diff options
Diffstat (limited to 'sys-cluster')
| -rw-r--r-- | sys-cluster/corosync/metadata.xml | 4 | ||||
| -rw-r--r-- | sys-cluster/glusterfs/Manifest | 1 | ||||
| -rw-r--r-- | sys-cluster/glusterfs/glusterfs-3.7.4.ebuild | 206 | ||||
| -rw-r--r-- | sys-cluster/glusterfs/metadata.xml | 1 | ||||
| -rw-r--r-- | sys-cluster/neutron/files/CVE-2015-5240_2015.1.1.patch | 155 | ||||
| -rw-r--r-- | sys-cluster/neutron/files/cve-2015-3221_2015.1.0.patch | 127 | ||||
| -rw-r--r-- | sys-cluster/neutron/neutron-2015.1.1-r1.ebuild (renamed from sys-cluster/neutron/neutron-2015.1.1.ebuild) | 5 | ||||
| -rw-r--r-- | sys-cluster/neutron/neutron-2015.1.9999.ebuild | 3 | ||||
| -rw-r--r-- | sys-cluster/openstack-meta/openstack-meta-2014.2.9999.ebuild | 21 | ||||
| -rw-r--r-- | sys-cluster/swift/Manifest | 1 | ||||
| -rw-r--r-- | sys-cluster/swift/swift-2.4.0.ebuild | 123 | ||||
| -rw-r--r-- | sys-cluster/util-vserver/util-vserver-0.30.216_pre3120.ebuild | 2 |
12 files changed, 493 insertions, 156 deletions
diff --git a/sys-cluster/corosync/metadata.xml b/sys-cluster/corosync/metadata.xml index 08d3ba8b7302..28abf004bf72 100644 --- a/sys-cluster/corosync/metadata.xml +++ b/sys-cluster/corosync/metadata.xml @@ -3,10 +3,6 @@ <pkgmetadata> <herd>cluster</herd> <maintainer> - <email>cardoe@gentoo.org</email> - <name>Doug Goldstein</name> - </maintainer> - <maintainer> <email>robbat2@gentoo.org</email> <name>Robin Johnson</name> </maintainer> diff --git a/sys-cluster/glusterfs/Manifest b/sys-cluster/glusterfs/Manifest index 3115e9bca3aa..a1cfb400276d 100644 --- a/sys-cluster/glusterfs/Manifest +++ b/sys-cluster/glusterfs/Manifest @@ -1,3 +1,4 @@ DIST glusterfs-3.1.2.tar.gz 2086469 SHA256 9a4e910431f572aa180a3ad1821f7524773ec1e8f06342c4040f26619f832838 SHA512 69b61af7c6cd9f54f615f7cd50c6ffda670800c6045604449b130eaa43c90c9adcb518c1312134890cccf3a301066a5af3e97bd7ec9775b7f70ea6d0a4a67cd6 WHIRLPOOL 0ecc86ac943f4c8d9575b8b0ae2ef72002d6510945e1a687409277165eb7688c2e4db50532ae10777828646b782561dfd4314fa766d7a3bcf4762e8be7c34c79 DIST glusterfs-3.5.4.tar.gz 5199067 SHA256 8e8bf9ff6b3884c420653dbf7549f8240cb30aa4a55c852ebb8f293f8089ad35 SHA512 eac2e5eacf33a04c574d495ea532703222faa559e34702f5939e9300936064d0867e4de9653be64dd3fa7fc1976e32915521a0ba07dc3c16c03b598a64dc12da WHIRLPOOL b597b677d6284e0419b6d1574d24bc6677bffec120c2ff37fc83f51b0fd048ec9bae8873b530e44cad10e85c109f8a97f3e67f85a4709207d488f64d561fc068 DIST glusterfs-3.6.5.tar.gz 6091408 SHA256 20d912ef35fb8350c50c39c15134a3558ee90d012203f049799c8eb67a61fd2a SHA512 7ca41855239818fc4c84cdb86e1f1d39502e781d5117a5ee50ea134f03f0823a8640ee9bda28f05463e8504aba9ddb12ac72e118f0ce7c3755c083033f5677ca WHIRLPOOL 9fc0592052d976d65fcc769c69d910fa6d909695162bccf80c1e799a2c54c531ab03a4afd3788951c231a214a22e5f8bb3613a83277858627425b86fd532ab5e +DIST glusterfs-3.7.4.tar.gz 7552110 SHA256 f98f448117d1de7666ae425eddd8d7d87b02c57f6627234ce96ba60566f47173 SHA512 f9a281f3a37835f9f54679740ddb19b307babe576a8f14c9ef24d256f483789c227d7e7c5b0ed4ef5c13a257bcf00d0c17b6108fa60c5e45d0175df6e236b3a5 WHIRLPOOL 7b0320936de078234228cb691f3e381da3cc89c638d6246aba63695aa36cb114afca6e53d12d23de441b8da0b3a594ac1702b450d5d14720254af73e689c4ab8 diff --git a/sys-cluster/glusterfs/glusterfs-3.7.4.ebuild b/sys-cluster/glusterfs/glusterfs-3.7.4.ebuild new file mode 100644 index 000000000000..63405a2c576a --- /dev/null +++ b/sys-cluster/glusterfs/glusterfs-3.7.4.ebuild @@ -0,0 +1,206 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +PYTHON_COMPAT=( python2_7 ) +AUTOTOOLS_AUTORECONF=1 + +inherit autotools-utils elisp-common eutils multilib python-single-r1 systemd versionator + +DESCRIPTION="GlusterFS is a powerful network/cluster filesystem" +HOMEPAGE="http://www.gluster.org/" +SRC_URI="http://download.gluster.org/pub/gluster/${PN}/$(get_version_component_range '1-2')/${PV}/${P}.tar.gz" + +LICENSE="|| ( GPL-2 LGPL-3+ )" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~x86" +IUSE="bd-xlator crypt-xlator debug emacs +fuse +georeplication glupy infiniband qemu-block rsyslog static-libs +syslog systemtap test +tiering vim-syntax +xml" + +REQUIRED_USE="georeplication? ( ${PYTHON_REQUIRED_USE} ) + glupy? ( ${PYTHON_REQUIRED_USE} )" + +# the tests must be run as root +RESTRICT="test" + +# sys-apps/util-linux is required for libuuid +RDEPEND="bd-xlator? ( sys-fs/lvm2 ) + emacs? ( virtual/emacs ) + fuse? ( >=sys-fs/fuse-2.7.0 ) + georeplication? ( ${PYTHON_DEPS} ) + infiniband? ( sys-infiniband/libibverbs:* sys-infiniband/librdmacm:* ) + qemu-block? ( dev-libs/glib:2 ) + systemtap? ( dev-util/systemtap ) + tiering? ( dev-db/sqlite:3 ) + xml? ( dev-libs/libxml2 ) + sys-libs/readline:= + dev-libs/libaio + dev-libs/openssl:= + dev-libs/userspace-rcu:= + || ( sys-libs/glibc sys-libs/argp-standalone ) + sys-apps/util-linux" +DEPEND="${RDEPEND} + virtual/pkgconfig + sys-devel/bison + sys-devel/flex + test? ( >=dev-util/cmocka-1.0.1 + app-benchmarks/dbench + dev-vcs/git + net-fs/nfs-utils + virtual/perl-Test-Harness + dev-libs/yajl + sys-fs/xfsprogs + sys-apps/attr )" + +SITEFILE="50${PN}-mode-gentoo.el" + +PATCHES=( + "${FILESDIR}/${PN}-3.4.0-silent_rules.patch" +) + +DOCS=( AUTHORS ChangeLog NEWS README.md THANKS ) + +# Maintainer notes: +# * The build system will always configure & build argp-standalone but it'll never use it +# if the argp.h header is found in the system. Which should be the case with +# glibc or if argp-standalone is installed. + +pkg_setup() { + ( use georeplication || use glupy ) && python-single-r1_pkg_setup +} + +src_prepare() { + # build rpc-transport and xlators only once as shared libs + find rpc/rpc-transport xlators -name Makefile.am -print0 \ + | xargs -0 sed -i -e 's|.*_la_LDFLAGS = .*|\0 -shared|' + + autotools-utils_src_prepare +} + +src_configure() { + local myeconfargs=( + --disable-dependency-tracking + --disable-silent-rules + --disable-fusermount + $(use_enable debug) + $(use_enable bd-xlator) + $(use_enable crypt-xlator) + $(use_enable fuse fuse-client) + $(use_enable georeplication) + $(use_enable glupy) + $(use_enable infiniband ibverbs) + $(use_enable qemu-block) + $(use_enable static-libs static) + $(use_enable syslog) + $(use_enable systemtap) + $(use_enable test cmocka) + $(use_enable tiering) + $(use_enable xml xml-output) + --docdir=/usr/share/doc/${PF} + --localstatedir=/var + ) + autotools-utils_src_configure +} + +src_compile() { + autotools-utils_src_compile + + use emacs && elisp-compile extras/glusterfs-mode.el +} + +src_install() { + autotools-utils_src_install + + rm \ + "${D}"/etc/glusterfs/glusterfs-{georep-,}logrotate \ + "${D}"/etc/glusterfs/gluster-rsyslog-*.conf \ + "${D}"/usr/share/doc/${PF}/glusterfs{-mode.el,.vim} || die "removing false files failed" + + insinto /etc/logrotate.d + newins "${FILESDIR}"/glusterfs.logrotate glusterfs + + if use rsyslog ; then + insinto /etc/rsyslog.d + newins extras/gluster-rsyslog-7.2.conf 60-gluster.conf + fi + + if use emacs ; then + elisp-install ${PN} extras/glusterfs-mode.el* + elisp-site-file-install "${FILESDIR}/${SITEFILE}" + fi + + if use vim-syntax ; then + insinto /usr/share/vim/vimfiles/ftdetect; doins "${FILESDIR}"/${PN}.vim + insinto /usr/share/vim/vimfiles/syntax; doins extras/${PN}.vim + fi + + # insert some other tools which might be useful + insinto /usr/share/glusterfs/scripts + doins \ + extras/backend-{cleanup,xattr-sanitize}.sh \ + extras/clear_xattrs.sh \ + extras/migrate-unify-to-distribute.sh + + # correct permissions on installed scripts + # fperms 0755 /usr/share/glusterfs/scripts/*.sh + chmod 0755 "${ED}"/usr/share/glusterfs/scripts/*.sh || die + + if use georeplication ; then + # move the gsync-sync-gfid