diff options
| author |   Matthew Thode <prometheanfire@gentoo.org> | 2014-01-23 16:31:28 +0000 |
|---|---|---|
| committer | Matthew Thode <prometheanfire@gentoo.org> | 2014-01-23 16:31:28 +0000 |
| commit | 3a8b9e8782646c0c5c9368fda2dd40e380cff452 (patch) | |
| tree | 742d0bdc40647440578599a203f13f136eacf6b2 /sys-cluster | |
| parent | Use SLOT="0/15" because SONAME changed in 0.92 (diff) | |
| download | gentoo-2-3a8b9e8782646c0c5c9368fda2dd40e380cff452.tar.gz gentoo-2-3a8b9e8782646c0c5c9368fda2dd40e380cff452.tar.bz2 gentoo-2-3a8b9e8782646c0c5c9368fda2dd40e380cff452.zip | |
fixes for CVE-2013-7130, old badness removed
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
Diffstat (limited to 'sys-cluster')
| -rw-r--r-- | sys-cluster/nova/ChangeLog | 11 | ||||
| -rw-r--r-- | sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch | 161 | ||||
| -rw-r--r-- | sys-cluster/nova/files/CVE-2013-7130-stable-havana.patch | 130 | ||||
| -rw-r--r-- | sys-cluster/nova/nova-2013.1.4-r4.ebuild (renamed from sys-cluster/nova/nova-2013.1.4-r3.ebuild) | 3 | ||||
| -rw-r--r-- | sys-cluster/nova/nova-2013.2.1-r2.ebuild (renamed from sys-cluster/nova/nova-2013.2.1-r1.ebuild) | 3 |
5 files changed, 305 insertions, 3 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog index df08d6387bc2..ae74072ccbc3 100644 --- a/sys-cluster/nova/ChangeLog +++ b/sys-cluster/nova/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for sys-cluster/nova # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.47 2014/01/08 06:00:45 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.48 2014/01/23 16:31:28 prometheanfire Exp $ + +*nova-2013.2.1-r2 (23 Jan 2014) +*nova-2013.1.4-r4 (23 Jan 2014) + + 23 Jan 2014; Matthew Thode <prometheanfire@gentoo.org> + +files/CVE-2013-7130-stable-grizzly.patch, + +files/CVE-2013-7130-stable-havana.patch, +nova-2013.1.4-r4.ebuild, + +nova-2013.2.1-r2.ebuild, -nova-2013.1.4-r3.ebuild, -nova-2013.2.1-r1.ebuild: + fixes for CVE-2013-7130, old badness removed 08 Jan 2014; Mike Frysinger <vapier@gentoo.org> nova-2013.1.4-r3.ebuild, nova-2013.1.9999.ebuild, nova-2013.2.1-r1.ebuild, nova-2013.2.9999.ebuild, diff --git a/sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch b/sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch new file mode 100644 index 000000000000..c77d629a06d9 --- /dev/null +++ b/sys-cluster/nova/files/CVE-2013-7130-stable-grizzly.patch @@ -0,0 +1,161 @@ +From 35e0ee309e040a95988a433120f1eba747f6f33c Mon Sep 17 00:00:00 2001
+From: Nikola Dipanov <ndipanov@redhat.com>
+Date: Tue, 10 Dec 2013 17:43:17 +0100
+Subject: [PATCH] libvirt: Fix root disk leak in live mig
+
+This patch makes sure that i_create_images_and_backing method of the
+libvirt driver (called in several places, but most problematic one is
+the call in the pre_live_migration method) creates all the files the
+instance needs that are not present.
+
+Prioir to this patch - the method would only attempt to download the
+image, and if it did so with the path of the ephemeral drives, it could
+expose the image to other users as an ephemeral devices. See the related
+bug for more detaiis.
+
+After this patch - we properly distinguish between image, ephemeral and
+swap files, and make sure that the imagebackend does the correct thing.
+
+Closes-bug: #1251590
+
+Co-authored-by: Loganathan Parthipan <parthipan@hp.com>
+
+This patch also includes part of commit
+65386c91910ee03d947c2b8bcc226a53c30e060a, not cherry-picked as a whole
+due to the fact that it is a trivial change, and to avoud the
+proliferation of patches needed to fix this bug.
