diff options
| author |   Matt Thode <prometheanfire@gentoo.org> | 2014-07-17 09:18:03 +0000 |
|---|---|---|
| committer | Matt Thode <prometheanfire@gentoo.org> | 2014-07-17 09:18:03 +0000 |
| commit | cbd07e4020fc8efe128c0886474c4a35d5f50bc5 (patch) | |
| tree | 994bec1c521ebd7d367ea88036dc8ad5079d13e1 /sys-cluster/neutron | |
| parent | Stable for amd64 wrt bug #507408 (diff) | |
| download | historical-cbd07e4020fc8efe128c0886474c4a35d5f50bc5.tar.gz historical-cbd07e4020fc8efe128c0886474c4a35d5f50bc5.tar.bz2 historical-cbd07e4020fc8efe128c0886474c4a35d5f50bc5.zip | |
fix for CVE-2014-3555
Package-Manager: portage-2.2.8-r1/cvs/Linux x86_64
Manifest-Sign-Key: 0x2471EB3E40AC5AC3
Diffstat (limited to 'sys-cluster/neutron')
| -rw-r--r-- | sys-cluster/neutron/ChangeLog | 6 | ||||
| -rw-r--r-- | sys-cluster/neutron/Manifest | 23 | ||||
| -rw-r--r-- | sys-cluster/neutron/files/neutron-2014.1.1-CVE-2014-3555.patch | 92 | ||||
| -rw-r--r-- | sys-cluster/neutron/neutron-2014.1.1.ebuild | 7 |
4 files changed, 118 insertions, 10 deletions
diff --git a/sys-cluster/neutron/ChangeLog b/sys-cluster/neutron/ChangeLog index 1bde83eca61b..9d27e155a193 100644 --- a/sys-cluster/neutron/ChangeLog +++ b/sys-cluster/neutron/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for sys-cluster/neutron # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/ChangeLog,v 1.35 2014/07/13 03:40:50 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/ChangeLog,v 1.36 2014/07/17 09:17:53 prometheanfire Exp $ + + 17 Jul 2014; Matthew Thode <prometheanfire@gentoo.org> + +files/neutron-2014.1.1-CVE-2014-3555.patch, neutron-2014.1.1.ebuild: + fix for CVE-2014-3555 13 Jul 2014; Ian Delaney <idella4@gentoo.org> neutron-2014.1.1.ebuild, neutron-2014.1.9999.ebuild, neutron-9999.ebuild: diff --git a/sys-cluster/neutron/Manifest b/sys-cluster/neutron/Manifest index 5b6488cd6ba3..7f1591010620 100644 --- a/sys-cluster/neutron/Manifest +++ b/sys-cluster/neutron/Manifest @@ -1,6 +1,7 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 +AUX neutron-2014.1.1-CVE-2014-3555.patch 4357 SHA256 8f1c456e7cf961047f15c991dfd70b69a249a3477ad9b320f45a094724d6173d SHA512 3ed07807f3f1e04af8240731e3b101ec591c8321ff9ae6c5790ab8559538f733158175df37c2531e43383c6e1f66fb530008c5b2ba21341d2b13548fe3aa23bc WHIRLPOOL 447ac22629053b6099e2295600776925ba96d802f690bc8a44d5d56c359bde05aa1193284a35b922230127f696c28cc3129c027b7e12cdd5b0ae33c46ac18b28 AUX neutron-confd 75 SHA256 2e03d5dee96eb235d3d2742fb59b52376914dae1d8683144396d796dd35ea9f5 SHA512 fefe7dd1924fabed3cdddae2a407b254c62f39c49abeae238486896e9d26863caebfdfea6d52c5eef34d25452b163c373105929bd069b969c2af0f7d62d6c0e6 WHIRLPOOL 1ac7ed6b2287e66bc51be8b521e355a48e888e1e57371362bfd41fb831d63cc90aab542c1668b4acc1c087cb6bacd418a480e2732a7611b8df290bf63444c902 