tool to a binary path + # and set a symlink to be compliant with all other distros + mv "${ED}"/usr/{share/glusterfs/scripts/gsync-sync-gfid,libexec/glusterfs/} || die + dosym ../../../libexec/glusterfs/gsync-sync-gfid /usr/share/glusterfs/scripts/gsync-sync-gfid + fi + + newinitd "${FILESDIR}/${PN}-r1.initd" glusterfsd + newinitd "${FILESDIR}/glusterd-r2.initd" glusterd + newconfd "${FILESDIR}/${PN}.confd" glusterfsd + + keepdir /var/log/${PN} + keepdir /var/lib/glusterd + + # QA + rm -rf "${ED}/var/run/" || die + use static-libs || find "${ED}"/usr/$(get_libdir)/ -type f -name '*.la' -delete + + use georeplication && python_fix_shebang "${ED}" + + # upstream already has a patch ready, to be removed once available, http://review.gluster.org/#/c/9458/ + echo "d /run/gluster 0755 root root -" > "${T}/gluster.tmpfiles" || die + systemd_newtmpfilesd "${T}/gluster.tmpfiles" gluster.conf +} + +src_test() { + ./run-tests.sh || die +} + +pkg_postinst() { + elog "Starting with ${PN}-3.1.0, you can use the glusterd daemon to configure your" + elog "volumes dynamically. To do so, simply use the gluster CLI after running:" + elog " /etc/init.d/glusterd start" + echo + elog "For static configurations, the glusterfsd startup script can be multiplexed." + elog "The default startup script uses /etc/conf.d/glusterfsd to configure the" + elog "separate service. To create additional instances of the glusterfsd service" + elog "simply create a symlink to the glusterfsd startup script." + echo + elog "Example:" + elog " # ln -s glusterfsd /etc/init.d/glusterfsd2" + elog " # ${EDITOR} /etc/glusterfs/glusterfsd2.vol" + elog "You can now treat glusterfsd2 like any other service" + echo + ewarn "You need to use a ntp client to keep the clocks synchronized across all" + ewarn "of your servers. Setup a NTP synchronizing service before attempting to" + ewarn "run GlusterFS." + + elog + elog "If you are upgrading from a previous version of ${PN}, please read:" + elog " http://www.gluster.org/community/documentation/index.php/Upgrade_to_3.5" + + use emacs && elisp-site-regen +} + +pkg_postrm() { + use emacs && elisp-site-regen +} diff --git a/sys-cluster/glusterfs/metadata.xml b/sys-cluster/glusterfs/metadata.xml index 7ca776b6ff2c..f994b7843b52 100644 --- a/sys-cluster/glusterfs/metadata.xml +++ b/sys-cluster/glusterfs/metadata.xml @@ -17,5 +17,6 @@ <flag name="rsyslog">Install configuration snippet for <pkg>app-admin/rsyslog</pkg></flag> <flag name="qemu-block">Transparently create files as QCow2/QED images in the backend, including the possibility to snapshot.</flag> <flag name="systemtap">Enable support for <pkg>dev-util/systemtap</pkg></flag> + <flag name="tiering">Enable support for data classification/tiering (requires <pkg>dev-db/sqlite:3</pkg>)</flag> </use> </pkgmetadata> diff --git a/sys-cluster/neutron/files/CVE-2015-5240_2015.1.1.patch b/sys-cluster/neutron/files/CVE-2015-5240_2015.1.1.patch new file mode 100644 index 000000000000..ccb2a66bce9b --- /dev/null +++ b/sys-cluster/neutron/files/CVE-2015-5240_2015.1.1.patch @@ -0,0 +1,155 @@ +From 8138e2fe38ad2cde5963685df47b1e4286776352 Mon Sep 17 00:00:00 2001 +From: Kevin Benton <blak111@gmail.com> +Date: Tue, 25 Aug 2015 22:03:27 -0700 +Subject: [PATCH] Stop device_owner from being set to 'network:*' + +This patch adjusts the FieldCheck class in the policy engine to +allow a regex rule. It then leverages that to prevent users from +setting the device_owner field to anything that starts with +'network:' on networks which they do not own. + +This policy adjustment is necessary because any ports with a +device_owner that starts with 'network:' will not have any security +group rules applied because it is assumed they are trusted network +devices (e.g. router ports, DHCP ports, etc). These security rules +include the