bup

(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
author: Matthew Thode <prometheanfire@gentoo.org> 2014-08-21 20:53:36 +0000
committer: Matthew Thode <prometheanfire@gentoo.org> 2014-08-21 20:53:36 +0000
commit: 8bc51c566cbe2e239475d381f80896aaa8504a2f (patch)
tree: 336960555675757ffb22ba957493f933e5b1578c /sys-cluster/nova
parent: bup (diff)
download: gentoo-2-8bc51c566cbe2e239475d381f80896aaa8504a2f.tar.gz
gentoo-2-8bc51c566cbe2e239475d381f80896aaa8504a2f.tar.bz2
gentoo-2-8bc51c566cbe2e239475d381f80896aaa8504a2f.zip
3 files changed, 10 insertions, 104 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index 898db66e08c6..db1d5c64aedb 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-cluster/nova
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.72 2014/08/10 20:21:07 slyfox Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.73 2014/08/21 20:53:36 prometheanfire Exp $
+
+*nova-2014.1.2 (21 Aug 2014)
+
+  21 Aug 2014; Matthew Thode <prometheanfire@gentoo.org> +nova-2014.1.2.ebuild,
+  -files/nova-2014.1.1-CVE-2014-3517.patch, -nova-2014.1.1-r1.ebuild:
+  bup
 
   10 Aug 2014; Sergei Trofimovich <slyfox@gentoo.org> nova-2014.1.1-r1.ebuild,
   nova-2014.1.9999.ebuild, nova-9999.ebuild:
diff --git a/sys-cluster/nova/files/nova-2014.1.1-CVE-2014-3517.patch b/sys-cluster/nova/files/nova-2014.1.1-CVE-2014-3517.patch
deleted file mode 100644
index cc4f2911c2d2..000000000000
--- a/sys-cluster/nova/files/nova-2014.1.1-CVE-2014-3517.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 3dd2cb0452b63d5de04606d79bbbf41a4e50a42a Mon Sep 17 00:00:00 2001
-From: Grant Murphy <gmurphy@redhat.com>
-Date: Tue, 8 Jul 2014 03:35:40 +0000
-Subject: [PATCH 1/1] Avoid possible timing attack in metadata api
-
-Introduce a constant time comparison function to
-nova utils for comparing authentication tokens.
-Original code taken from:
-
-https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/middleware/memcache_crypt.py#L86
-
-Change-Id: I7374f2edc6f03c7da59cf73ae91a87147e53d0de
-Closes-bug: #1325128
----
- nova/api/metadata/handler.py |  3 ++-
- nova/tests/test_utils.py     |  7 +++++++
- nova/utils.py                | 27 +++++++++++++++++++++++++++
- 3 files changed, 36 insertions(+), 1 deletion(-)
-
-diff --git a/nova/api/metadata/handler.py b/nova/api/metadata/handler.py
-index a14db67..be866ef 100644
---- a/nova/api/metadata/handler.py
-+++ b/nova/api/metadata/handler.py
-@@ -30,6 +30,7 @@ from nova import exception
- from nova.openstack.common.gettextutils import _
- from nova.openstack.common import log as logging
- from nova.openstack.common import memorycache
-+from nova import utils
- from nova import wsgi
- 
- CACHE_EXPIRATION = 15  # in seconds
-@@ -169,7 +170,7 @@ class MetadataRequestHandler(wsgi.Application):
-             instance_id,
-             hashlib.sha256).hexdigest()
- 
--        if expected_signature != signature:
-+        if not utils.constant_time_compare(expected_signature, signature):
-             if instance_id:
-                 LOG.warn(_('X-Instance-ID-Signature: %(signature)s does not '
-                            'match the expected value: %(expected_signature)s '
-diff --git a/nova/tests/test_utils.py b/nova/tests/test_utils.py
-index 59d08fd..c2969a6 100644
---- a/nova/tests/test_utils.py
-+++ b/nova/tests/test_utils.py
-@@ -979,3 +979,10 @@ class VersionTestCase(test.NoDBTestCase):
- 
-     def test_convert_version_to_tuple(self):
-         self.assertEqual(utils.convert_version_to_tuple('6.7.0'), (6, 7, 0))
-+
-+
-+class ConstantTimeCompareTestCase(test.NoDBTestCase):
-+    def test_constant_time_compare(self):
-+        self.assertTrue(utils.constant_time_compare("abcd1234", "abcd1234"))
-+        self.assertFalse(utils.constant_time_compare("abcd1234", "a"))
-+        self.assertFalse(utils.constant_time_compare("abcd1234", "ABCD234"))
-diff --git a/nova/utils.py b/nova/utils.py
-index 0c3ee94..7dfa0cc 100644
---- a/nova/utils.py
-+++ b/nova/utils.py
-@@ -21,6 +21,7 @@ import contextlib
- import datetime
- import functools
- import hashlib
-+import hmac
- import inspect
- import multiprocessing
- import os
-@@ -1170,3 +1171,29 @@ def cpu_count():
-         return multiprocessing.cpu_count()
-     except NotImplementedError:
-         return 1
-+
-+
-+# NOTE(gm) Constant time comparison taken from keystone. This is a
-+# candidate for inclusion in oslo.
-+#
-+# Original code: master/keystoneclient/middleware/memcache_crypt.py#L86
-+if sys.version_info >= (3, 3):
-+    constant_time_compare = hmac.compare_digest
-+else:
-+    def constant_time_compare(first, second):
-+        """Returns True if both string inputs are equal, otherwise False.
-+
-+        This function should take a constant amount of time regardless of
-+        how many characters in the strings match.
-+
-+        """
-+        if len(first) != len(second):
-+            return False
-+        result = 0
-+        if six.PY3 and isinstance(first, bytes) and isinstance(second, bytes):
-+            for x, y in zip(first, second):
-+                result |= x ^ y
-+        else:
-+            for x, y in zip(first, second):
-+                result |= ord(x) ^ ord(y)
-+        return result == 0
--- 
-1.9.3
-
diff --git a/sys-cluster/nova/nova-2014.1.1-r1.ebuild b/sys-cluster/nova/nova-2014.1.2.ebuild
index 1c1c916552a1..0edac73401de 100644
--- a/sys-cluster/nova/nova-2014.1.1-r1.ebuild
+++ b/sys-cluster/nova/nova-2014.1.2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2014.1.1-r1.ebuild,v 1.3 2014/08/10 20:21:07 slyfox Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2014.1.2.ebuild,v 1.1 2014/08/21 20:53:36 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -49,6 +49,7 @@ RDEPEND="sqlite? (
 		>=dev-python/kombu-2.4.8[${PYTHON_USEDEP}]
 		>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
 		>=dev-python/routes-1.12.3-r1[${PYTHON_USEDEP}]
+		!~dev-python/routes-2.0[${PYTHON_USEDEP}]
 		>=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
 		>=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
 		>=dev-python/pastedeploy-1.5.0-r1[${PYTHON_USEDEP}]
@@ -66,7 +67,7 @@ RDEPEND="sqlite? (
 		<=dev-python/python-neutronclient-3.0.0[${PYTHON_USEDEP}]
 		>=dev-python/python-glanceclient-0.9.0[${PYTHON_USEDEP}]
 		>=dev-python/python-keystoneclient-0.7.0[${PYTHON_USEDEP}]
-		>=dev-python/six-1.5.2[${PYTHON_USEDEP}]
+		>=dev-python/six-1.6.0[${PYTHON_USEDEP}]
 		>=dev-python/stevedore-0.14[${PYTHON_USEDEP}]
 		>=dev-python/websockify-0.5.1[${PYTHON_USEDEP}]
 		<dev-python/websockify-0.6[${PYTHON_USEDEP}]
@@ -86,7 +87,6 @@ RDEPEND="sqlite? (
 			   app-emulation/xen-tools )"
 
 PATCHES=(
-	"${FILESDIR}/nova-2014.1.1-CVE-2014-3517.patch"
 )
 
 pkg_setup() {
author	Matthew Thode <prometheanfire@gentoo.org>	2014-08-21 20:53:36 +0000
committer	Matthew Thode <prometheanfire@gentoo.org>	2014-08-21 20:53:36 +0000
commit	8bc51c566cbe2e239475d381f80896aaa8504a2f (patch)
tree	336960555675757ffb22ba957493f933e5b1578c /sys-cluster/nova
parent	bup (diff)
download	gentoo-2-8bc51c566cbe2e239475d381f80896aaa8504a2f.tar.gz gentoo-2-8bc51c566cbe2e239475d381f80896aaa8504a2f.tar.bz2 gentoo-2-8bc51c566cbe2e239475d381f80896aaa8504a2f.zip