AUX neutron-confd-2 75 SHA256 0fce0e6f6cec493b9b0bcb96fa3211ba47a6420b9ea675ef65979fd9505121c7 SHA512 e64116f6cab81a2ee56d797f8144dbc8b214fb627bc8d6c3045488b1fec694cee8e8f3f3fbd327fb28f704cdfae40ea468d8a212c819abd45e809a1fa56b9670 WHIRLPOOL fb027c386c99448c29b265adc234abbc4d23a8be015690fd024b1f39ccc18dd64a1ab57c6cc26a054d576a0bbbed797058b19db90abf0318ae79dddc4efd2056 AUX neutron-dhcp-agent.confd 75 SHA256 e36fe3d370ad2b4c82ccf1f4caac60882334d93e3abd7e0e6e268d23cb069d71 SHA512 94cf300c9a9d0275e4fcab4ffdb7e29ca26b73c120d6ff683b48ea0e9c21e46123289522aedd295e4d5d28307133b50084541a90a48db456802d675eed6c2d3e WHIRLPOOL 9e77fe1ef65fa8ef46f8272ddea7213a46e71c6f2884eab20f09eaddc977f5cc202c8529c1a75347132c667e4e2d39d5bdd3ab2c94812c4b1f95f398af75c38c @@ -18,15 +19,25 @@ AUX neutron.sudoersd 117 SHA256 b40ea04a95deedbb66fe504df61b55905cbd746e5ba26321 AUX nicira.patch 5757 SHA256 62484fa9d817feee1edc0a51ea1eeca068406f8f76e34c845b85ea51664e20d6 SHA512 f160a36f78d9a1186e19cdfb4f97b17e39e1a6f3e20bcaf84e76e71c632b0a6e8af89645d507f2c6f60a9f7d09a741302d476731c2fc798dfa999aaf38f1e273 WHIRLPOOL b7b5e0618caa8c6acc65f46c315d81b427810f3d6b1e89b48fc79567717c90a2e81e091d532ea192ac68ad432374fb9debe79d7b2c0a5a82d7d8cec8ca64f50e AUX sphinx_mapping.patch 835 SHA256 f4745338474c9191ba386f81705cc8c9a6effb09116c65664654eb733d081252 SHA512 988236676ef0550ca96cc05e606d43280969e89b31971244ece89d63cdcbcbcfd3ac595adca03a6308996ef58ebc4f75b0dfd65a938ad7c3fb67fb785e09f8c9 WHIRLPOOL 6154ee51ecd63040d9a6c2058f369a7243c719cbda3f73484d55ea9425a5c9982d3921d91d152aa27c61c5635d74f2afa57ff1b5aaa10b1be1e7c1475ff74e5f DIST neutron-2014.1.1.tar.gz 6404237 SHA256 4723713b124ec7be0ae5f280d30a53b00ab5bec8a27be6165bdc630b8f22c1b5 SHA512 8a586741c035700ed8f33089830278e9eee9745a8fa58ef4ec71638ffecbd7c8689387f1597d948ca18a7f7edbad1ff67aab6d5304b61069556d5418e55738c5 WHIRLPOOL 6b7d139f1265a719edf05dbe2648fb7a056f708984da3e2b7b89f17746694137b5201bc69587e0af1a9729710205538c5841c860180ea9d7e7f5f0a17ece43dc -EBUILD neutron-2014.1.1.ebuild 6427 SHA256 855c841e78e438baeac8feccf11c93ed8e2915f8792c1f37972ecb898749677b SHA512 d27030dccb61f31d6f2545f107b4e50ced755c4384b10ea14154f460f406acbb1f2f14472a2af26b89ec98aab97757fa5e7e516ea8d5905a1d3910e12c3d4381 WHIRLPOOL 15eb752dfbab9ff546867599783c3d2a425ce007f8e58189a5d7d8d4ad136e0d0a93c194ff208486253e238cb710b4669cc9746252a45b48db9246478208b4c4 +EBUILD neutron-2014.1.1.ebuild 6494 SHA256 2f7ba9b1d1e68192b76514847f64b5f3bc4051f8687ceaac35bfd8ab48531955 SHA512 6e9b4ac7e9d9e290a1e9e926635bc90453f5b74bf2b0c2ebf8f575f4353d53bca5ddb8d4f732dd6182f43dd7ddb1ffb4a5b260e162dd34ec98a22315ca5f570b WHIRLPOOL 7d2aba3f1e66487aa41a4dd155ec1dc7bb1c7383a072e7ca5ae23c1e35b8d98d55d1aba9e32949298c29039e5005023022660646984d94eb219c2768259ca6a8 