anti-spoofing protection for DHCP, IPv6 ICMP messages, +and IP headers. + +Without this policy adjustment, tenants can abuse this trust when +connected to a shared network with other tenants by setting their +VM port's device_owner field to 'network:<anything>' and hijack other +tenants' traffic via DHCP spoofing or MAC/IP spoofing. + +Closes-Bug: #1489111 +Change-Id: Ia64cf16142e0e4be44b5b0ed72c8e00792d770f9 +(cherry picked from commit 959a2f28cbbfc309381ea9ffb55090da6fb9c78f) +--- + etc/policy.json | 3 +++ + neutron/api/v2/attributes.py | 2 +- + neutron/policy.py | 3 +++ + neutron/tests/etc/policy.json | 3 +++ + neutron/tests/unit/test_policy.py | 16 ++++++++++++++++ + 5 files changed, 26 insertions(+), 1 deletion(-) + +diff --git a/etc/policy.json b/etc/policy.json +index 8a5de9b..0f04eb2 100644 +--- a/etc/policy.json ++++ b/etc/policy.json +@@ -46,7 +46,9 @@ + "update_network:router:external": "rule:admin_only", + "delete_network": "rule:admin_or_owner", + ++ "network_device": "field:port:device_owner=~^network:", + "create_port": "", ++ "create_port:device_owner": "not rule:network_device or rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", +@@ -61,6 +63,7 @@ + "get_port:binding:host_id": "rule:admin_only", + "get_port:binding:profile": "rule:admin_only", + "update_port": "rule:admin_or_owner or rule:context_is_advsvc", ++ "update_port:device_owner": "not rule:network_device or rule:admin_or_network_owner or rule:context_is_advsvc", + "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc", + "update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc", + "update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", +diff --git a/neutron/api/v2/attributes.py b/neutron/api/v2/attributes.py +index b9c179a..9ceee78 100644 +--- a/neutron/api/v2/attributes.py ++++ b/neutron/api/v2/attributes.py +@@ -766,7 +766,7 @@ RESOURCE_ATTRIBUTE_MAP = { + 'is_visible': True}, + 'device_owner': {'allow_post': True, 'allow_put': True, + 'validate': {'type:string': DEVICE_OWNER_MAX_LEN}, +- 'default': '', ++ 'default': '', 'enforce_policy': True, + 'is_visible': True}, + 'tenant_id': {'allow_post': True, 'allow_put': False, + 'validate': {'type:string': TENANT_ID_MAX_LEN}, +diff --git a/neutron/policy.py b/neutron/policy.py +index 9e586dd..961ae21 100644 +--- a/neutron/policy.py ++++ b/neutron/policy.py +@@ -335,6 +335,7 @@ class FieldCheck(policy.Check): + + self.field = field + self.value = conv_func(value) ++ self.regex = re.compile(value[1:]) if value.startswith('~') else None + + def __call__(self, target_dict, cred_dict, enforcer): + target_value = target_dict.get(self.field) +@@ -344,6 +345,8 @@ class FieldCheck(policy.Check): + "%(target_dict)s", + {'field': self.field, 'target_dict': target_dict}) + return False ++ if self.regex: ++ return bool(self.regex.match(target_value)) + return target_value == self.value + + +diff --git a/neutron/tests/etc/policy.json b/neutron/tests/etc/policy.json +index 8a5de9b..0f04eb2 100644 +--- a/neutron/tests/etc/policy.json ++++ b/neutron/tests/etc/policy.json +@@ -46,7 +46,9 @@ + "update_network:router:external": "rule:admin_only", + "delete_network": "rule:admin_or_owner", + ++ "network_device": "field:port:device_owner=~^network:", + "create_port": "", ++ "create_port:device_owner": "not rule:network_device or rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc", + "create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", +@@ -61,6 +63,7 @@ + "get_port:binding:host_id": "rule:admin_only", + "get_port:binding:profile": "rule:admin_only", + "update_port": "rule:admin_or_owner or rule:context_is_advsvc", ++ "update_port:device_owner": "not rule:network_device or rule:admin_or_network_owner or rule:context_is_advsvc", + "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc", + "update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc", + "update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", +diff --git a/neutron/tests/unit/test_policy.py b/neutron/tests/unit/test_policy.py +index 3888ce3..4be404f 100644 +--- a/neutron/tests/unit/test_policy.py ++++ b/neutron/tests/unit/test_policy.py +@@ -232,6 +232,7 @@ class NeutronPolicyTestCase(base.BaseTestCase): + "regular_user": "role:user", + "shared": "field:networks:shared=True", + "external": "field:networks:router:external=True", ++ "network_device": "field:port:device_owner=~^network:", + "default": '@', + + "create_network": "rule:admin_or_owner", +@@ -243,6 +244,7 @@ class NeutronPolicyTestCase(base.BaseTestCase): + "create_subnet": "rule:admin_or_network_owner", + "create_port:mac": "rule:admin_or_network_owner or " + "rule:context_is_advsvc", ++ "create_port:device_owner": "not rule:network_device", + "update_port": "rule:admin_or_owner or rule:context_is_advsvc", + "get_port": "rule:admin_or_owner or rule:context_is_advsvc", + "delete_port": "rule:admin_or_owner or rule:context_is_advsvc", +@@ -312,6 +314,20 @@ class NeutronPolicyTestCase(base.BaseTestCase): + self._test_nonadmin_action_on_attr('create', 'shared', True, + common_policy.PolicyNotAuthorized) + ++ def test_create_port_device_owner_regex(self): ++ blocked_values = ('network:', 'network:abdef', 'network:dhcp', ++ 'network:router_interface') ++ for val in blocked_values: ++ self._test_advsvc_action_on_attr( ++ 'create', 'port', 'device_owner', val, ++ common_policy.PolicyNotAuthorized ++ ) ++ ok_values = ('network', 'networks', 'my_network:test', 'my_network:') ++ for val in ok_values: ++ self._test_advsvc_action_on_attr( ++ 'create', 'port', 'device_owner', val ++ ) ++ + def test_advsvc_get_network_works(self): + self._test_advsvc_action_on_attr('get', 'network', 'shared', False) + +-- +1.9.1 + diff --git a/sys-cluster/neutron/files/cve-2015-3221_2015.1.0.patch b/sys-cluster/neutron/files/cve-2015-3221_2015.1.0.patch deleted file mode 100644 index c6c2230c9bd3..000000000000 --- a/sys-cluster/neutron/files/cve-2015-3221_2015.1.0.patch +++ /dev/null @@ -1,127 +0,0 @@ -From e0c8cbc5dd610b4c580935ea56436495a6d4eb26 Mon Sep 17 00:00:00 2001 -From: Aaron Rosen <aaronorosen@gmail.com> -Date: Wed, 3 Jun 2015 16:19:39 -0700 -Subject: [PATCH] Provide work around for 0.0.0.0/0 ::/0 for ipset - -Previously, the ipset_manager would pass in 0.0.0.0/0 or ::/0 if -these addresses were inputted as allowed address pairs. This causes -ipset to raise an error as it does not work with zero prefix sizes. -To solve this problem we use two ipset rules to represent this: - -Ipv4: 0.0.0.0/1 and 128.0.0.1/1 -IPv6: ::/1' and '8000::/1 - -All of this logic is handled via _sanitize_addresses() in the ipset_manager -which is called to convert the input. - -Closes-bug: 1461054 - -Conflicts: - neutron/agent/linux/ipset_manager.py - neutron/tests/unit/agent/linux/test_ipset_manager.py - -(cherry picked from commit 80a0fc3ba063e036b76e05e89b0cc54fc2d47c81) ---- - neutron/agent/linux/ipset_manager.py | 23 ++++++++++++++++++++++ - .../tests/unit/agent/linux/test_ipset_manager.py | 19 +++++++++++++++--- - 2 files changed, 39 insertions(+), 3 deletions(-) - -diff --git a/neutron/agent/linux/ipset_manager.py b/neutron/agent/linux/ipset_manager.py -index 0f76418..af59f1f 100644 ---- a/neutron/agent/linux/ipset_manager.py -+++ b/neutron/agent/linux/ipset_manager.py -@@ -11,6 +11,8 @@ - # See the License for the specific language governing permissions and - # limitations under the License. - -+import netaddr -+ - from neutron.agent.linux import utils as linux_utils - from neutron.common import utils - -@@ -31,6 +33,26 @@ class IpsetManager(object): - self.namespace = namespace - self.ipset_sets = {} - -+ def _sanitize_addresses(self, addresses): -+ """This method