fix for CVE-2013-4278 for bug 482144

(Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
author: Matthew Thode <prometheanfire@gentoo.org> 2013-09-12 06:55:27 +0000
committer: Matthew Thode <prometheanfire@gentoo.org> 2013-09-12 06:55:27 +0000
commit: 6d128e96b27cd18e845c7e159c39c11ad8f00397 (patch)
tree: 7b07072eed9659efb9c5f8032762a79d99289458 /sys-cluster/nova
parent: Bump (diff)
download: gentoo-2-6d128e96b27cd18e845c7e159c39c11ad8f00397.tar.gz
gentoo-2-6d128e96b27cd18e845c7e159c39c11ad8f00397.tar.bz2
gentoo-2-6d128e96b27cd18e845c7e159c39c11ad8f00397.zip
5 files changed, 196 insertions, 3 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index 61c5338de18e..b86eea9df207 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-cluster/nova
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.26 2013/09/12 06:18:01 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.27 2013/09/12 06:55:26 prometheanfire Exp $
+
+*nova-2013.1.3-r5 (12 Sep 2013)
+*nova-2012.2.4-r8 (12 Sep 2013)
+
+  12 Sep 2013; Matthew Thode <prometheanfire@gentoo.org>
+  +files/2012.2.4-CVE-2013-4278.patch, +files/2013.1.3-CVE-2013-4278.patch,
+  +nova-2012.2.4-r8.ebuild, +nova-2013.1.3-r5.ebuild, -nova-2012.2.4-r7.ebuild,
+  -nova-2013.1.3-r4.ebuild:
+  fix for CVE-2013-4278 for bug 482144
 