EBUILD neutron-2014.1.9999.ebuild 5558 SHA256 d26700b8ffe0ab4f2455e6cb6ce804361e1234ac6d4a34448362764c40acca2c SHA512 7b51e8eaead425f5be5bfaf756efe0380896f312ee4021fc629eea69bdc65ff4781e19d4b72f408632ef9f53710e1d7f559e56d08879214ad27df80e887546fb WHIRLPOOL 80d73490ce4b1136605450a2d3e33a419026b4c97ce7e3f33d0beb25a61dcac73dbe886c90beaee21325fb2d21bc86ca705b60785151bea4eefabdad9481affe EBUILD neutron-9999.ebuild 4468 SHA256 45f19f7a7781de2de1e11be0ff605fe431fb85c45b0a003346afccc59499f0ce SHA512 6089911ea9c1e7f3a6a345b88ca51fee49ee8a28438f29c737978c8f9332e9f09b08d986f74480b5dd168907c88f6638179f89e907217c1a153889270739fca2 WHIRLPOOL 12078942281843cd07b85930c6bb869b651ad4020e7de7e3d90df87f46d8245b36072ead11d4eeb5439f6e8be5c69bed42a7d2f8e0ff3246518bae80888735a6 -MISC ChangeLog 11985 SHA256 e4b4c6b474ae1502c65f1455d1786a22533da9a1a4d71c093ba8f63eab5fbe0a SHA512 6b0d6faddfa4c1f095cbc17709baa47c3ef9f542a0c23e8d6fa5e6a1e7e354d8915673d6e755d9c03b55052c4c1694d791d181ef5ee8fd49ba52b5125e10f490 WHIRLPOOL 5276b69b28d26cdd12ee370866259f6ef27c87411c325a0c481a023eb4f9a7a9f7dff5380fb1a1c2026d7d1dae1bef52ce01c15b175d698cac4bb4f7ddf3c6d4 +MISC ChangeLog 12146 SHA256 da241c2271342c1df9edd2a02825c537e41c6127efdac0f926922d9ba7d1837f SHA512 abbb73aab0adcc5f0fee3614632af5c75073be39b78a7156942fdf4e8de180da746457691e44928f508695541a88f47faa2edda2989d7ed61dc111018b61f94b WHIRLPOOL cce1f4bf98aa523fdd6f999b86ca4080ff9b6d8beb9395dc0114dd9c27e81f5626328b506273667affd63cc3461dc97e48941123a116a1e9ae4485e00ac54e1d MISC metadata.xml 1296 SHA256 7d6de6c9dc0602e7ea1147c40e8798aa61e01a891eade2b291628850d52889ab SHA512 e49d4872a6fefdb93f20665cf1a176744a1eaa3c068617dbb41e2591d084776d55334997c8046d725e84f5a7280481392f3fccf42f6cb02bbf1751d43076c49d WHIRLPOOL 0b3e08407b951bffdaa54e646d35c000e5b1df43381132386b77056e26773d6344ec7ace4b7a87ae14f29090fcdd490f05730ece3597b8e7a2d4389dfe816312 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.22 (GNU/Linux) +Version: GnuPG v2 -iEYEAREIAAYFAlPB/coACgkQso7CE7gHKw17OQCfTeGi3pPb1JSv4kkKNDcaAFoe -OVQAoIM9NyyOpTkZ/1PFxjs7bMN+Y9dh -=cZUL +iQIcBAEBCAAGBQJTx5TZAAoJECRx6z5ArFrD3eYP/1V3Nw5FQMOEr4Sv1ROVVgqm +cNtpg5iDRupShKkjqDMBF5T3zy2uaQ5MDpRzi6UpFiE+6oAcs2o9k1IXNQ4lWUG2 +zNmXiTwxv8Dm55g9NVCoCo4oHbeEFHeAvV9BZPAIchjSKgewgOhEjnakomSoocCH +Yfo5E2t0p8fB09AZ8JnJwRqDcKHi4zmBJhJUDi+RFNkY7rZVmCxu5ILsftcIJRzp +t9iaE7H51lCTja2dP3JD0BFH/GsHCqAI1T32OoNpwgLUp0/LdfNeWYk0Jr2mP6WL +7PaSd3q4oX26CounDqc7vtDu1rB3bXHRvG+jqzZvya/CebUKvBXh9eFQwuo5vUk9 +YyP+8mRhf8rRjnuLdj1GqZ1jnAhhWqlw1+Qrz2DKY1blN83JSWsfRQkq+4xQ5hVM +4FgQkSeYcKFptv8UtT+0x83iGXlPDtjP38ZXpiQm2X20YzWsMY7gAY1MgNOwnhLv +ufvd2nl2ihivozIEd8AD/m7BWEdS8jgGHVg7ciT7mvB+qRdqB7+mhPbmqsZW2kNu +yglDJsBuEvEfLZRU+wxQgGs46enj/T9m/REjgFcg5W8LToxQQx3wAPj5MlQ0SPUT +ZxSvrTM2QOcNwirHldIzR4n0PeilVKwXaBV4/NYh5L2MnAu09qz+CEkWFkSHJVCL +20GnPLtOFQfqszy5nmbB +=bdE3 -----END PGP SIGNATURE----- diff --git a/sys-cluster/neutron/files/neutron-2014.1.1-CVE-2014-3555.patch b/sys-cluster/neutron/files/neutron-2014.1.1-CVE-2014-3555.patch new file mode 100644 index 000000000000..14f05f5af75a --- /dev/null +++ b/sys-cluster/neutron/files/neutron-2014.1.1-CVE-2014-3555.patch @@ -0,0 +1,92 @@ +diff --git a/neutron/extensions/allowedaddresspairs.py b/neutron/extensions/allowedaddresspairs.py +index 96512f3..1283da4 100644 +--- a/neutron/extensions/allowedaddresspairs.py ++++ b/neutron/extensions/allowedaddresspairs.py +@@ -16,6 +16,15 @@ import webob.exc + + from neutron.api.v2 import attributes as attr + from neutron.common import exceptions as nexception ++from oslo.config import cfg ++ ++allowed_address_pair_opts = [ ++ #TODO(limao): use quota framework when it support quota for attributes ++ cfg.IntOpt('max_allowed_address_pair', default=10, ++ help=_("Maximum number of allowed address pairs")), ++] ++ ++cfg.CONF.register_opts(allowed_address_pair_opts) + + + class AllowedAddressPairsMissingIP(nexception.InvalidInput): +@@ -36,8 +45,17 @@ class AddressPairMatchesPortFixedIPAndMac(nexception.InvalidInput): + message = _("Port's Fixed IP and Mac Address match an address pair entry.") + + ++class AllowedAddressPairExhausted(nexception.BadRequest): ++ message = _("The number of allowed address pair " ++ "exceeds the maximum %(quota)s.") ++ ++ + def _validate_allowed_address_pairs(address_pairs, valid_values=None): + unique_check = {} ++ if len(address_pairs) > cfg.CONF.max_allowed_address_pair: ++ raise AllowedAddressPairExhausted( ++ quota=cfg.CONF.max_allowed_address_pair) ++ + for address_pair in address_pairs: + # mac_address is optional, if not set we use the mac on the port + if 'mac_address' in address_pair: +diff --git a/neutron/tests/unit/test_extension_allowedaddresspairs.py b/neutron/tests/unit/test_extension_allowedaddresspairs.py +index 826768f..70eb1e3 100644 +--- a/neutron/tests/unit/test_extension_allowedaddresspairs.py ++++ b/neutron/tests/unit/test_extension_allowedaddresspairs.py +@@ -22,6 +22,7 @@ from neutron.extensions import allowedaddresspairs as addr_pair + from neutron.extensions import portsecurity as psec + from neutron.manager import NeutronManager + from neutron.tests.unit import test_db_plugin ++from oslo.config import cfg + + DB_PLUGIN_KLASS = ('neutron.tests.unit.test_extension_allowedaddresspairs.' + 'AllowedAddressPairTestPlugin') +@@ -163,6 +164,28 @@ class TestAllowedAddressPairs(AllowedAddressPairDBTestCase): + 'ip_address': '10.0.0.1'}] + self._create_port_with_address_pairs(address_pairs, 