converts any address to ipset format. -+ -+ If an address has a mask of /0 we need to cover to it to a mask of -+ /1 as ipset does not support /0 length addresses. Instead we use two -+ /1's to represent the /0. -+ """ -+ sanitized_addresses = [] -+ for ip in addresses: -+ if (netaddr.IPNetwork(ip).prefixlen == 0): -+ if(netaddr.IPNetwork(ip).version == 4): -+ sanitized_addresses.append('0.0.0.0/1') -+ sanitized_addresses.append('128.0.0.0/1') -+ elif (netaddr.IPNetwork(ip).version == 6): -+ sanitized_addresses.append('::/1') -+ sanitized_addresses.append('8000::/1') -+ else: -+ sanitized_addresses.append(ip) -+ return sanitized_addresses -+ - @staticmethod - def get_name(id, ethertype): - """Returns the given ipset name for an id+ethertype pair. -@@ -51,6 +73,7 @@ class IpsetManager(object): - add / remove new members, or swapped atomically if - that's faster. - """ -+ member_ips = self._sanitize_addresses(member_ips) - set_name = self.get_name(id, ethertype) - if not self.set_exists(id, ethertype): - # The initial creation is handled with create/refresh to -diff --git a/neutron/tests/unit/agent/linux/test_ipset_manager.py b/neutron/tests/unit/agent/linux/test_ipset_manager.py -index 4484008..a1c6dc5 100644 ---- a/neutron/tests/unit/agent/linux/test_ipset_manager.py -+++ b/neutron/tests/unit/agent/linux/test_ipset_manager.py -@@ -38,7 +38,7 @@ class BaseIpsetManagerTest(base.BaseTestCase): - def expect_set(self, addresses): - temp_input = ['create NETIPv4fake_sgid-new hash:net family inet'] - temp_input.extend('add NETIPv4fake_sgid-new %s' % ip -- for ip in addresses) -+ for ip in self.ipset._sanitize_addresses(addresses)) - input = '\n'.join(temp_input) - self.expected_calls.extend([ - mock.call(['ipset', 'restore', '-exist'], -@@ -55,13 +55,16 @@ class BaseIpsetManagerTest(base.BaseTestCase): - self.expected_calls.extend( - mock.call(['ipset', 'add', '-exist', TEST_SET_NAME, ip], - process_input=None, -- run_as_root=True) for ip in addresses) -+ run_as_root=True) -+ for ip in self.ipset._sanitize_addresses(addresses)) - - def expect_del(self, addresses): -+ - self.expected_calls.extend( - mock.call(['ipset', 'del', TEST_SET_NAME, ip], - process_input=None, -- run_as_root=True) for ip in addresses) -+ run_as_root=True) -+ for ip in self.ipset._sanitize_addresses(addresses)) - - def expect_create(self): - self.expected_calls.append( -@@ -113,6 +116,16 @@ class IpsetManagerTestCase(BaseIpsetManagerTest): - self.ipset.set_members(TEST_SET_ID, ETHERTYPE, FAKE_IPS) - self.verify_mock_calls() - -+ def test_set_members_adding_all_zero_ipv4(self): -+ self.expect_set(['0.0.0.0/0']) -+ self.ipset.set_members(TEST_SET_ID, ETHERTYPE, ['0.0.0.0/0']) -+ self.verify_mock_calls() -+ -+ def test_set_members_adding_all_zero_ipv6(self): -+ self.expect_set(['::/0']) -+ self.ipset.set_members(TEST_SET_ID, ETHERTYPE, ['::/0']) -+ self.verify_mock_calls() -+ - def test_destroy(self): - self.add_first_ip() - self.expect_destroy() --- -1.9.1 diff --git a/sys-cluster/neutron/neutron-2015.1.1.ebuild b/sys-cluster/neutron/neutron-2015.1.1-r1.ebuild index 826b55e7a5d7..bf60b1a63cb5 100644 --- a/sys-cluster/neutron/neutron-2015.1.1.ebuild +++ b/sys-cluster/neutron/neutron-2015.1.1-r1.ebuild @@ -14,7 +14,7 @@ SRC_URI="https://launchpad.net/${PN}/kilo/${PV}/+download/${P}.tar.gz" LICENSE="Apache-2.0" SLOT="0" KEYWORDS="amd64 x86" -IUSE="compute-only dhcp doc l3 metadata openvswitch linuxbridge server test sqlite mysql postgres" +IUSE="compute-only dhcp doc ipv6 l3 metadata openvswitch linuxbridge server test sqlite mysql postgres" REQUIRED_USE="!compute-only? ( || ( mysql postgres sqlite ) ) compute-only? ( !mysql !postgres !sqlite !dhcp !l3 !metadata !server || ( openvswitch linuxbridge ) )" @@ -129,10 +129,11 @@ RDEPEND=" net-firewall/iptables net-firewall/ebtables