip, addr[ip]['mask'])) -+ - def test_create_security_group_rule_tcp_protocol_as_number(self): - name = 'webservers' - description = 'my webservers' -@@ -1335,5 +1401,25 @@ class TestSecurityGroups(SecurityGroupDBTestCase): - self.assertEqual(res.status_int, webob.exc.HTTPBadRequest.code) - - -+class TestConvertIPPrefixToCIDR(base.BaseTestCase): -+ -+ def test_convert_bad_ip_prefix_to_cidr(self): -+ for val in ['bad_ip', 256, "2001:db8:a::123/129"]: -+ self.assertRaises(n_exc.InvalidCIDR, -+ ext_sg.convert_ip_prefix_to_cidr, val) -+ self.assertIsNone(ext_sg.convert_ip_prefix_to_cidr(None)) -+ -+ def test_convert_ip_prefix_no_netmask_to_cidr(self): -+ addr = {'10.1.2.3': '32', 'fe80::2677:3ff:fe7d:4c': '128'} -+ for k, v in addr.iteritems(): -+ self.assertEqual(ext_sg.convert_ip_prefix_to_cidr(k), -+ '%s/%s' % (k, v)) -+ -+ def test_convert_ip_prefix_with_netmask_to_cidr(self): -+ addresses = ['10.1.0.0/16', '10.1.2.3/32', '2001:db8:1234::/48'] -+ for addr in addresses: -+ self.assertEqual(ext_sg.convert_ip_prefix_to_cidr(addr), addr) -+ -+ - class TestSecurityGroupsXML(TestSecurityGroups): - fmt = 'xml' --- -1.8.5.5
\ No newline at end of file diff --git a/sys-cluster/neutron/neutron-2014.1-r2.ebuild b/sys-cluster/neutron/neutron-2014.1.1.ebuild index 6173f1663058..650638a27a8f 100644 --- a/sys-cluster/neutron/neutron-2014.1-r2.ebuild +++ b/sys-cluster/neutron/neutron-2014.1.1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/neutron-2014.1-r2.ebuild,v 1.1 2014/05/14 06:01:28 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/neutron-2014.1.1.ebuild,v 1.1 2014/06/16 03:30:46 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -74,7 +74,6 @@ RDEPEND="dev-python/paste[${PYTHON_USEDEP}] PATCHES=( "${FILESDIR}/sphinx_mapping.patch" - "${FILESDIR}/2014.1-CVE-2014-0187.patch" ) pkg_setup() { diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog index 34298843f9ca..50f84883f4fa 100644 --- a/sys-cluster/nova/ChangeLog +++ b/sys-cluster/nova/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-cluster/nova # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.66 2014/06/15 04:31:28 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.67 2014/06/16 03:35:39 prometheanfire Exp $ + +*nova-2014.1.1 (16 Jun 2014) + + 16 Jun 2014; Matthew Thode <prometheanfire@gentoo.org> +nova-2014.1.1.ebuild, + -files/2014.1-CVE-2014-2573-1.patch, -files/2014.1-CVE-2014-2573-2.patch, + -nova-2014.1-r2.ebuild: + 2014.1.1 bup 15 Jun 2014; Matthew Thode <prometheanfire@gentoo.org> -files/CVE-2014-0167-2013.2.3.patch, -nova-2013.2.3-r1.ebuild, diff --git a/sys-cluster/nova/Manifest b/sys-cluster/nova/Manifest index 5a36292006c1..7e7daea9d173 100644 --- a/sys-cluster/nova/Manifest +++ b/sys-cluster/nova/Manifest @@ -1,33 +1,31 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 -AUX 2014.1-CVE-2014-2573-1.patch 4668 SHA256 7e6c29d435595182b080228208c0d0a574fcf05d9935efec355e55c50ea84010 SHA512 86c7b98fd07cf36e201d9ed0e19df856a83093f80a8b3dd9d17b87d357913c9271c8d8afdd3d608a5576173b2e3e5f1f0893ec0fd3dfdb095d506187ae2284af WHIRLPOOL 007dccb766f223c3cbf2fd31c7ca2c3809c9d2549147178c1f3a67e8617e2fcaf942842c39b980038030d954163cee0e89b96b1e65e82d32d5cd22ce2bdbb5ec -AUX 2014.1-CVE-2014-2573-2.patch 8266 SHA256 9591831ffe6aac669d946ca7e414af4e468aadc948165c3d766a82db910d9766 SHA512 7eac6631468d46d6ff36d3701fe1eab66620b916ca6be3a16cab63f2e63325c3d1920979a6a3dbc95e9f6e88a5c026752bb30b5c6ec6d5282d33ed0b6e634b0c WHIRLPOOL e1e9cec4022d42337f7da11b475ade10a19883fbba2c997e4644c7e2e0c839c80a5e6684b04053a18ef738e574330f3bd48421700c11c6badb52cacf1b2a80eb AUX nova-confd 101 SHA256 d9013141618d1e8b8ba85297155747d9c8fc362238de7bba3108b9a2539c8c73 SHA512 4c7ec1d123f2cdaf394d1f4824df861bbe309b0b329db44080160d81746cd0fc9d4cc1b35da0f66ab075f1d4e835ababfb7bccaf4a2e931e60f2c0ac572a552e WHIRLPOOL 6a237357a3905d29a96b32c37f6d189e4f5cefc0986bb091e24a79295191332143741c604c2a9fd44484c75b3be89742a5570862cf0cd4ba225425f7f32b5348 AUX nova-initd 1496 SHA256 5b5f928335ac345103492555c3bc57407f547915b099762d0087aef172e5edf8 SHA512 cca06baba484d505f3a96643d836204a08e9dde50197531cdab2d95188b992a95a375a386b9c54fcc8e0a4f6167babba975db7510db1087f044afa39effe4eec WHIRLPOOL 4c667a5cc469826063a65879c1beddc98371edf295a273c9b8f679627cabfe2260d8b3bbdf9550d3894fc1525d63b9f98d6e939406f90ac5f2f745daa59311c2 AUX nova-sudoers 78 SHA256 9e88c2843fb74cc46802c0b103067ad12915ec50335d05e546a5dba76acb4a76 SHA512 22c0606c6335b2d1a03bd18a319a54f16f76f091b2e8416dbba05ce7c15890beff7f32f0322eb5ba3f2a5c750436cacbe0cee189b390b878e3f0c0df219ef984 WHIRLPOOL bc42ae1d12e9f900b263fd5c3d0f59062f46fbec1ff97c0bceb234082bea5943eb64795b4f5e102b8e2749c6868163e5924467088cad42df09345e3406e5f83c AUX nova.initd 627 SHA256 74417e422e6c503ae338bb981934b54a5da57e783bdfed778de6ce9fec3617b8 SHA512 163d5d94f6ce7c67413b9e90161590651329c96e1c8df480d1c983294f43bd596ef75ebe818cd1a8f1557babfd6bbd02a7deaf597d936acfe882dc3c9c5a1f42 WHIRLPOOL b51a0316513d06083f2cfa572427926c14663ab984bcd26a9521bf88699bfefd745e7ff91e9330bae86bd769d809837e010caa948cd133fbd010e820b7ab8448 AUX nova.sudoersd 78 SHA256 9e88c2843fb74cc46802c0b103067ad12915ec50335d05e546a5dba76acb4a76 SHA512 22c0606c6335b2d1a03bd18a319a54f16f76f091b2e8416dbba05ce7c15890beff7f32f0322eb5ba3f2a5c750436cacbe0cee189b390b878e3f0c0df219ef984 WHIRLPOOL bc42ae1d12e9f900b263fd5c3d0f59062f46fbec1ff97c0bceb234082bea5943eb64795b4f5e102b8e2749c6868163e5924467088cad42df09345e3406e5f83c -DIST nova-2014.1.tar.gz 7951303 SHA256 c8fc0e03a826b2b659c77e24737b267588f2c71e3bea9527c71e55a2c76a54d9 SHA512 0893d1ebbf91798cc737e8df97dd2d44fffe4a6163c99f5e63d0f3f6a9ba1c3d1c9ef38e217b74e8da62dd8d5cd91f3be32da2ec062c642d192e32fd96cdf650 WHIRLPOOL c5fcc88912e5eb21aaa9908759324dd37c3670e37edca8562ba1301431fdf8cc40699152fe3ee3a48a495922f4b11846a804ee990d13d3d037726aa520cc0af0 -EBUILD nova-2014.1-r2.ebuild 4922 SHA256 b78cdb1ad3b1f552cf790ef0a3432098fbd181484d4320bb2bb422af9cea7575 SHA512 a9999002f16777c14d3c7c7cdc0d18276547537ba894b7f1b4b2e9de08f25e08166b6ef9c044798b1be334a4d19dbdf08536f016fb10527f738904b1ede696a7 WHIRLPOOL 27243120224dcd2c9ab230409db46dac334cf7d2bc4f90c757cf14a73509b363c0c2d9776f8d54dc1fce6c8ce9b890935b2b53191d05a2ff380e050d97ba253a +DIST nova-2014.1.1.tar.gz 7979809 SHA256 3cb3b48c72c39e7637d6016039d353ad33de69bcd6ed04dbfdb0db9313eb9a5b SHA512 6f7b449e09e796c483d93399af24c2cd77042776e1c4d36c3bcd34814b42a252151542b684785ba6c1b28bc0b302cc15f5057da7f90884c73ff6b11ec748323e WHIRLPOOL 0d959b4655d6010825b0ef73b6ce983cd6a0679f5aa5d41ebfbddce26e74d402d9d571c65d26f71e60bb627fc9d4d924d1e4622c1d96d73e3b484f1c68502df7 +EBUILD nova-2014.1.1.ebuild 4833 SHA256 c4d0fd7c0b3b449177b2a3420a75365416eb0dbf724c5c8983dfa438a0f7cbb6 SHA512 2e81153af5bb239c9f4dc9928400c859a3fe00a478490d6596c298b0494a12a9d8d3b9932be1e7cffbd3f4d550b9da2764064a5b220e7da1ed3c4ca67046394e WHIRLPOOL 85c55389ac0e0b68493cc848e99065823f774aa9624fa410555f1195532f297f1b97d43e6f534a064ddf0e6f08f7e844cd0e2c8ae9dff9476882641c32201bee EBUILD nova-2014.1.9999.ebuild 4834 SHA256 933e3316d7ee8b1ba7383e79c22a5cb0c21a2706f872afd8ef43edfdbe7ef1d6 SHA512 513c5a2b7d27899195d96c591f1395ff9b1ae1ecb98c55a148d4a096d705a14c0bdb93d5d8ee2963b30e711e9f3abc510bac20ef324fb79c7f1b27c3d1818652 WHIRLPOOL 884c4336348713698dd7da564ff3c05c3915c1bd5b057887614e6e274bf2b39f62a51218ba045b1ee836f742f4c4d0b10493a7cc2f9302271557d65dcb895a3e EBUILD nova-9999.ebuild 5225 SHA256 8336956c0a15fd17e15f748c6445c3b144f2a9047dd8257ba3dda7a7b7f1ad01 SHA512 6d961e646096eb4df5814d31b06352f999291becefa5e8fdd88afd14e6ede54e583ba224e474e1122e90b114da4136782cd8336afb467c61fc5400a7dd3a05e8 WHIRLPOOL c4bad3d35be8adb4af48562507ef213185e6d722541226e7d8bedd02578265c035874b371f432db4d1db222fc2776cc74374a508ca562a30dae622a86e0bab10 -MISC ChangeLog 15204 SHA256 6e9730b320dbedaafcd7827f3d99e18821863094cc305f624abd657ffdf472c2 SHA512 5aac0dcba835380edd0bc3dbd1ce1537ab914b56702fa0581495c7bc2bb7f7e1873fc16df0b5aa3756455dee1c50f70790cc2fa5763b9e51895f7f72683b5b5c WHIRLPOOL 105e2db5b21c5a49685168a1468bbbe3bc11d2910eef596f8689ac200eca5dc0201589c131c8c15da581f3a58ebc3d3d6013f7812c802e5eb44e3e490a8028c4 +MISC ChangeLog 15432 SHA256 c3d96f1b4d8c39efdf8fe41ccdd683d018bd56576fd2442063bc3aaa5f0abdb2 SHA512 b6a494bfc85f05e130f69220d940b327dbd9cf42dc54d549c1953d0ffe812e4706344a3177b28a6dc07ecbb37cb3e5ce7d35841ebe08c687dcc08155cbeeccd0 WHIRLPOOL 713f95a153ba84c20066b9cb61f29fe16c0a5c5a245a80c26b26294ad07dfe226774d11ffe750d5feb6227a9bd7e0b2d1f889449d9f79a6741f38e4295c476ff