400) + ++ def test_more_than_max_allowed_address_pair(self): ++ cfg.CONF.set_default('max_allowed_address_pair', 3) ++ address_pairs = [{'mac_address': '00:00:00:00:00:01', ++ 'ip_address': '10.0.0.1'}, ++ {'mac_address': '00:00:00:00:00:02', ++ 'ip_address': '10.0.0.2'}, ++ {'mac_address': '00:00:00:00:00:03', ++ 'ip_address': '10.0.0.3'}, ++ {'mac_address': '00:00:00:00:00:04', ++ 'ip_address': '10.0.0.4'}] ++ self._create_port_with_address_pairs(address_pairs, 400) ++ ++ def test_equal_to_max_allowed_address_pair(self): ++ cfg.CONF.set_default('max_allowed_address_pair', 3) ++ address_pairs = [{'mac_address': '00:00:00:00:00:01', ++ 'ip_address': '10.0.0.1'}, ++ {'mac_address': '00:00:00:00:00:02', ++ 'ip_address': '10.0.0.2'}, ++ {'mac_address': '00:00:00:00:00:03', ++ 'ip_address': '10.0.0.3'}] ++ self._create_port_with_address_pairs(address_pairs, 201) ++ + def test_create_port_extra_args(self): + address_pairs = [{'mac_address': '00:00:00:00:00:01', + 'ip_address': '10.0.0.1', +@@ -174,8 +197,10 @@ class TestAllowedAddressPairs(AllowedAddressPairDBTestCase): + res = self._create_port(self.fmt, net['network']['id'], + arg_list=(addr_pair.ADDRESS_PAIRS,), + allowed_address_pairs=address_pairs) +- self.deserialize(self.fmt, res) ++ port = self.deserialize(self.fmt, res) + self.assertEqual(res.status_int, ret_code) ++ if ret_code == 201: ++ self._delete('ports', port['port']['id']) + + def test_update_add_address_pairs(self): + with self.network() as net: + diff --git a/sys-cluster/neutron/neutron-2014.1.1.ebuild b/sys-cluster/neutron/neutron-2014.1.1.ebuild index e95f06f9a702..79284d28d3d5 100644 --- a/sys-cluster/neutron/neutron-2014.1.1.ebuild +++ b/sys-cluster/neutron/neutron-2014.1.1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/neutron-2014.1.1.ebuild,v 1.3 2014/07/13 03:40:50 idella4 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/neutron-2014.1.1.ebuild,v 1.4 2014/07/17 09:17:53 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -54,7 +54,8 @@ RDEPEND="dev-python/paste[${PYTHON_USEDEP}] >=dev-python/python-neutronclient-2.3.4[${PYTHON_USEDEP}] <=dev-python/python-neutronclient-3.0.0[${PYTHON_USEDEP}] >=dev-python/sqlalchemy-0.7.8[${PYTHON_USEDEP}] - <=dev-python/sqlalchemy-0.7.99[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-0.9.5[${PYTHON_USEDEP}] + <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}] mysql? ( dev-python/mysql-python[${PYTHON_USEDEP}] ) postgres? ( >=dev-python/psycopg-2[${PYTHON_USEDEP}] ) sqlite? ( dev-db/sqlite ) @@ -73,7 +74,7 @@ RDEPEND="dev-python/paste[${PYTHON_USEDEP}] PATCHES=( "${FILESDIR}/sphinx_mapping.patch" - "${FILESDIR}/"2014.1-CVE-2014-4167.patch + "${FILESDIR}/neutron-2014.1.1-CVE-2014-3555.patch" ) pkg_setup() { |