openvswitch? ( net-misc/openvswitch ) + ipv6? ( net-misc/radvd ) dhcp? ( net-dns/dnsmasq[dhcp-tools] )" PATCHES=( - + "${FILESDIR}/CVE-2015-5240_2015.1.1.patch" ) pkg_setup() { diff --git a/sys-cluster/neutron/neutron-2015.1.9999.ebuild b/sys-cluster/neutron/neutron-2015.1.9999.ebuild index 70e1e43e5b51..0c103b718b37 100644 --- a/sys-cluster/neutron/neutron-2015.1.9999.ebuild +++ b/sys-cluster/neutron/neutron-2015.1.9999.ebuild @@ -15,7 +15,7 @@ EGIT_BRANCH="stable/kilo" LICENSE="Apache-2.0" SLOT="0" KEYWORDS="" -IUSE="compute-only dhcp doc l3 metadata openvswitch linuxbridge server test sqlite mysql postgres" +IUSE="compute-only dhcp doc ipv6 l3 metadata openvswitch linuxbridge server test sqlite mysql postgres" REQUIRED_USE="!compute-only? ( || ( mysql postgres sqlite ) ) compute-only? ( !mysql !postgres !sqlite !dhcp !l3 !metadata !server || ( openvswitch linuxbridge ) )" @@ -130,6 +130,7 @@ RDEPEND=" net-firewall/iptables net-firewall/ebtables openvswitch? ( net-misc/openvswitch ) + ipv6? ( net-misc/radvd ) dhcp? ( net-dns/dnsmasq[dhcp-tools] )" PATCHES=( diff --git a/sys-cluster/openstack-meta/openstack-meta-2014.2.9999.ebuild b/sys-cluster/openstack-meta/openstack-meta-2014.2.9999.ebuild deleted file mode 100644 index 48f79a3532ce..000000000000 --- a/sys-cluster/openstack-meta/openstack-meta-2014.2.9999.ebuild +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -DESCRIPTION="A openstack meta-package for installing the various openstack pieces" -HOMEPAGE="https://openstack.org" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="" -IUSE="keystone swift neutron glance cinder nova" - -DEPEND="" -RDEPEND="keystone? ( ~sys-auth/keystone-2014.2.9999 ) - swift? ( ~sys-cluster/swift-2.2.2 ) - neutron? ( ~sys-cluster/neutron-2014.2.9999 ) - glance? ( ~app-admin/glance-2014.2.9999 ) - cinder? ( ~sys-cluster/cinder-2014.2.9999 ) - nova? ( ~sys-cluster/nova-2014.2.9999 )" diff --git a/sys-cluster/swift/Manifest b/sys-cluster/swift/Manifest index 52acb519068d..5f51ec96f144 100644 --- a/sys-cluster/swift/Manifest +++ b/sys-cluster/swift/Manifest @@ -1 +1,2 @@ DIST swift-2.3.0.tar.gz 1346492 SHA256 7225061f92597e7eaf6196c9336c5e590c7626b7e84126c51e8ca5bf5b7bdae1 SHA512 cf8e1e640f1f679516ce1af772c93f860d7d1f1b6712fa9b89dda1688a4b02cd3fdadc443f4911be5927544f0cffe365ff4174ef6e44d118cb56c7b05cd630b9 WHIRLPOOL aade05a7b8f23e680aa932150e8edbc2e9b6bb83528ffa62becdf4d29c8597b20e873017c3c6a95e66448c13c60531abee6ed0bd9b524b6319642c0436ad5e4c +DIST swift-2.4.0.tar.gz 1418193 SHA256 082b436e58684b5cf7682a175e56c3d7dbd24d72c0251ddf3074a8596e4abd40 SHA512 f4ac4f0f866106d2c2bb8f38c0c3810efebf47738c000488041722250745e4d3f4d4a4c710388021c1cc44b6b372a5f6fd03fe9670e005345669bf6199e6e311 WHIRLPOOL e3293d304a8a52146efa04d7fadd0ab11fed5d62127e1757b8701452719fa2839dbfe7a452e0677071c78eb32b832a732c978f6229b8c927c76632df4df44990 diff --git a/sys-cluster/swift/swift-2.4.0.ebuild b/sys-cluster/swift/swift-2.4.0.ebuild new file mode 100644 index 000000000000..e8772d4eb126 --- /dev/null +++ b/sys-cluster/swift/swift-2.4.0.ebuild @@ -0,0 +1,123 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit distutils-r1 eutils linux-info user + +DESCRIPTION="A highly available, distributed, and eventually consistent object/blob store" +HOMEPAGE="https://launchpad.net/swift" +SRC_URI="https://launchpad.net/${PN}/liberty/${PV}/+download/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="proxy account container object test +memcached" +REQUIRED_USE="|| ( proxy account container object )" + +DEPEND=" + dev-python/setuptools[${PYTHON_USEDEP}] + >=dev-python/pbr-0.8.0[${PYTHON_USEDEP}] + <dev-python/pbr-1.0[${PYTHON_USEDEP}] + test? ( + ${RDEPEND} + dev-python/coverage[${PYTHON_USEDEP}] + dev-python/nose[${PYTHON_USEDEP}] + dev-python/nosexcover[${PYTHON_USEDEP}] + dev-python/nosehtmloutput[${PYTHON_USEDEP}] + dev-python/oslo-sphinx[${PYTHON_USEDEP}] + >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] + <dev-python/sphinx-1.2[${PYTHON_USEDEP}] + >=dev-python/mock-1.0[${PYTHON_USEDEP}] + dev-python/python-swiftclient[${PYTHON_USEDEP}] + >=dev-python/python-keystoneclient-1.3.0[${PYTHON_USEDEP}] + >=dev-python/bandit-0.10.1[${PYTHON_USEDEP}] + )" + +RDEPEND=" + >=dev-python/dnspython-1.9.4[${PYTHON_USEDEP}] + >=dev-python/eventlet-0.16.1[${PYTHON_USEDEP}] + !