MISC metadata.xml 1452 SHA256 29bf3efaab7a4e45f5e442b26a7606edaed3f47e4ffec3e8990f95aea6bf2450 SHA512 537664b6ff29f4afe09eb4635c2cb06d87a6c3c3101e8ef89d1ab9b5b802c79024e94a0cce5a44ec2fd5b1cc37a251dd42156a015b6a294f219b90daff17c9c1 WHIRLPOOL c6e44f9a48fea6ae2a323e9e03d8805301fb0d94bb5634b1946909715f6c05d45c49180204d00221aae1e6dc6748347b4273fae838216b5d5d07932bc473a851 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iQIcBAEBCAAGBQJTnSGzAAoJECRx6z5ArFrDYN0P/0b3rShqBEMVLeYmxgN3bay9 -0Jd4BI8bM/OYP2sVZSjFGAIEdmiIlTv9YuBoq9P7rRc1WjsTokrCGT9MJOXXvewn -BUmpzi5yZJ3yY09yhu3QdN7rHgyoDtsjXWmJEHIwzwL/alxnm6PCeoax9Yf95H/T -39APzurZhbffRAtfFqxuWmVl7bMnUTE+TWm2TiFYoxFiHZFTYzAn51x6cvSwVlg2 -w4PgEgggNwr5l8ZTLDidlPEG02dpDUjEKeR6zloE5A/PBnIuF7OXqzuqv8wBXJUw -+Usq9i/mKZ3Q3tNlrxfBlLsqxcQ6ifSm0lZDqY6+5zgKrVnfuVzlJBFFPzVMK0QJ -8AvuSSa3vgm5ldj9tqLN6HmJfOSoM06wCEh2CG0RY6i9ZA8e+r3rCQr/Tx7icN1M -Kl6LeobmOyuv/AU2e+difGZFyF1lZbnEM9wvohFAKyE3JfIUpNtZI6lYJIuT8XMp -EA0LEu0ufKShowUlaaYQthQCIhI5LilO1n5GgogqdNhGU01TfRDsbB1v+4YxmUVm -ANz3IKfxVZAIlDNIpLeSE/bRROIlEXU2H3vTClXZOXWzCqT1asIt+lZV6DILcZH3 -3+hDGz+IVF2qr0eK1eFekySH4l0ZmRzPs/W5zLl1Jr/5I/zetQx0tN1rUTgMfpmx -3mpc9ZOk5OHyh6yH1xEM -=Vd+C +iQIcBAEBCAAGBQJTnmYeAAoJECRx6z5ArFrDlekQAMhVgjki1r1EK+LcpJbv2ogz +riILlmi830tfuf6yL+9lM82EMFWYOskFblTOiAajT44RnthG/xuCg6VmT+oh0Auu +vcQSQiyzY7BITKd2YWDt9e5GVbDg0otBCgmpKHtB/qYgzFd16l78W1ewqzFM0gwk +0iZhxx0EloZeUq+xQ/OgRtRsyrG7U9yjmllPiOQ1g97eyE5BEr24itPrv9mxHZei +F749kbln2U0Gmzfn8eE1xcT4kqtB9XeKPvC6RA/0p3wmA2bwdGgbbkLKDTqpcIt1 +eeJKlPMBuZuwtW1rSNAytUqv/4mtP8XBRpiQttugiHKorbmnylqJdjHc6dnfqec5 +sVSZDrtufDyI8/Ax338drB91NW0MHX/p8Qo9IIlNoHUn342tKDydqvw3SENEJTEa +I96iU07sycOsWpuViCnPgtDrXzHGj7OPoGFEuCJTNZd9XCo9AOKIi0JJXW++IX5I +93YtKrIhv0TCD7SuXvpZRzfa/SZ88vO7bpS7/j8s+wUfH2RjqTePIYgEiuSzM8ZK +oQd4M32mzygAXEZXDfBaDeBOnkXKwbQN4Cdlczyp0OjkIURjmkRqbU8wH53KF6Pr +22Annc+ZE0fbmjc1p9xoyQ+jsl/g0UBMxAhdLlmofAyBD+mZOmBwh3ZdWUs8S99w +t2QoKKsrg0uh6q4C76PL +=D4wt -----END PGP SIGNATURE----- diff --git a/sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch b/sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch deleted file mode 100644 index 8fc53fa901ed..000000000000 --- a/sys-cluster/nova/files/2014.1-CVE-2014-2573-1.patch +++ /dev/null @@ -1,103 +0,0 @@ -From fb030283bed9e41a0343581fa21b81b2ebb07f15 Mon Sep 17 00:00:00 2001 -From: Xiaoyan Ding <xyding@cn.ibm.com> -Date: Mon, 24 Feb 2014 16:17:46 +0800 -Subject: [PATCH] VMWare: add power off vm before detach disk during unrescue - -Non Hot Plug type disk like IDE can only be detached when the VM is power off. - -Change-Id: Ib1f387a41abe2b52357854e90c2535ebb7b43f18 -Close-bug: #1279199 -(cherry picked from commit 1e1915aaaca38b5691794e0e052a42b9d95dd3c2) ---- - nova/tests/virt/vmwareapi/test_driver_api.py | 27 ++++++++++++++++++++++----- - nova/virt/vmwareapi/vmops.py | 21 ++++++++++++++++----- - 2 files changed, 38 insertions(+), 10 deletions(-) - -diff --git a/nova/tests/virt/vmwareapi/test_driver_api.py b/nova/tests/virt/vmwareapi/test_driver_api.py -index fb60335..c1481aa 100644 ---- a/nova/tests/virt/vmwareapi/test_driver_api.py -+++ b/nova/tests/virt/vmwareapi/test_driver_api.py -@@ -1273,14 +1273,31 @@ def test_rescue_with_config_drive(self): - - def test_unrescue(self): - self._rescue() -+ self.test_vm_ref = None -+ self.test_device_name = None - -- def fake_detach_disk_from_vm(*args, **kwargs): -- pass -+ def fake_power_off_vm_ref(vm_ref): -+ self.test_vm_ref = vm_ref -+ self.assertIsNotNone(vm_ref) - -- self.stubs.Set(self.conn._volumeops, "detach_disk_from_vm", -- fake_detach_disk_from_vm) -+ def fake_detach_disk_from_vm(vm_ref, instance, -+ device_name, destroy_disk=False): -+ self.test_device_name = device_name -+ info = self.conn.get_info(instance) -+ self._check_vm_info(info, power_state.SHUTDOWN) - -- self.conn.unrescue(self.instance, None) -+ with contextlib.nested( -+ mock.patch.object(self.conn._vmops, "_power_off_vm_ref", -+ side_effect=fake_power_off_vm_ref), -+ mock.patch.object(self.conn._volumeops, "detach_disk_from_vm", -+ side_effect=fake_detach_disk_from_vm), -+ ) as (poweroff, detach): -+ self.conn.unrescue(self.instance, None) -+ poweroff.assert_called_once_with(self.test_vm_ref) -+ detach.assert_called_once_with(self.test_vm_ref, mock.ANY, -+ self.test_device_name) -+ self.test_vm_ref = None -+ self.test_device_name = None - info = self.conn.get_info({'name': 1, 'uuid': self.uuid, - 'node': self.instance_node}) - self._check_vm_info(info, power_state.RUNNING) -diff --git a/nova/virt/vmwareapi/vmops.py b/nova/virt/vmwareapi/vmops.py -index 0c28a29..30f8373 100644 ---- a/nova/virt/vmwareapi/vmops.py -+++ b/nova/virt/vmwareapi/vmops.py -@@ -1159,12 +1159,26 @@ def unrescue(self, instance): - "get_dynamic_property", vm_rescue_ref, - "VirtualMachine", "config.hardware.device") - device = vm_util.get_vmdk_volume_disk(hardware_devices, path=vmdk_path) -+ self._power_off_vm_ref(vm_rescue_ref) - self._volumeops.detach_disk_from_vm(vm_rescue_ref, r_instance, device) - self.destroy(r_instance, None, instance_name=instance_name) - self._power_on(instance) - -+ def _power_off_vm_ref(self, vm_ref): -+ """Power off the specifed vm. -+ -+ :param vm_ref: a reference object to the VM. -+ """ -+ poweroff_task = self._session._call_method( -+ self._session._get_vim(), -+ "PowerOffVM_Task", vm_ref) -+ self._session._wait_for_task(poweroff_task) -+ - def power_off(self, instance): -- """Power off the specified instance.""" -+ """Power off the specified instance. -+ -+ :param instance: nova.objects.instance.Instance -+ """ - vm_ref = vm_util.get_vm_ref(self._session, instance) - - pwr_state = self._session._call_method(vim_util, -@@ -1173,10 +1187,7 @@ def power_off(self, instance): - # Only PoweredOn VMs can be powered off. - if pwr_state == "poweredOn": - LOG.debug(_("Powering off the VM"), instance=instance) -- poweroff_task = self._session._call_method( -- self._session._get_vim(), -- "PowerOffVM_Task", vm_ref) -- self._session._wait_for_task(poweroff_task) -+ self._power_off_vm_ref(vm_ref) - LOG.debug(_("Powered off the VM"), instance=instance) - # Raise Exception if VM is suspended - elif pwr_state == "suspended": --- -1.9.3 - diff --git a/sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch b/sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch deleted file mode 100644 index 990b6a8899d4..000000000000 --- a/sys-cluster/nova/files/2014.1-CVE-2014-2573-2.patch +++ /dev/null @@ -1,182 +0,0 @@ -From ffcb17678c7e5409a1f12a09945b18e8879a677d Mon Sep 17 00:00:00 2001 -From: Gary Kotton <gkotton@vmware.com> -Date: Thu, 13 Mar 2014 06:53:58 -0700 -Subject: [PATCH] VMware: ensure rescue instance is deleted when instance is - deleted - -If the user creates a rescue instance and then proceeded to delete -the original instance then the rescue instance would still be up -and running on the backend. - -This patch ensures that the rescue instance is cleaned up if -necessary. - -The vmops unrescue method has a new parameter indicating if -the original VM should be powered on. - -Closes-bug: 1269418 -(cherry picked from commit efb66531bc37ee416778a70d46c657608ca767af) - -Conflicts: - - nova/virt/vmwareapi/vmops.py - -Change-Id: I3c1d0b1d003392b306094b80ea1ac99377441fbf ---- - nova/tests/virt/vmwareapi/test_driver_api.py | 26 +++++++++++++ - nova/virt/vmwareapi/vmops.py | 55 ++++++++++++++++++++-------- - 2 files changed, 65 insertions(+), 16 deletions(-) - -diff --git a/nova/tests/virt/vmwareapi/test_driver_api.py b/nova/tests/virt/vmwareapi/test_driver_api.py -index c1481aa..63f0c59 100644 ---- a/nova/tests/virt/vmwareapi/test_driver_api.py -+++ b/nova/tests/virt/vmwareapi/test_driver_api.py -@@ -34,6 +34,7 @@ - from nova.compute import api as compute_api - from nova.compute import power_state - from nova.compute import task_states -+from nova.compute import vm_states - from nova import context - from nova import exception - from nova.openstack.common import jsonutils -@@ -1191,6 +1192,31 @@ def test_get_info(self): - 'node': self.instance_node}) - self._check_vm_info(info, power_state.RUNNING) - -+ def destroy_rescued(self, fake_method): -+ self._rescue() -+ with ( -+ mock.patch.object(self.conn._volumeops, "detach_disk_from_vm", -+ fake_method) -+ ): -+ self.instance['vm_state'] = vm_states.RESCUED -+ self.conn.destroy(self.context, self.instance, self.network_info) -+ inst_path = '[%s] %s/%s.vmdk' % (self.ds, self.uuid, self.uuid) -+ self.assertFalse(vmwareapi_fake.get_file(inst_path)) -+ rescue_file_path = '[%s] %s-rescue/%s-rescue.vmdk' % (self.ds, -+ self.uuid, -+ self.uuid) -+ self.assertFalse(vmwareapi_fake.get_file(rescue_file_path)) -+ -+ def test_destroy_rescued(self): -+ def fake_detach_disk_from_vm(*args, **kwargs): -+ pass -+ self.destroy_rescued(fake_detach_disk_from_vm) -+ -+ def test_destroy_rescued_with_exception(self): -+ def fake_detach_disk_from_vm(*args, **kwargs): -+ raise exception.NovaException('Here is my fake exception') -+ self.destroy_rescued(fake_detach_disk_from_vm) -+ - def test_destroy(self): - self._create_vm() - info = self.conn.get_info({'uuid': self.uuid, -diff --git a/nova/virt/vmwareapi/vmops.py b/nova/virt/vmwareapi/vmops.py -index 30f8373..831da48 100644 ---- a/nova/virt/vmwareapi/vmops.py -+++ b/nova/virt/vmwareapi/vmops.py -@@ -29,6 +29,7 @@ - from nova import compute - from nova.compute import power_state - from nova.compute import task_states -+from nova.compute import vm_states - from nova import context as nova_context - from nova import exception - from nova.openstack.common import excutils -@@ -985,13 +986,9 @@ def _delete(self, instance, network_info): - except Exception as exc: - LOG.exception(exc, instance=instance) - -- def destroy(self, instance, network_info, destroy_disks=True, -- instance_name=None): -- """Destroy a VM instance. Steps followed are: -- 1. Power off the VM, if it is in poweredOn state. -- 2. Un-register a VM. -- 3. Delete the contents of the folder holding the VM related data. -- """ -+ def _destroy_instance(self, instance, network_info, destroy_disks=True, -+ instance_name=None): -+ # Destroy a VM instance - # Get the instance name. In some cases this may differ from the 'uuid', - # for example when the spawn of a rescue instance takes place. - if not instance_name: -@@ -1029,8 +1026,9 @@ def destroy(self, instance, network_info, destroy_disks=True, - "UnregisterVM", vm_ref) - LOG.debug(_("Unregistered the VM"), instance=instance) - except Exception as excep: -- LOG.warn(_("In vmwareapi:vmops:destroy, got this exception" -- " while un-registering the VM: %s") % str(excep)) -+ LOG.warn(_("In vmwareapi:vmops:_destroy_instance, got this " -+ "exception while un-registering the VM: %s"), -+ excep) - # Delete the folder holding the VM related content on - # the datastore. - if destroy_disks and datastore_name: -@@ -1053,15 +1051,39 @@ def destroy(self, instance, network_info, destroy_disks=True, - {'datastore_name': datastore_name}, - instance=instance) - except Exception as excep: -- LOG.warn(_("In vmwareapi:vmops:destroy, " -- "got this exception while deleting" -- " the VM contents from the disk: %s") -- % str(excep)) -+ LOG.warn(_("In vmwareapi:vmops:_destroy_instance, " -+ "got this exception while deleting " -+ "the VM