+
+Change-Id: I78aa2f4243899db4f4941e77014a7e18e27fc63e
+(cherry picked from commit c69a619668b5f44e94a8fe1a23f3d887ba2834d7)
+
+Conflicts:
+ nova/tests/test_libvirt.py
+ nova/virt/libvirt/driver.py
+---
+ nova/tests/test_libvirt.py | 63 +++++++++++++++++++++++++++++++++++++++++++++
+ nova/virt/libvirt/driver.py | 31 +++++++++++++++-------
+ 2 files changed, 85 insertions(+), 9 deletions(-)
+
+diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
+index d2ac73b..d9c7405 100644
+--- a/nova/tests/test_libvirt.py
++++ b/nova/tests/test_libvirt.py
+@@ -2346,6 +2346,69 @@ class LibvirtConnTestCase(test.TestCase):
+
+ db.instance_destroy(self.context, instance_ref['uuid'])
+
++ def test_create_images_and_backing(self):
++ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
++ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
++ self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'create_image')
++
++ libvirt_driver.libvirt_utils.create_image(mox.IgnoreArg(),
++ mox.IgnoreArg(),
++ mox.IgnoreArg())
++ conn._fetch_instance_kernel_ramdisk(self.context, self.test_instance)
++ self.mox.ReplayAll()
++
++ self.stubs.Set(os.path, 'exists', lambda *args: False)
++ disk_info_json = jsonutils.dumps([{'path': 'foo', 'type': None,
++ 'disk_size': 0,
++ 'backing_file': None}])
++ conn._create_images_and_backing(self.context, self.test_instance,
++ "/fake/instance/dir", disk_info_json)
++
++ def test_create_images_and_backing_ephemeral_gets_created(self):
++ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
++ disk_info_json = jsonutils.dumps(
++ [{u'backing_file': u'fake_image_backing_file',
++ u'disk_size': 10747904,
++ u'path': u'disk_path',
++ u'type': u'qcow2',
++ u'virt_disk_size': 25165824},
++ {u'backing_file': u'ephemeral_1_default',
++ u'disk_size': 393216,
++ u'over_committed_disk_size': 1073348608,
++ u'path': u'disk_eph_path',
++ u'type': u'qcow2',
++ u'virt_disk_size': 1073741824}])
++
++ base_dir = os.path.join(CONF.instances_path, '_base')
++ ephemeral_target = os.path.join(base_dir, 'ephemeral_1_default')
++ image_target = os.path.join(base_dir, 'fake_image_backing_file')
++ self.test_instance.update({'name': 'fake_instance',
++ 'user_id': 'fake-user',
++ 'os_type': None,
++ 'project_id': 'fake-project'})
++
++ self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'fetch_image')
++ self.mox.StubOutWithMock(conn, '_create_ephemeral')
++ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
++
++ conn._create_ephemeral(
++ target=ephemeral_target,
++ ephemeral_size=self.test_instance['ephemeral_gb'],
++ max_size=mox.IgnoreArg(), os_type=mox.IgnoreArg(),
++ fs_label=mox.IgnoreArg())
++ libvirt_driver.libvirt_utils.fetch_image(context=self.context,
++ image_id=mox.IgnoreArg(),
++ user_id=mox.IgnoreArg(), project_id=mox.IgnoreArg(),
++ max_size=mox.IgnoreArg(), target=image_target)
++ conn._fetch_instance_kernel_ramdisk(
++ self.context, self.test_instance).AndReturn(None)
++
++ self.mox.ReplayAll()
++
++ conn._create_images_and_backing(self.context, self.test_instance,
++ "/fake/instance/dir",
++ disk_info_json)
++
+ def test_pre_live_migration_works_correctly_mocked(self):
+ # Creating testdata
+ vol = {'block_device_mapping': [
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index 0f0ea46..39191af 100755
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -3304,19 +3304,32 @@ class LibvirtDriver(driver.ComputeDriver):
+ elif info['backing_file']:
+ # Creating backing file follows same way as spawning instances.
