[openstack-nova/el6] fix for protocol case handling (#829441, CVE-2012-2654)
Pádraig Brady
pbrady at fedoraproject.org
Wed Jun 6 23:35:57 UTC 2012
commit 988bdacbf2dc7a021d4cca8a881c0a488c2d8d53
Author: Pádraig Brady <P at draigBrady.com>
Date: Wed Jun 6 23:51:54 2012 +0100
fix for protocol case handling (#829441, CVE-2012-2654)
This fix was on the Essex stable branch,
so I took the opportunity to sync with it.
(cherry picked from commit 9515a6bc3f8a89326bfffabf8291fa9eb3e24e4b)
Conflicts:
openstack-nova.spec
0024-Generate-a-Changelog-for-Nova.patch | 227 ++++++++++++++++++++
...ix-type-of-snapshot_id-column-to-match-db.patch | 33 +++
... 0026-handle-updated-qemu-img-info-output.patch | 3 +-
0027-Nail-pep8-dependencies-to-1.0.1.patch | 40 ++++
...ti_Scheduler-to-process-host-capabilities.patch | 75 +++++++
...irt-get_console_output-tests-pty-and-file.patch | 123 +++++++++++
...memory-correctly-on-Xen.-Fixes-bug-997014.patch | 66 ++++++
...rotocol-case-handling-for-security-groups.patch | 63 ++++++
...tomic-manipulation-of-libvirt-disk-images.patch | 4 +-
...e-don-t-access-the-net-when-building-docs.patch | 2 +-
...0034-fix-useexisting-deprecation-warnings.patch | 2 +-
...-configurable-libvirt-injection-partition.patch | 4 +-
openstack-nova.spec | 30 ++-
13 files changed, 659 insertions(+), 13 deletions(-)
---
diff --git a/0024-Generate-a-Changelog-for-Nova.patch b/0024-Generate-a-Changelog-for-Nova.patch
new file mode 100644
index 0000000..702434e
--- /dev/null
+++ b/0024-Generate-a-Changelog-for-Nova.patch
@@ -0,0 +1,227 @@
+From ec70c69a4d2c13c5e7f9a6d6c6bd05ca885a7493 Mon Sep 17 00:00:00 2001
+From: Chuck Short <chuck.short at canonical.com>
+Date: Tue, 15 May 2012 10:05:21 -0400
+Subject: [PATCH] Generate a Changelog for Nova
+
+Ubuntu uses a tarball to generate packages for Nova and
+other openstack projects. This allows the user to find out
+what is included in the tarball.
+
+Signed-off-by: Chuck Short <chuck.short at canonical.com>
+
+Change-Id: I0291e19eee1ff2c5fc98b499571b2563841c6076
+---
+ MANIFEST.in | 1 +
+ nova/openstack/common/setup.py | 145 ++++++++++++++++++++++++++++++++++++++++
+ openstack-common.conf | 2 +-
+ setup.py | 13 +++-
+ 4 files changed, 158 insertions(+), 3 deletions(-)
+ create mode 100644 nova/openstack/common/setup.py
+
+diff --git a/MANIFEST.in b/MANIFEST.in
+index a8549a7..3c43e93 100644
+--- a/MANIFEST.in
++++ b/MANIFEST.in
+@@ -4,6 +4,7 @@ include README.rst
+ include MANIFEST.in pylintrc Authors
+ include openstack-common.conf
+ include babel.cfg tox.ini
++include ChangeLog
+ graft nova/CA
+ graft doc
+ graft smoketests
+diff --git a/nova/openstack/common/setup.py b/nova/openstack/common/setup.py
+new file mode 100644
+index 0000000..60c731a
+--- /dev/null
++++ b/nova/openstack/common/setup.py
+@@ -0,0 +1,145 @@
++# vim: tabstop=4 shiftwidth=4 softtabstop=4
++
++# Copyright 2011 OpenStack LLC.
++# All Rights Reserved.
++#
++# Licensed under the Apache License, Version 2.0 (the "License"); you may
++# not use this file except in compliance with the License. You may obtain
++# a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing, software
++# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++# License for the specific language governing permissions and limitations
++# under the License.
