On 12/09/2013 07:43 PM, Julien Cristau wrote: > On Mon, Dec 9, 2013 at 15:42:30 +0800, Thomas Goirand wrote: > >> Hi, >> >> Here's the new changelog, with the remarks of J.Cristau taken into account: >> >> [ Thomas Goirand ] >> * CVE-2013-4261: [OSSA 2013-026] Fix problem with long messages in Qpid. >> * CVE-2013-2096: [OSSA 2013-012] Check QCOW2 image size during root disk >> creation (Closes: #710157). >> * Updates debian/gbp.conf to use the debian/wheezy branch for building. >> * Applies https://review.openstack.org/#/c/10168/: resolves issue where >> querying /v1.1/$tenant/os-hosts returns an empty list >> (Closes: #689318). >> >> [ Julien Cristau ] >> * Fixes log rotation of nova-consoleauth.log and nova-xvpvncproxy.log >> (Closes: #706011). >> >> The package is available here: >> http://archive.gplhost.com/pub/security/nova/ >> >> With the debdiff next to it. >> > Please send the debdiff to this bug... > > Cheers, > Julien
Here you are. Thomas
diff -Nru nova-2012.1.1/debian/changelog nova-2012.1.1/debian/changelog --- nova-2012.1.1/debian/changelog 2013-04-10 11:14:21.000000000 +0000 +++ nova-2012.1.1/debian/changelog 2013-12-09 07:25:58.000000000 +0000 @@ -1,3 +1,19 @@ +nova (2012.1.1-18+deb7u1) wheezy-proposed-updates; urgency=low + + [ Thomas Goirand ] + * CVE-2013-4261: [OSSA 2013-026] Fix problem with long messages in Qpid. + * CVE-2013-2096: [OSSA 2013-012] Check QCOW2 image size during root disk + creation (Closes: #710157). + * Updates debian/gbp.conf to use the debian/wheezy branch for building. + * Applies https://review.openstack.org/#/c/10168/: resolves issue where + querying /v1.1/$tenant/os-hosts returns an empty list (Closes: #689318). + + [ Julien Cristau ] + * Fixes log rotation of nova-consoleauth.log and nova-xvpvncproxy.log + (Closes: #706011). + + -- Thomas Goirand <z...@debian.org> Sat, 13 Jul 2013 22:26:11 +0800 + nova (2012.1.1-18) unstable; urgency=low * nova-common isn't anymore using /usr/share/doc to store configuration files diff -Nru nova-2012.1.1/debian/gbp.conf nova-2012.1.1/debian/gbp.conf --- nova-2012.1.1/debian/gbp.conf 2013-04-10 11:14:21.000000000 +0000 +++ nova-2012.1.1/debian/gbp.conf 2013-12-09 07:25:58.000000000 +0000 @@ -1,6 +1,6 @@ [DEFAULT] upstream-branch = master -debian-branch = debian/unstable +debian-branch = debian/wheezy upstream-tag = %(version)s compression = xz diff -Nru nova-2012.1.1/debian/nova-console.logrotate nova-2012.1.1/debian/nova-console.logrotate --- nova-2012.1.1/debian/nova-console.logrotate 2013-04-10 11:14:21.000000000 +0000 +++ nova-2012.1.1/debian/nova-console.logrotate 2013-12-09 07:25:58.000000000 +0000 @@ -1,4 +1,4 @@ -/var/log/nova/nova-console.log { +/var/log/nova/nova-console.log /var/log/nova/nova-consoleauth.log { daily copytruncate missingok diff -Nru nova-2012.1.1/debian/nova-xvpvncproxy.logrotate nova-2012.1.1/debian/nova-xvpvncproxy.logrotate --- nova-2012.1.1/debian/nova-xvpvncproxy.logrotate 2013-04-10 11:14:21.000000000 +0000 +++ nova-2012.1.1/debian/nova-xvpvncproxy.logrotate 2013-12-09 07:25:58.000000000 +0000 @@ -1,4 +1,4 @@ -/var/log/nova/nova-vncproxy.log { +/var/log/nova/nova-xvpvncproxy.log { daily missingok -} \ No newline at end of file +} diff -Nru nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch --- nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch 1970-01-01 00:00:00.000000000 +0000 +++ nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch 2013-12-09 07:25:58.000000000 +0000 @@ -0,0 +1,34 @@ +Description: Check QCOW2 image size during root disk creation + glance can only tell us the size of the file, not the virtual + size of the QCOW2. As such we need to check the virtual size of + the image once its cached and ensure it's <= to the flavor's + root disk size. Based on I833467284126557eb598b8350a84e10c06292fa9 +Author: Jamie Strandboge <ja...