~dev-python/eventlet-0.17.0[${PYTHON_USEDEP}] + >=dev-python/greenlet-0.3.1[${PYTHON_USEDEP}] + >=dev-python/netifaces-0.5[${PYTHON_USEDEP}] + !~dev-python/netifaces-0.10.0[${PYTHON_USEDEP}] + !~dev-python/netifaces-0.10.1[${PYTHON_USEDEP}] + >=dev-python/pastedeploy-1.3.3[${PYTHON_USEDEP}] + >=dev-python/simplejson-2.0.9[${PYTHON_USEDEP}] + >=dev-python/six-1.9.0[${PYTHON_USEDEP}] + dev-python/pyxattr[${PYTHON_USEDEP}] + ~dev-python/PyECLib-1.0.7[${PYTHON_USEDEP}] + memcached? ( net-misc/memcached ) + net-misc/rsync[xattr]" + +CONFIG_CHECK="~EXT3_FS_XATTR ~SQUASHFS_XATTR ~CIFS_XATTR ~JFFS2_FS_XATTR +~TMPFS_XATTR ~UBIFS_FS_XATTR ~EXT2_FS_XATTR ~REISERFS_FS_XATTR ~EXT4_FS_XATTR +~ZFS" + +PATCHES=( +) + +pkg_setup() { + enewuser swift + enewgroup swift +} + +src_prepare() { + sed -i 's/xattr/pyxattr/g' swift.egg-info/requires.txt || die + sed -i 's/xattr/pyxattr/g' requirements.txt || die + sed -i '/^hacking/d' test-requirements.txt || die + distutils-r1_python_prepare_all +} + +src_test () { + # https://bugs.launchpad.net/swift/+bug/1249727 + find . \( -name test_wsgi.py -o -name test_locale.py -o -name test_utils.py \) -delete || die + SKIP_PIP_INSTALL=1 PBR_VERSION=0.6.0 sh .unittests || die +} + +python_install() { + distutils-r1_python_install + keepdir /etc/swift + insinto /etc/swift + + newins "etc/swift.conf-sample" "swift.conf" + newins "etc/rsyncd.conf-sample" "rsyncd.conf" + newins "etc/mime.types-sample" "mime.types-sample" + newins "etc/memcache.conf-sample" "memcache.conf-sample" + newins "etc/drive-audit.conf-sample" "drive-audit.conf-sample" + newins "etc/dispersion.conf-sample" "dispersion.conf-sample" + + if use proxy; then + newinitd "${FILESDIR}/swift-proxy.initd" "swift-proxy" + newins "etc/proxy-server.conf-sample" "proxy-server.conf" + if use memcached; then + sed -i '/depend/a\ + need memcached' "${D}/etc/init.d/swift-proxy" + fi + fi + if use account; then + newinitd "${FILESDIR}/swift-account.initd" "swift-account" + newins "etc/account-server.conf-sample" "account-server.conf" + fi + if use container; then + newinitd "${FILESDIR}/swift-container.initd" "swift-container" + newins "etc/container-server.conf-sample" "container-server.conf" + fi + if use object; then + newinitd "${FILESDIR}/swift-object.initd" "swift-object" + newins "etc/object-server.conf-sample" "object-server.conf" + newins "etc/object-expirer.conf-sample" "object-expirer.conf" + fi + + fowners swift:swift "/etc/swift" || die "fowners failed" +} + +pkg_postinst() { + elog "Openstack swift will default to using insecure http unless a" + elog "certificate is created in /etc/swift/cert.crt and the associated key" + elog "in /etc/swift/cert.key. These can be created with the following:" + elog " * cd /etc/swift" + elog " * openssl req -new -x509 -nodes -out cert.crt -keyout cert.key" +} diff --git a/sys-cluster/util-vserver/util-vserver-0.30.216_pre3120.ebuild b/sys-cluster/util-vserver/util-vserver-0.30.216_pre3120.ebuild index 84f7ca5c4842..6a706d80af5b 100644 --- a/sys-cluster/util-vserver/util-vserver-0.30.216_pre3120.ebuild +++ b/sys-cluster/util-vserver/util-vserver-0.30.216_pre3120.ebuild @@ -15,7 +15,7 @@ SRC_URI="http://people.linux-vserver.org/~dhozac/t/uv-testing/${MY_P}.tar.gz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~alpha ~amd64 ~sparc ~x86" +KEYWORDS="~alpha amd64 ~sparc x86" IUSE="" |