++
++"""
++Utilities with minimum-depends for use in setup.py
++"""
++
++import os
++import re
++import subprocess
++
++
++def parse_mailmap(mailmap='.mailmap'):
++ mapping = {}
++ if os.path.exists(mailmap):
++ fp = open(mailmap, 'r')
++ for l in fp:
++ l = l.strip()
++ if not l.startswith('#') and ' ' in l:
++ canonical_email, alias = l.split(' ')
++ mapping[alias] = canonical_email
++ return mapping
++
++
++def canonicalize_emails(changelog, mapping):
++ """Takes in a string and an email alias mapping and replaces all
++ instances of the aliases in the string with their real email.
++ """
++ for alias, email in mapping.iteritems():
++ changelog = changelog.replace(alias, email)
++ return changelog
++
++
++# Get requirements from the first file that exists
++def get_reqs_from_files(requirements_files):
++ reqs_in = []
++ for requirements_file in requirements_files:
++ if os.path.exists(requirements_file):
++ return open(requirements_file, 'r').read().split('\n')
++ return []
++
++
++def parse_requirements(requirements_files=['requirements.txt',
++ 'tools/pip-requires']):
++ requirements = []
++ for line in get_reqs_from_files(requirements_files):
++ if re.match(r'\s*-e\s+', line):
++ requirements.append(re.sub(r'\s*-e\s+.*#egg=(.*)$', r'\1',
++ line))
++ elif re.match(r'\s*-f\s+', line):
++ pass
++ else:
++ requirements.append(line)
++
++ return requirements
++
++
++def parse_dependency_links(requirements_files=['requirements.txt',
++ 'tools/pip-requires']):
++ dependency_links = []
++ for line in get_reqs_from_files(requirements_files):
++ if re.match(r'(\s*#)|(\s*$)', line):
++ continue
++ if re.match(r'\s*-[ef]\s+', line):
++ dependency_links.append(re.sub(r'\s*-[ef]\s+', '', line))
++ return dependency_links
++
++
++def write_requirements():
++ venv = os.environ.get('VIRTUAL_ENV', None)
++ if venv is not None:
++ with open("requirements.txt", "w") as req_file:
++ output = subprocess.Popen(["pip", "-E", venv, "freeze", "-l"],
++ stdout=subprocess.PIPE)
++ requirements = output.communicate()[0].strip()
++ req_file.write(requirements)
++
++
++def _run_shell_command(cmd):
++ output = subprocess.Popen(["/bin/sh", "-c", cmd],
++ stdout=subprocess.PIPE)
++ return output.communicate()[0].strip()
++
++
++def write_vcsversion(location):
++ """Produce a vcsversion dict that mimics the old one produced by bzr.
++ """
++ if os.path.isdir('.git'):
++ branch_nick_cmd = 'git branch | grep -Ei "\* (.*)" | cut -f2 -d" "'
++ branch_nick = _run_shell_command(branch_nick_cmd)
++ revid_cmd = "git rev-parse HEAD"
++ revid = _run_shell_command(revid_cmd).split()[0]
++ revno_cmd = "git log --oneline | wc -l"
++ revno = _run_shell_command(revno_cmd)
++ with open(location, 'w') as version_file:
++ version_file.write("""
++# This file is automatically generated by setup.py, So don't edit it. :)
++version_info = {
++ 'branch_nick': '%s',
++ 'revision_id': '%s',
++ 'revno': %s
++}
++""" % (branch_nick, revid, revno))
++
++
++def write_git_changelog():
++ """Write a changelog based on the git changelog."""
++ if os.path.isdir('.git'):
++ git_log_cmd = 'git log --stat'
++ changelog = _run_shell_command(git_log_cmd)
++ mailmap = parse_mailmap()
++ with open("ChangeLog", "w") as changelog_file:
++ changelog_file.write(canonicalize_emails(changelog, mailmap))
++
++
++def generate_authors():
++ """Create AUTHORS file using git commits."""