+ cache_name = os.path.basename(info['backing_file'])
+- # Remove any size tags which the cache manages
+- cache_name = cache_name.split('_')[0]
+
+ image = self.image_backend.image(instance,
+ instance_disk,
+ CONF.libvirt_images_type)
+- image.cache(fetch_func=libvirt_utils.fetch_image,
+- context=ctxt,
+- filename=cache_name,
+- image_id=instance['image_ref'],
+- user_id=instance['user_id'],
+- project_id=instance['project_id'],
+- size=info['virt_disk_size'])
++ if cache_name.startswith('ephemeral'):
++ image.cache(fetch_func=self._create_ephemeral,
++ fs_label=cache_name,
++ os_type=instance["os_type"],
++ filename=cache_name,
++ size=info['virt_disk_size'],
++ ephemeral_size=instance['ephemeral_gb'])
++ elif cache_name.startswith('swap'):
++ inst_type = flavors.extract_flavor(instance)
++ swap_mb = inst_type['swap']
++ image.cache(fetch_func=self._create_swap,
++ filename="swap_%s" % swap_mb,
++ size=swap_mb * unit.Mi,
++ swap_mb=swap_mb)
++ else:
++ image.cache(fetch_func=libvirt_utils.fetch_image,
++ context=ctxt,
++ filename=cache_name,
++ image_id=instance['image_ref'],
++ user_id=instance['user_id'],
++ project_id=instance['project_id'],
++ size=info['virt_disk_size'])
+
+ # if image has kernel and ramdisk, just download
+ # following normal way.
+--
+1.8.3.1
+
diff --git a/sys-cluster/nova/files/CVE-2013-7130-stable-havana.patch b/sys-cluster/nova/files/CVE-2013-7130-stable-havana.patch new file mode 100644 index 000000000000..6e2c55de2a88 --- /dev/null +++ b/sys-cluster/nova/files/CVE-2013-7130-stable-havana.patch @@ -0,0 +1,130 @@ +From c8423d648d578397e2742f9d0b21c90171e2efc3 Mon Sep 17 00:00:00 2001
+From: Nikola Dipanov <ndipanov@redhat.com>
+Date: Tue, 10 Dec 2013 17:43:17 +0100
+Subject: [PATCH] libvirt: Fix root disk leak in live mig
+
+This patch makes sure that i_create_images_and_backing method of the
+libvirt driver (called in several places, but most problematic one is
+the call in the pre_live_migration method) creates all the files the
+instance needs that are not present.
+
+Prioir to this patch - the method would only attempt to download the
+image, and if it did so with the path of the ephemeral drives, it could
+expose the image to other users as an ephemeral devices. See the related
+bug for more detaiis.
+
+After this patch - we properly distinguish between image, ephemeral and
+swap files, and make sure that the imagebackend does the correct thing.
+
+Closes-bug: #1251590
+
+Co-authored-by: Loganathan Parthipan <parthipan@hp.com>
+
+Change-Id: I78aa2f4243899db4f4941e77014a7e18e27fc63e
+(cherry picked from commit c69a619668b5f44e94a8fe1a23f3d887ba2834d7)
+
+Conflicts:
+ nova/virt/libvirt/driver.py
+---
+ nova/tests/virt/libvirt/test_libvirt.py | 42 +++++++++++++++++++++++++++++++++
+ nova/virt/libvirt/driver.py | 31 +++++++++++++++++-------
+ 2 files changed, 65 insertions(+), 8 deletions(-)
+
+diff --git a/nova/tests/virt/libvirt/test_libvirt.py b/nova/tests/virt/libvirt/test_libvirt.py
+index c176985..191b3f8 100644
+--- a/nova/tests/virt/libvirt/test_libvirt.py
++++ b/nova/tests/virt/libvirt/test_libvirt.py
+@@ -3047,6 +3047,48 @@ class LibvirtConnTestCase(test.TestCase):
+ conn._create_images_and_backing(self.context, self.test_instance,
+ "/fake/instance/dir", disk_info_json)
+
++ def test_create_images_and_backing_ephemeral_gets_created(self):
++ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
++ disk_info_json = jsonutils.dumps(
++ [{u'backing_file': u'fake_image_backing_file',
++ u'disk_size': 10747904,
++ u'path': u'disk_path',
++ u'type': u'qcow2',
++ u'virt_disk_size': 25165824},
++ {u'backing_file': u'ephemeral_1_default',
++ u'disk_size': 393216,
++ u'over_committed_disk_size': 1073348608,
++ u'path': u'disk_eph_path',
++ u'type': u'qcow2',
++ u'virt_disk_size': 1073741824}])
++
++ base_dir = os.path.join(CONF.instances_path,
