fixes for bug 494026 CVE-2013-7048

(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
author: Matthew Thode <prometheanfire@gentoo.org> 2014-01-27 08:44:51 +0000
committer: Matthew Thode <prometheanfire@gentoo.org> 2014-01-27 08:44:51 +0000
commit: f5dbf25960edf593acda3f037868818326fe8968 (patch)
tree: 389679b58c04c49aac05f2000c7829f1295876fe /sys-cluster
parent: removing the old and jankey, adding the new hotness (diff)
download: gentoo-2-f5dbf25960edf593acda3f037868818326fe8968.tar.gz
gentoo-2-f5dbf25960edf593acda3f037868818326fe8968.tar.bz2
gentoo-2-f5dbf25960edf593acda3f037868818326fe8968.zip
5 files changed, 84 insertions, 3 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index ae74072ccbc3..44ec415afa41 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-cluster/nova
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.48 2014/01/23 16:31:28 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.49 2014/01/27 08:44:51 prometheanfire Exp $
+
+*nova-2013.2.1-r3 (27 Jan 2014)
+*nova-2013.1.4-r5 (27 Jan 2014)
+
+  27 Jan 2014; Matthew Thode <prometheanfire@gentoo.org>
+  +files/CVE-2013-7048-grizzly.patch, +files/CVE-2013-7048-havana.patch,
+  +nova-2013.1.4-r5.ebuild, +nova-2013.2.1-r3.ebuild, -nova-2013.1.4-r4.ebuild,
+  -nova-2013.2.1-r2.ebuild:
+  fixes for bug 494026 CVE-2013-7048
 
 *nova-2013.2.1-r2 (23 Jan 2014)
 *nova-2013.1.4-r4 (23 Jan 2014)
diff --git a/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch b/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch
new file mode 100644
index 000000000000..7c9d98aa579b
--- /dev/null
+++ b/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch
@@ -0,0 +1,35 @@
+From 9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa Mon Sep 17 00:00:00 2001
+From: Xavier Queralt <xqueralt@redhat.com>
+Date: Wed, 27 Nov 2013 19:44:36 +0000
+Subject: Enforce permissions in snapshots temporary dir
+
+Live snapshots creates a temporary directory where libvirt driver
+creates a new image from the instance's disk using blockRebase.
+Currently this directory is created with 777 permissions making this
+directory accessible by all the users in the system.
+
+This patch changes the tempdir permissions so they have the o+x
+flag set, which is what libvirt needs to be able to write in it and
+
+Closes-Bug: #1227027
+Change-Id: I767ff5247b4452821727e92b668276004fc0f84d
+(cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f)
+---
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index 6b977cb..4cc85f1 100755
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -1191,9 +1191,8 @@ class LibvirtDriver(driver.ComputeDriver):
+             try:
+                 out_path = os.path.join(tmpdir, snapshot_name)
+                 if live_snapshot:
+-                    # NOTE (rmk): libvirt needs to be able to write to the
+-                    #             temp directory, which is owned nova.
+-                    utils.execute('chmod', '777', tmpdir, run_as_root=True)
++                    # NOTE(xqueralt): libvirt needs o+x in the temp directory
++                    os.chmod(tmpdir, 0o701)
+                     self._live_snapshot(virt_dom, disk_path, out_path,
+                                         image_format)
+                 else:
+--
+cgit v0.9.2
diff --git a/sys-cluster/nova/files/CVE-2013-7048-havana.patch b/sys-cluster/nova/files/CVE-2013-7048-havana.patch
new file mode 100644
index 000000000000..aabc52d302d6
--- /dev/null
+++ b/sys-cluster/nova/files/CVE-2013-7048-havana.patch
@@ -0,0 +1,35 @@
+From 75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d Mon Sep 17 00:00:00 2001
+From: Xavier Queralt <xqueralt@redhat.com>
+Date: Wed, 27 Nov 2013 19:44:36 +0000
+Subject: Enforce permissions in snapshots temporary dir
+
+Live snapshots creates a temporary directory where libvirt driver
+creates a new image from the instance's disk using blockRebase.
+Currently this directory is created with 777 permissions making this
+directory accessible by all the users in the system.
+
+This patch changes the tempdir permissions so they have the o+x
+flag set, which is what libvirt needs to be able to write in it and
+
+Closes-Bug: #1227027
+Change-Id: I767ff5247b4452821727e92b668276004fc0f84d
+(cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f)
+---
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index 5c05307..d427d65 100644
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -1390,9 +1390,8 @@ class LibvirtDriver(driver.ComputeDriver):
+             try:
+                 out_path = os.path.join(tmpdir, snapshot_name)
+                 if live_snapshot:
+-                    # NOTE (rmk): libvirt needs to be able to write to the
+-                    #             temp directory, which is owned nova.
+-                    utils.execute('chmod', '777', tmpdir, run_as_root=True)
++                    # NOTE(xqueralt): libvirt needs o+x in the temp directory
++                    os.chmod(tmpdir, 0o701)
+                     self._live_snapshot(virt_dom, disk_path, out_path,
+                                         image_format)
+                 else:
+--
+cgit v0.9.2
diff --git a/sys-cluster/nova/nova-2013.1.4-r4.ebuild b/sys-cluster/nova/nova-2013.1.4-r5.ebuild
index aacf80b50784..a6bb1ff8b2ed 100644
--- a/sys-cluster/nova/nova-2013.1.4-r4.ebuild
+++ b/sys-cluster/nova/nova-2013.1.4-r5.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r4.ebuild,v 1.1 2014/01/23 16:31:28 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.4-r5.ebuild,v 1.1 2014/01/27 08:44:51 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -75,6 +75,7 @@ PATCHES=(
 	"${FILESDIR}/CVE-2013-4497-grizzly-2.patch"
 	"${FILESDIR}/CVE-2013-6419_2013.1.4.patch"
 	"${FILESDIR}/CVE-2013-6437-2012.1.4.patch"
+	"${FILESDIR}/CVE-2013-7048-grizzly.patch"
 	"${FILESDIR}/CVE-2013-7130-stable-grizzly.patch"
 )
 
diff --git a/sys-cluster/nova/nova-2013.2.1-r2.ebuild b/sys-cluster/nova/nova-2013.2.1-r3.ebuild
index 2b4842a7299f..735b7e95f814 100644
--- a/sys-cluster/nova/nova-2013.2.1-r2.ebuild
+++ b/sys-cluster/nova/nova-2013.2.1-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1-r2.ebuild,v 1.1 2014/01/23 16:31:28 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.2.1-r3.ebuild,v 1.1 2014/01/27 08:44:51 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -72,6 +72,7 @@ RDEPEND="sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
 
 PATCHES=(
 	"${FILESDIR}/CVE-2013-6437-2012.2.1.patch"
+	"${FILESDIR}/CVE-2013-7048-havana.patch"
 	"${FILESDIR}/CVE-2013-7130-stable-havana.patch"
 )
author	Matthew Thode <prometheanfire@gentoo.org>	2014-01-27 08:44:51 +0000
committer	Matthew Thode <prometheanfire@gentoo.org>	2014-01-27 08:44:51 +0000
commit	f5dbf25960edf593acda3f037868818326fe8968 (patch)
tree	389679b58c04c49aac05f2000c7829f1295876fe /sys-cluster
parent	removing the old and jankey, adding the new hotness (diff)
download	gentoo-2-f5dbf25960edf593acda3f037868818326fe8968.tar.gz gentoo-2-f5dbf25960edf593acda3f037868818326fe8968.tar.bz2 gentoo-2-f5dbf25960edf593acda3f037868818326fe8968.zip