contents from the disk: %s"), -+ excep) - except Exception as exc: - LOG.exception(exc, instance=instance) - finally: - vm_util.vm_ref_cache_delete(instance_name) - -+ def destroy(self, instance, network_info, destroy_disks=True): -+ """Destroy a VM instance. -+ -+ Steps followed for each VM are: -+ 1. Power off, if it is in poweredOn state. -+ 2. Un-register. -+ 3. Delete the contents of the folder holding the VM related data. -+ """ -+ # If there is a rescue VM then we need to destroy that one too. -+ LOG.debug(_("Destroying instance"), instance=instance) -+ if instance['vm_state'] == vm_states.RESCUED: -+ LOG.debug(_("Rescue VM configured"), instance=instance) -+ try: -+ self.unrescue(instance, power_on=False) -+ LOG.debug(_("Rescue VM destroyed"), instance=instance) -+ except Exception: -+ rescue_name = instance['uuid'] + self._rescue_suffix -+ self._destroy_instance(instance, network_info, -+ destroy_disks=destroy_disks, -+ instance_name=rescue_name) -+ self._destroy_instance(instance, network_info, -+ destroy_disks=destroy_disks) -+ LOG.debug(_("Instance destroyed"), instance=instance) -+ - def pause(self, instance): - msg = _("pause not supported for vmwareapi") - raise NotImplementedError(msg) -@@ -1139,7 +1161,7 @@ def rescue(self, context, instance, network_info, image_meta): - adapter_type, disk_type, vmdk_path) - self._power_on(instance, vm_ref=rescue_vm_ref) - -- def unrescue(self, instance): -+ def unrescue(self, instance, power_on=True): - """Unrescue the specified instance.""" - # Get the original vmdk_path - vm_ref = vm_util.get_vm_ref(self._session, instance) -@@ -1161,8 +1183,9 @@ def unrescue(self, instance): - device = vm_util.get_vmdk_volume_disk(hardware_devices, path=vmdk_path) - self._power_off_vm_ref(vm_rescue_ref) - self._volumeops.detach_disk_from_vm(vm_rescue_ref, r_instance, device) -- self.destroy(r_instance, None, instance_name=instance_name) -- self._power_on(instance) -+ self._destroy_instance(r_instance, None, instance_name=instance_name) -+ if power_on: -+ self._power_on(instance) - - def _power_off_vm_ref(self, vm_ref): - """Power off the specifed vm. --- -1.9.3 - diff --git a/sys-cluster/nova/nova-2014.1-r2.ebuild b/sys-cluster/nova/nova-2014.1.1.ebuild index d9891d234a2d..7e9ea7d9d0c3 100644 --- a/sys-cluster/nova/nova-2014.1-r2.ebuild +++ b/sys-cluster/nova/nova-2014.1.1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2014.1-r2.ebuild,v 1.3 2014/06/09 04:56:40 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2014.1.1.ebuild,v 1.1 2014/06/16 03:35:39 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -76,8 +76,6 @@ RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}] app-emulation/xen-tools )" PATCHES=( - "${FILESDIR}/2014.1-CVE-2014-2573-1.patch" - "${FILESDIR}/2014.1-CVE-2014-2573-2.patch" ) pkg_setup() { |