++ CONF.image_cache_subdirectory_name)
++ self.test_instance.update({'name': 'fake_instance',
++ 'user_id': 'fake-user',
++ 'os_type': None,
++ 'project_id': 'fake-project'})
++
++ with contextlib.nested(
++ mock.patch.object(conn, '_fetch_instance_kernel_ramdisk'),
++ mock.patch.object(libvirt_driver.libvirt_utils, 'fetch_image'),
++ mock.patch.object(conn, '_create_ephemeral')
++ ) as (fetch_kernel_ramdisk_mock, fetch_image_mock,
++ create_ephemeral_mock):
++ conn._create_images_and_backing(self.context, self.test_instance,
++ "/fake/instance/dir",
++ disk_info_json)
++ self.assertEqual(len(create_ephemeral_mock.call_args_list), 1)
++ m_args, m_kwargs = create_ephemeral_mock.call_args_list[0]
++ self.assertEqual(
++ os.path.join(base_dir, 'ephemeral_1_default'),
++ m_kwargs['target'])
++ self.assertEqual(len(fetch_image_mock.call_args_list), 1)
++ m_args, m_kwargs = fetch_image_mock.call_args_list[0]
++ self.assertEqual(
++ os.path.join(base_dir, 'fake_image_backing_file'),
++ m_kwargs['target'])
++
+ def test_create_images_and_backing_disk_info_none(self):
+ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
+ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index 500ce51..c74b2ad 100644
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -4209,14 +4209,29 @@ class LibvirtDriver(driver.ComputeDriver):
+
+ image = self.image_backend.image(instance,
+ instance_disk,
+- CONF.libvirt_images_type)
+- image.cache(fetch_func=libvirt_utils.fetch_image,
+- context=context,
+- filename=cache_name,
+- image_id=instance['image_ref'],
+- user_id=instance['user_id'],
+- project_id=instance['project_id'],
+- size=info['virt_disk_size'])
++ CONF.libvirt.images_type)
++ if cache_name.startswith('ephemeral'):
++ image.cache(fetch_func=self._create_ephemeral,
++ fs_label=cache_name,
++ os_type=instance["os_type"],
++ filename=cache_name,
++ size=info['virt_disk_size'],
++ ephemeral_size=instance['ephemeral_gb'])
++ elif cache_name.startswith('swap'):
++ inst_type = flavors.extract_flavor(instance)
++ swap_mb = inst_type['swap']
++ image.cache(fetch_func=self._create_swap,
++ filename="swap_%s" % swap_mb,
++ size=swap_mb * unit.Mi,
++ swap_mb=swap_mb)
++ else:
++ image.cache(fetch_func=libvirt_utils.fetch_image,
++ context=context,
++ filename=cache_name,
++ image_id=instance['image_ref'],
++ user_id=instance['user_id'],
++ project_id=instance['project_id'],
++ size=info['virt_disk_size'])
+
+ # if image has kernel and ramdisk, just download
+ # following normal way.
+--
+1.8.3.1
+
diff --git a/sys-cluster/nova/nova-2013.1.4-r3.ebuild b/sys-cluster/nova/nova-2013.1.4-r4.ebuild index 0400a6760267..aacf80b50784 100644 --- a/sys-cluster/nova/nova-2013.1.4-r3.ebuild +++ b/sys-cluster/nova/nova-2013.1.4-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r3.ebuild,v 1.2 2014/01/08 06:00:45 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r4.ebuild,v 1.1 2014/01/23 16:31:28 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -75,6 +75,7 @@ PATCHES=( "${FILESDIR}/CVE-2013-4497-grizzly-2.patch" "${FILESDIR}/CVE-2013-6419_2013.1.4.patch" "${FILESDIR}/CVE-2013-6437-2012.1.4.patch" + "${FILESDIR}/CVE-2013-7130-stable-grizzly.patch" ) pkg_setup() { diff --git a/sys-cluster/nova/nova-2013.2.1-r1.ebuild b/sys-cluster/nova/nova-2013.2.1-r2.ebuild index 1195edefa90c..2b4842a7299f 100644 --- a/sys-cluster/nova/nova-2013.2.1-r1.ebuild +++ b/sys-cluster/nova/nova-2013.2.1-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1-r1.ebuild,v 1.2 2014/01/08 06:00:45 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1-r2.ebuild,v 1.1 2014/01/23 16:31:28 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -72,6 +72,7 @@ RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}] PATCHES=( "${FILESDIR}/CVE-2013-6437-2012.2.1.patch" + "${FILESDIR}/CVE-2013-7130-stable-havana.patch" ) pkg_setup() { |