@canonical.com> +Origin: https://bugs.launchpad.net/nova/+bug/1177830/comments/21 +Bug-Ubuntu: https://launchpad.net/bugs/1177830 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157 +Last-Update: 2013-07-13 + +Index: nova/nova/virt/libvirt/connection.py +=================================================================== +--- nova.orig/nova/virt/libvirt/connection.py 2013-07-13 22:30:01.000000000 +0800 ++++ nova/nova/virt/libvirt/connection.py 2013-07-13 22:30:01.000000000 +0800 +@@ -1125,6 +1125,18 @@ + if cow: + cow_base = base + if size: ++ # NOTE(cfb): Having a flavor that sets the root size to ++ # 0 and having nova effectively ignore that ++ # size and use the size of the image is ++ # considered a feature at this time, not a ++ # bug. ++ if os.path.exists(cow_base) and \ ++ size < disk.get_image_virtual_size(cow_base): ++ LOG.error(_("%(base)s virtual size larger than " ++ "flavor root disk size %(size)s" % ++ {'base': cow_base, 'size': size})) ++ raise exception.ImageTooLarge() ++ + size_gb = size / (1024 * 1024 * 1024) + cow_base += "_%d" % size_gb + if not os.path.exists(cow_base): diff -Nru nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch --- nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch 1970-01-01 00:00:00.000000000 +0000 +++ nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch 2013-12-09 07:25:58.000000000 +0000 @@ -0,0 +1,98 @@ +Description: Fix problem with long messages in Qpid + Qpid has a limitation where it cannot serialize a dict containing a string + greater than 65535 characters. This change alters the Qpid implementation to + JSON encode the dict before sending it, but only if Qpid would fail to + serialize it. This maintains as much backward compatibility as possible, + though long messages will still fail if they are sent to an older receiver. + . + Even though this change will modify the message format, it will only do it + when messages are longer than 65K which would be broken anyway and could + cause serious bugs like the one linked below. +Author: Ben Nemec <bne...@us.ibm.com> +Origin: upstream, https://review.openstack.org/#/c/44700/ +Bug-Ubuntu: https://launchpad.net/bugs/1215091 +Date: Thu, 9 May 2013 19:06:45 +0000 (+0000) + +--- nova-2012.1.1.orig/nova/rpc/impl_qpid.py ++++ nova-2012.1.1/nova/rpc/impl_qpid.py +@@ -22,6 +22,7 @@ import json + + import eventlet + import greenlet ++import qpid.codec010 as qpid_codec + import qpid.messaging + import qpid.messaging.exceptions + +@@ -81,6 +82,8 @@ qpid_opts = [ + FLAGS = flags.FLAGS + FLAGS.register_opts(qpid_opts) + ++JSON_CONTENT_TYPE = 'application/json; charset=utf8' ++ + + class ConsumerBase(object): + """Consumer base class.""" +@@ -135,10 +138,27 @@ class ConsumerBase(object): + self.receiver = session.receiver(self.address) + self.receiver.capacity = 1 + ++ def _unpack_json_msg(self, msg): ++ """Load the JSON data in msg if msg.content_type indicates that it ++ is necessary. Put the loaded data back into msg.content and ++ update msg.content_type appropriately. ++ ++ A Qpid Message containing a dict will have a content_type of ++ 'amqp/map', whereas one containing a string that needs to be converted ++ back from JSON will have a content_type of JSON_CONTENT_TYPE. ++ ++ :param msg: a Qpid Message object ++ :returns: None ++ """ ++ if msg.content_type == JSON_CONTENT_TYPE: ++ msg.content = jsonutils.loads(msg.content) ++ msg.content_type = 'amqp/map' ++ + def consume(self): + """Fetch the message and pass it to the callback object""" + message = self.receiver.fetch() + try: ++ self._unpack_json_msg(message) + self.callback(message.content) + except Exception: + LOG.exception(_("Failed to process message... skipping it.")) +@@ -234,8 +254,35 @@ class Publisher(object): + """Re-establish the Sender after a reconnection""" + self.sender = session.sender(self.address) + ++ def _pack_json_msg(self, msg): ++ """Qpid cannot serialize dicts containing strings longer than 65535 ++ characters. This function dumps the message content to a JSON ++ string, which Qpid is able to handle. ++ ++ :param msg: May be either a Qpid Message object or a bare dict. ++ :returns: A Qpid Message with its content field JSON encoded. ++ """ ++ try: ++ msg.content = jsonutils.dumps(msg.content) ++ except AttributeError: ++ # Need to have a Qpid message so we can set the content_type. ++ msg = qpid.messaging.Message(jsonutils.dumps(msg)) ++ msg.content_type = JSON_CONTENT_TYPE ++ return msg ++ + def send(self, msg): + """Send a message""" ++ try: ++ # Check if Qpid can encode the message ++ check_msg = msg ++ if not hasattr(check_msg, 'content_type'): ++ check_msg = qpid.messaging.Message(msg) ++ content_type = check_msg.content_type ++ enc, dec = qpid.messaging.message.get_codec(content_type) ++ enc(check_msg.content) ++ except qpid_codec.CodecException: ++ # This means the message couldn't be serialized as a dict. ++ msg = self._pack_json_msg(msg) + self.sender.send(msg) + + diff -Nru nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch --- nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch 1970-01-01 00:00:00.000000000 +0000 +++ nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch 2013-12-09 07:25:58.000000000 +0000 @@ -0,0 +1,62 @@ +Description: API 'v1.1/{tenant_id}/os-hosts' does not return a list of hosts + Backports fix for bug 1014925 to stable/essex, which resolves issue + where querying /v1.1/$tenant/os-hosts returns an empty list. + . + Original fix by Joe Gordon reviewed into Folsom at: + https://review.openstack.org/#/c/8682/2 +Author: Adam Gandelman <ad...@canonical.com> +Origin: https://review.openstack.org/#/c/10168/ +Bug-Ubuntu: https://bugs.launchpad.net/nova/+bug/1014925 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689318 +Date: Mon, 23 Jul 2012 13:16:46 -0700 + +diff --git a/nova/api/openstack/compute/contrib/hosts.py b/nova/api/openstack/compute/contrib/hosts.py +index a93da9e..202c8ca 100644 +--- a/nova/api/openstack/compute/contrib/hosts.py ++++ b/nova/api/openstack/compute/contrib/hosts.py +@@ -98,7 +97,10 @@ def _list_hosts(req, service=None): + by service type. + """ + context = req.environ['nova.context'] +- hosts = scheduler_api.get_host_list(context) ++ services = db.service_get_all(context, False) ++ hosts = [] ++ for host in services: ++ hosts.append({"host_name": host['host'], 'service': host['topic']}) + if service: + hosts = [host for host in hosts + if host["service"] == service] +diff --git a/nova/tests/api/openstack/compute/contrib/test_hosts.py b/nova/tests/api/openstack/compute/contrib/test_hosts.py +index 77beeae..0482eb5 100644 +--- a/nova/tests/api/openstack/compute/contrib/test_hosts.py ++++ b/nova/tests/api/openstack/compute/contrib/test_hosts.py +@@ -36,10 +36,15 @@ HOST_LIST = [ + {"host_name": "host_c2", "service": "compute"}, + {"host_name": "host_v1", "service": "volume"}, + {"host_name": "host_v2", "service": "volume"}] ++SERVICES_LIST = [ ++ {"host": "host_c1", "topic": "compute"}, ++ {"host": "host_c2", "topic": "compute"}, ++ {"host": "host_v1", "topic": "volume"}, ++ {"host": "host_v2", "topic": "volume"}] + + +-def stub_get_host_list(req): +- return HOST_LIST ++def stub_service_get_all(self, req): ++ return SERVICES_LIST + + + def stub_set_host_enabled(context, host, enabled): +@@ -104,7 +109,7 @@ class HostTestCase(test.TestCase): + super(HostTestCase, self).setUp() + self.controller = os_hosts.HostController() + self.req = FakeRequest() +- self.stubs.Set(scheduler_api, 'get_host_list', stub_get_host_list) ++ self.stubs.Set(db, 'service_get_all', stub_service_get_all) + self.stubs.Set(self.controller.api, 'set_host_enabled', + stub_set_host_enabled) + self.stubs.Set(self.controller.api, 'set_host_maintenance', +-- +1.7.9.5 + diff -Nru nova-2012.1.1/debian/patches/series nova-2012.1.1/debian/patches/series --- nova-2012.1.1/debian/patches/series 2013-04-10 11:14:21.000000000 +0000 +++ nova-2012.1.1/debian/patches/series 2013-12-09 07:25:58.000000000 +0000 @@ -12,3 +12,6 @@ CVE-2013-0335_VNC-unit-tests-fixes.patch CVE-2013-1838-Nova_DoS_by_allocating_all_Fixed_IPs_essex.patch Fixed_broken_vncproxy_flush_tokens.patch +CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch +api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch +CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch
