fix for CVE-2013-2096 for both grizzly and folsom

(Portage version: 2.1.11.62/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)

5 files changed, 225 insertions, 3 deletions

diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index a6ccc993c552..7722c6cc6b15 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-cluster/nova
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.12 2013/05/16 01:11:03 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.13 2013/05/17 14:57:48 prometheanfire Exp $
+
+*nova-2013.1.1-r2 (17 May 2013)
+*nova-2012.2.4-r2 (17 May 2013)
+
+  17 May 2013; Matthew Thode <prometheanfire@gentoo.org>
+  +files/nova-folsom-4-CVE-2013-2096.patch,
+  +files/nova-grizzly-1-CVE-2013-2096.patch, +nova-2012.2.4-r2.ebuild,
+  +nova-2013.1.1-r2.ebuild, -nova-2012.2.4-r1.ebuild, -nova-2013.1.1-r1.ebuild:
+  fix for CVE-2013-2096 for both grizzly and folsom
 
 *nova-2013.1.1-r1 (16 May 2013)
 
diff --git a/sys-cluster/nova/files/nova-folsom-4-CVE-2013-2096.patch b/sys-cluster/nova/files/nova-folsom-4-CVE-2013-2096.patch
new file mode 100644
index 000000000000..304a61f9d20f
--- /dev/null
+++ b/sys-cluster/nova/files/nova-folsom-4-CVE-2013-2096.patch
@@ -0,0 +1,115 @@
+From 6740c4141ea1152529b82cbf6e5b808eaba912e7 Mon Sep 17 00:00:00 2001
+From: Chet Burgess <cfb@metacloud.com>
+Date: Thu, 9 May 2013 09:57:28 +0000
+Subject: [PATCH] Check QCOW2 image size during root disk creation
+
+glance can only tell us the size of the file, not the virtual
+size of the QCOW2. As such we need to check the virtual size of
+the image once its cached and ensure it's <= to the flavor's
+root disk size.
+
+Change-Id: I833467284126557eb598b8350a84e10c06292fa9
+Fixes: bug 1177830
+(cherry picked from commit 44a8aba1d5da87d54db48079103fdef946666d80)
+---
+ nova/tests/test_imagebackend.py   | 18 ++++++++++++++++++
+ nova/virt/libvirt/imagebackend.py | 12 ++++++++++++
+ 2 files changed, 30 insertions(+)
+
+diff --git a/nova/tests/test_imagebackend.py b/nova/tests/test_imagebackend.py
+index f0bb718..da14f20 100644
+--- a/nova/tests/test_imagebackend.py
++++ b/nova/tests/test_imagebackend.py
+@@ -17,6 +17,7 @@
+ 
+ import os
+ 
++from nova import exception
+ from nova import flags
+ from nova import test
+ from nova.tests import fake_libvirt_utils
+@@ -190,7 +191,10 @@ class Qcow2TestCase(_ImageTestCase):
+         fn = self.prepare_mocks()
+         fn(target=self.TEMPLATE_PATH)
+         self.mox.StubOutWithMock(os.path, 'exists')
++        self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size')
+         os.path.exists(self.QCOW2_BASE).AndReturn(False)
++        imagebackend.disk.get_disk_size(self.TEMPLATE_PATH
++                                       ).AndReturn(self.SIZE)
+         imagebackend.libvirt_utils.copy_image(self.TEMPLATE_PATH,
+                                               self.QCOW2_BASE)
+         imagebackend.disk.extend(self.QCOW2_BASE, self.SIZE)
+@@ -203,11 +207,25 @@ class Qcow2TestCase(_ImageTestCase):
+ 
+         self.mox.VerifyAll()
+ 
++    def test_create_image_too_small(self):
++        self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size')
++        imagebackend.disk.get_disk_size(self.TEMPLATE_PATH
++                                       ).AndReturn(self.SIZE)
++        self.mox.ReplayAll()
++
++        image = self.image_class(self.INSTANCE, self.NAME)
++        self.assertRaises(exception.ImageTooLarge, image.create_image, None,
++                          self.TEMPLATE_PATH, 1)
++        self.mox.VerifyAll()
++
+     def test_create_image_with_size_template_exists(self):
+         fn = self.prepare_mocks()
+         fn(target=self.TEMPLATE_PATH)
+         self.mox.StubOutWithMock(os.path, 'exists')
++        self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size')
+         os.path.exists(self.QCOW2_BASE).AndReturn(True)
++        imagebackend.disk.get_disk_size(self.TEMPLATE_PATH
++                                       ).AndReturn(self.SIZE)
+         imagebackend.libvirt_utils.create_cow_image(self.QCOW2_BASE,
+                                                     self.PATH)
+         self.mox.ReplayAll()
+diff --git a/nova/virt/libvirt/imagebackend.py b/nova/virt/libvirt/imagebackend.py
+index 0f2f044..5e7023e 100644
+--- a/nova/virt/libvirt/imagebackend.py
++++ b/nova/virt/libvirt/imagebackend.py
+@@ -19,14 +19,17 @@ import abc
+ import contextlib
+ import os
+ 
++from nova import exception
+ from nova import flags
+ from nova.openstack.common import cfg
+ from nova.openstack.common import excutils
++from nova.openstack.common import log as logging
+ from nova import utils
+ from nova.virt.disk import api as disk
+ from nova.virt.libvirt import config
+ from nova.virt.libvirt import utils as libvirt_utils
+ 
++
+ __imagebackend_opts = [
+     cfg.StrOpt('libvirt_images_type',
+             default='default',
+@@ -46,6 +49,8 @@ __imagebackend_opts = [
+ FLAGS = flags.FLAGS
+ FLAGS.register_opts(__imagebackend_opts)
+ 
++LOG = logging.getLogger(__name__)
++
+ 
+ class Image(object):
+     __metaclass__ = abc.ABCMeta
+@@ -170,6 +175,13 @@ class Qcow2(Image):
+                         disk.extend(qcow2_base, size)
+             libvirt_utils.create_cow_image(qcow2_base, target)
+ 
++        # NOTE(cfb): Having a flavor that sets the root size to 0 and having
++        #            nova effectively ignore that size and use the size of the
++        #            image is considered a feature at this time, not a bug.
++        if size and size < disk.get_disk_size(base):
++            LOG.error('%s virtual size larger than flavor root disk size %s' %
++                      (base, size))
++            raise exception.ImageTooLarge()
+         prepare_template(target=base, *args, **kwargs)
+         with utils.remove_path_on_error(self.path):
+             copy_qcow2_image(base, self.path, size)
+-- 
+1.8.1.5
+
diff --git a/sys-cluster/nova/files/nova-grizzly-1-CVE-2013-2096.patch b/sys-cluster/nova/files/nova-grizzly-1-CVE-2013-2096.patch
new file mode 100644
index 000000000000..5067ca97d77f
--- /dev/null
+++ b/sys-cluster/nova/files/nova-grizzly-1-CVE-2013-2096.patch
@@ -0,0 +1,96 @@
+From a4fc0c800502338e4530cad910efb64a5483e1ea Mon Sep 17 00:00:00 2001
+From: Chet Burgess <cfb@metacloud.com>
+Date: Thu, 9 May 2013 09:57:28 +0000
+Subject: [PATCH] Check QCOW2 image size during root disk creation
+
+glance can only tell us the size of the file, not the virtual
+size of the QCOW2. As such we need to check the virtual size of
+the image once its cached and ensure it's <= to the flavor's
+root disk size.
+
+Change-Id: I833467284126557eb598b8350a84e10c06292fa9
+Fixes: bug 1177830
+(cherry picked from commit 44a8aba1d5da87d54db48079103fdef946666d80)
+---
+ nova/tests/test_imagebackend.py   | 21 +++++++++++++++++++++
+ nova/virt/libvirt/imagebackend.py |  8 ++++++++
+ 2 files changed, 29 insertions(+)
+
+diff --git a/nova/tests/test_imagebackend.py b/nova/tests/test_imagebackend.py
+index d571bbf..4ec36da 100644
+--- a/nova/tests/test_imagebackend.py
++++ b/nova/tests/test_imagebackend.py
+@@ -20,6 +20,7 @@ import os
+ import fixtures
+ from oslo.config import cfg
+ 
++from nova import exception
+ from nova.openstack.common import uuidutils
+ from nova import test
+ from nova.tests import fake_libvirt_utils
+@@ -253,9 +254,12 @@ class Qcow2TestCase(_ImageTestCase, test.TestCase):
+         fn = self.prepare_mocks()
+         fn(target=self.TEMPLATE_PATH)
+         self.mox.StubOutWithMock(os.path, 'exists')
++        self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size')
+         if self.OLD_STYLE_INSTANCE_PATH:
+             os.path.exists(self.OLD_STYLE_INSTANCE_PATH).AndReturn(False)
+         os.path.exists(self.TEMPLATE_PATH).AndReturn(False)
++        imagebackend.disk.get_disk_size(self.TEMPLATE_PATH
++                                       ).AndReturn(self.SIZE)
+         os.path.exists(self.PATH).AndReturn(False)
+         imagebackend.libvirt_utils.create_cow_image(self.TEMPLATE_PATH,
+                                                     self.PATH)
+@@ -267,6 +271,23 @@ class Qcow2TestCase(_ImageTestCase, test.TestCase):
+ 
+         self.mox.VerifyAll()
+ 
++    def test_create_image_too_small(self):
++        fn = self.prepare_mocks()
++        fn(target=self.TEMPLATE_PATH)
++        self.mox.StubOutWithMock(os.path, 'exists')
++        self.mox.StubOutWithMock(imagebackend.disk, 'get_disk_size')
++        if self.OLD_STYLE_INSTANCE_PATH:
++            os.path.exists(self.OLD_STYLE_INSTANCE_PATH).AndReturn(False)
++        os.path.exists(self.TEMPLATE_PATH).AndReturn(False)
++        imagebackend.disk.get_disk_size(self.TEMPLATE_PATH
++                                       ).AndReturn(self.SIZE)
++        self.mox.ReplayAll()
++
++        image = self.image_class(self.INSTANCE, self.NAME)
++        self.assertRaises(exception.ImageTooLarge, image.create_image, fn,
++                          self.TEMPLATE_PATH, 1)
++        self.mox.VerifyAll()
++
+ 
+ class LvmTestCase(_ImageTestCase, test.TestCase):
+     VG = 'FakeVG'
+diff --git a/nova/virt/libvirt/imagebackend.py b/nova/virt/libvirt/imagebackend.py
+index b6b1b88..2ca71cc 100755
+--- a/nova/virt/libvirt/imagebackend.py
++++ b/nova/virt/libvirt/imagebackend.py
+@@ -21,6 +21,7 @@ import os
+ 
+ from oslo.config import cfg
+ 
++from nova import exception
+ from nova.openstack.common import excutils
+ from nova.openstack.common import fileutils
+ from nova.openstack.common import lockutils
+@@ -255,6 +256,13 @@ class Qcow2(Image):
+ 
+         if not os.path.exists(base):
+             prepare_template(target=base, *args, **kwargs)
++        # NOTE(cfb): Having a flavor that sets the root size to 0 and having
++        #            nova effectively ignore that size and use the size of the
++        #            image is considered a feature at this time, not a bug.
++        if size and size < disk.get_disk_size(base):
++            LOG.error('%s virtual size larger than flavor root disk size %s' %
++                      (base, size))
++            raise exception.ImageTooLarge()
+         if not os.path.exists(self.path):
+             with utils.remove_path_on_error(self.path):
+                 copy_qcow2_image(base, self.path, size)
+-- 
+1.8.1.5
+
diff --git a/sys-cluster/nova/nova-2012.2.4-r1.ebuild b/sys-cluster/nova/nova-2012.2.4-r2.ebuild
index 27086453c574..4fc43413aaaa 100644
--- a/sys-cluster/nova/nova-2012.2.4-r1.ebuild
+++ b/sys-cluster/nova/nova-2012.2.4-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2012.2.4-r1.ebuild,v 1.1 2013/05/10 04:11:00 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2012.2.4-r2.ebuild,v 1.1 2013/05/17 14:57:48 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -45,6 +45,7 @@ RDEPEND="=dev-python/amqplib-0.6.1
 
 PATCHES=(
 	"${FILESDIR}/nova-folsom-4-CVE-2013-2030.patch"
+	"${FILESDIR}/nova-folsom-4-CVE-2013-2096.patch"
 )
 
 python_install() {
diff --git a/sys-cluster/nova/nova-2013.1.1-r1.ebuild b/sys-cluster/nova/nova-2013.1.1-r2.ebuild
index 848dec859c56..951e1e2a61a6 100644
--- a/sys-cluster/nova/nova-2013.1.1-r1.ebuild
+++ b/sys-cluster/nova/nova-2013.1.1-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.1-r1.ebuild,v 1.1 2013/05/16 01:11:03 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.1-r2.ebuild,v 1.1 2013/05/17 14:57:48 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -53,6 +53,7 @@ RDEPEND=">=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}]
 		virtual/python-argparse[${PYTHON_USEDEP}]"
 
 PATCHES=(
+	"${FILESDIR}/nova-grizzly-1-CVE-2013-2096.patch"
 )
 
 python_install() {