 *nova-2012.2.4-r7 (12 Sep 2013)
 *nova-2013.1.3-r4 (12 Sep 2013)
diff --git a/sys-cluster/nova/files/2012.2.4-CVE-2013-4278.patch b/sys-cluster/nova/files/2012.2.4-CVE-2013-4278.patch
new file mode 100644
index 000000000000..a0b9b4119741
--- /dev/null
+++ b/sys-cluster/nova/files/2012.2.4-CVE-2013-4278.patch
@@ -0,0 +1,95 @@
+From 6825959560e06725d26625fd21f5c0b78b305492 Mon Sep 17 00:00:00 2001
+From: Russell Bryant <rbryant@redhat.com>
+Date: Tue, 20 Aug 2013 11:06:12 -0400
+Subject: [PATCH] Enforce flavor access during instance boot
+
+The code in the servers API did not pass the context when retrieving
+flavor details.  That means it would use an admin context instead,
+bypassing all flavor access control checks.
+
+This patch includes the fix, and the corresponding unit test for the v2
+API.
+
+Closes-bug: #1212179
+
+(cherry picked from commit 4054cc4a22a1fea997dec76afb5646fd6c6ea6b9)
+
+Conflicts:
+	nova/api/openstack/compute/plugins/v3/servers.py
+	nova/api/openstack/compute/servers.py
+	nova/tests/api/openstack/compute/plugins/v3/test_servers.py
+	nova/tests/api/openstack/compute/test_servers.py
+
+Change-Id: I681ae9965e19767df22fa74c3315e4e03a459d3b
+---
+ nova/api/openstack/compute/servers.py            |  3 ++-
+ nova/tests/api/openstack/compute/test_servers.py | 23 +++++++++++++++++++++--
+ 2 files changed, 23 insertions(+), 3 deletions(-)
+
+diff --git a/nova/api/openstack/compute/servers.py b/nova/api/openstack/compute/servers.py
+index 6908262..ab06595 100644
+--- a/nova/api/openstack/compute/servers.py
++++ b/nova/api/openstack/compute/servers.py
+@@ -844,7 +844,8 @@ class Controller(wsgi.Controller):
+ 
+         try:
+             _get_inst_type = instance_types.get_instance_type_by_flavor_id
+-            inst_type = _get_inst_type(flavor_id, read_deleted="no")
++            inst_type = _get_inst_type(flavor_id, ctxt=context,
++                                       read_deleted="no")
+ 
+             (instances, resv_id) = self.compute_api.create(context,
+                             inst_type,
+diff --git a/nova/tests/api/openstack/compute/test_servers.py b/nova/tests/api/openstack/compute/test_servers.py
+index cd88a2a..5cb26bd 100644
+--- a/nova/tests/api/openstack/compute/test_servers.py
++++ b/nova/tests/api/openstack/compute/test_servers.py
+@@ -34,6 +34,7 @@ import nova.compute.api
+ from nova.compute import instance_types
+ from nova.compute import task_states
+ from nova.compute import vm_states
++import nova.context
+ import nova.db
+ from nova.db.sqlalchemy import models
+ from nova import flags
+@@ -1703,10 +1704,10 @@ class ServersControllerCreateTest(test.TestCase):
+         """
+         self.assertTrue("adminPass" not in server_dict)
+ 
+-    def _test_create_instance(self):
++    def _test_create_instance(self, flavor=2):
+         image_uuid = 'c905cedb-7281-47e4-8a62-f26bc5fc4c77'
+         body = dict(server=dict(
+-            name='server_test', imageRef=image_uuid, flavorRef=2,
++            name='server_test', imageRef=image_uuid, flavorRef=flavor,
+             metadata={'hello': 'world', 'open': 'stack'},
+             personality={}))
+         req = fakes.HTTPRequest.blank('/v2/fake/servers')
+@@ -1718,6 +1719,24 @@ class ServersControllerCreateTest(test.TestCase):
+         self._check_admin_pass_len(server)
+         self.assertEqual(FAKE_UUID, server['id'])
+ 
++    def test_create_instance_private_flavor(self):
++        values = {
++            'name': 'fake_name',
++            'memory_mb': 512,
++            'vcpus': 1,
++            'root_gb': 10,
++            'ephemeral_gb': 10,
++            'flavorid': '1324',
++            'swap': 0,
++            'rxtx_factor': 0.5,
++            'vcpu_weight': 1,
++            'disabled': False,
++            'is_public': False,
++        }
++        nova.db.instance_type_create(nova.context.get_admin_context(), values)
++        self.assertRaises(webob.exc.HTTPBadRequest, self._test_create_instance,
++                          flavor=1324)
++
+     def test_create_server_bad_image_href(self):
+         image_href = 1
+         flavor_ref = 'http://localhost/123/flavors/3'
+-- 
+1.8.1.5
+
diff --git a/sys-cluster/nova/files/2013.1.3-CVE-2013-4278.patch b/sys-cluster/nova/files/2013.1.3-CVE-2013-4278.patch
new file mode 100644
index 000000000000..51c3af50a144
--- /dev/null
+++ b/sys-cluster/nova/files/2013.1.3-CVE-2013-4278.patch
@@ -0,0 +1,87 @@
+From 8b686195afe7e6dfb46c56c1ef2fe9c993d8e495 Mon Sep 17 00:00:00 2001
+From: Russell Bryant <rbryant@redhat.com>
+Date: Tue, 20 Aug 2013 11:06:12 -0400
+Subject: [PATCH] Enforce flavor access during instance boot
+
+The code in the servers API did not pass the context when retrieving
+flavor details.  That means it would use an admin context instead,
+bypassing all flavor access control checks.
+
+This patch includes the fix, and the corresponding unit test for the v2
+API.
+
+Closes-bug: #1212179
+
+(cherry picked from commit 4054cc4a22a1fea997dec76afb5646fd6c6ea6b9)
+
+Conflicts:
+	nova/api/openstack/compute/plugins/v3/servers.py
+	nova/api/openstack/compute/servers.py
+	nova/tests/api/openstack/compute/plugins/v3/test_servers.py
+	nova/tests/api/openstack/compute/test_servers.py
+
+Change-Id: I681ae9965e19767df22fa74c3315e4e03a459d3b
+---
+ nova/api/openstack/compute/servers.py            |  3 ++-
+ nova/tests/api/openstack/compute/test_servers.py | 22 ++++++++++++++++++++--
+ 2 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/nova/api/openstack/compute/servers.py b/nova/api/openstack/compute/servers.py
+index 85ef080..6c38219 100644
+--- a/nova/api/openstack/compute/servers.py
++++ b/nova/api/openstack/compute/servers.py
+@@ -873,7 +873,8 @@ class Controller(wsgi.Controller):
+ 
+         try:
+             _get_inst_type = instance_types.get_instance_type_by_flavor_id
+-            inst_type = _get_inst_type(flavor_id, read_deleted="no")
++            inst_type = _get_inst_type(flavor_id, ctxt=context,
++                                       read_deleted="no")
+ 
+             (instances, resv_id) = self.compute_api.create(context,
+                             inst_type,
+diff --git a/nova/tests/api/openstack/compute/test_servers.py b/nova/tests/api/openstack/compute/test_servers.py
+index 7748c2e..89d0f8a 100644
+--- a/nova/tests/api/openstack/compute/test_servers.py
++++ b/nova/tests/api/openstack/compute/test_servers.py
+@@ -1822,10 +1822,10 @@ class ServersControllerCreateTest(test.TestCase):
+         """utility function - check server_dict for absence of adminPass."""
+         self.assertTrue("adminPass" not in server_dict)
+ 
+-    def _test_create_instance(self):
++    def _test_create_instance(self, flavor=2):
+         image_uuid = 'c905cedb-7281-47e4-8a62-f26bc5fc4c77'
+         body = dict(server=dict(
+-            name='server_test', imageRef=image_uuid, flavorRef=2,
++            name='server_test', imageRef=image_uuid, flavorRef=flavor,
+             metadata={'hello': 'world', 'open': 'stack'},
+             personality={}))
+         req = fakes.HTTPRequest.blank('/v2/fake/servers')
+@@ -1837,6 +1837,24 @@ class ServersControllerCreateTest(test.TestCase):
+         self._check_admin_pass_len(server)
+         self.assertEqual(FAKE_UUID, server['id'])
+ 
++    def test_create_instance_private_flavor(self):
++        values = {
++            'name': 'fake_name',
++            'memory_mb': 512,
++            'vcpus': 1,
++            'root_gb': 10,
++            'ephemeral_gb': 10,
++            'flavorid': '1324',
++            'swap': 0,
++            'rxtx_factor': 0.5,
++            'vcpu_weight': 1,
++            'disabled': False,
++            'is_public': False,
++        }
++        db.instance_type_create(context.get_admin_context(), values)
++        self.assertRaises(webob.exc.HTTPBadRequest, self._test_create_instance,
++                          flavor=1324)
++
+     def test_create_server_bad_image_href(self):
+         image_href = 1
+         flavor_ref = 'http://localhost/123/flavors/3'
+-- 
+1.8.1.5
+
diff --git a/sys-cluster/nova/nova-2012.2.4-r7.ebuild b/sys-cluster/nova/nova-2012.2.4-r8.ebuild
index de16c8b27206..5efa2c6da0dc 100644
--- a/sys-cluster/nova/nova-2012.2.4-r7.ebuild
+++ b/sys-cluster/nova/nova-2012.2.4-r8.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2012.2.4-r7.ebuild,v 1.1 2013/09/12 06:18:01 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2012.2.4-r8.ebuild,v 1.1 2013/09/12 06:55:26 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -55,6 +55,7 @@ PATCHES=(
 	"${FILESDIR}/2012.2.4-CVE-2013-2256.patch"
 	"${FILESDIR}/2012.2.4-CVE-2013-4185.patch"
 	"${FILESDIR}/2012.2.4-CVE-2013-4261.patch"
+	"${FILESDIR}/2012.2.4-CVE-2013-4278.patch"
 )
 
 pkg_setup() {
diff --git a/sys-cluster/nova/nova-2013.1.3-r4.ebuild b/sys-cluster/nova/nova-2013.1.3-r5.ebuild
index df9715831c4f..a7c3ad3ee4cd 100644
--- a/sys-cluster/nova/nova-2013.1.3-r4.ebuild
+++ b/sys-cluster/nova/nova-2013.1.3-r5.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.3-r4.ebuild,v 1.1 2013/09/12 06:18:01 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.3-r5.ebuild,v 1.1 2013/09/12 06:55:26 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -60,6 +60,7 @@ RDEPEND=">=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}]
 
 PATCHES=(
 	"${FILESDIR}/2013.1.3-CVE-2013-4261.patch"
+	"${FILESDIR}/2013.1.3-CVE-2013-4278.patch"
 )
 
 pkg_setup() {
author	Matthew Thode <prometheanfire@gentoo.org>	2013-09-12 06:55:27 +0000
committer	Matthew Thode <prometheanfire@gentoo.org>	2013-09-12 06:55:27 +0000
commit	6d128e96b27cd18e845c7e159c39c11ad8f00397 (patch)
tree	7b07072eed9659efb9c5f8032762a79d99289458 /sys-cluster/nova
parent	Bump (diff)
download	gentoo-2-6d128e96b27cd18e845c7e159c39c11ad8f00397.tar.gz gentoo-2-6d128e96b27cd18e845c7e159c39c11ad8f00397.tar.bz2 gentoo-2-6d128e96b27cd18e845c7e159c39c11ad8f00397.zip