++ jenkins_email = 'jenkins at review.openstack.org'
++ old_authors = 'AUTHORS.in'
++ new_authors = 'AUTHORS'
++ if os.path.isdir('.git'):
++ # don't include jenkins email address in AUTHORS file
++ git_log_cmd = "git log --format='%aN <%aE>' | sort -u | " \
++ "grep -v " + jenkins_email
++ changelog = _run_shell_command(git_log_cmd)
++ mailmap = parse_mailmap()
++ with open(new_authors, 'w') as new_authors_fh:
++ new_authors_fh.write(canonicalize_emails(changelog, mailmap))
++ if os.path.exists(old_authors):
++ with open(old_authors, "r") as old_authors_fh:
++ new_authors_fh.write('\n' + old_authors_fh.read())
+diff --git a/openstack-common.conf b/openstack-common.conf
+index bc191b9..025b21c 100644
+--- a/openstack-common.conf
++++ b/openstack-common.conf
+@@ -1,7 +1,7 @@
+ [DEFAULT]
+
+ # The list of modules to copy from openstack-common
+-modules=cfg,iniparser
++modules=cfg,iniparser,setup
+
+ # The base module to hold the copy of openstack.common
+ base=nova
+diff --git a/setup.py b/setup.py
+index dd5c221..080d52d 100644
+--- a/setup.py
++++ b/setup.py
+@@ -15,15 +15,24 @@
+ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ # License for the specific language governing permissions and limitations
+ # under the License.
+-
+ import glob
+ import os
+
+ import setuptools
++from setuptools.command import sdist
+
++from nova.openstack.common import setup as common_setup
+ from nova import version
+
+-nova_cmdclass = {}
++
++class local_sdist(sdist.sdist):
++ """Customized sdist hook - builds the ChangeLog file from VC first."""
++ def run(self):
++ common_setup.write_git_changelog()
++ # sdist.sdist is an old style class, can't user super()
++ sdist.sdist.run(self)
++
++nova_cmdclass = {'sdist': local_sdist}
+
+ try:
+ from sphinx import setup_command
diff --git a/0025-Fix-type-of-snapshot_id-column-to-match-db.patch b/0025-Fix-type-of-snapshot_id-column-to-match-db.patch
new file mode 100644
index 0000000..9057325
--- /dev/null
+++ b/0025-Fix-type-of-snapshot_id-column-to-match-db.patch
@@ -0,0 +1,33 @@
+From 2d7d51c5ea2a885ee6160d11c8a9afdbb86d1c43 Mon Sep 17 00:00:00 2001
+From: Vishvananda Ishaya <vishvananda at gmail.com>
+Date: Wed, 16 May 2012 10:04:26 -0700
+Subject: [PATCH] Fix type of snapshot_id column to match db
+
+ * Migrations create a snaphsot_id column that is an integer, but
+ models incorrectly list it as a string.
+ * The above issue causes errors in certain situations when trying
+ to list instances. It seems to be only certain db configurations
+ or versions of sqlalchemy that exhibit the issue.
+ * Issue was fixed in trunk as part of a conversion to uuids in
+ commit 407e16b863bac1dfbf4e954837009abf9c17f018 so a straight
+ backport is not possible
+ * Fixes bug 962615
+
+Change-Id: I8e9fc9712c141822890feffee838faf8b41ee4f5
+---
+ nova/db/sqlalchemy/models.py | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/nova/db/sqlalchemy/models.py b/nova/db/sqlalchemy/models.py
+index 3865cd5..ec5e663 100644
+--- a/nova/db/sqlalchemy/models.py
++++ b/nova/db/sqlalchemy/models.py
+@@ -344,7 +344,7 @@ class Volume(BASE, NovaBase):
+ user_id = Column(String(255))
+ project_id = Column(String(255))
+
+- snapshot_id = Column(String(255))
++ snapshot_id = Column(Integer)
+
+ host = Column(String(255)) # , ForeignKey('hosts.id'))
+ size = Column(Integer)
diff --git a/0028-handle-updated-qemu-img-info-output.patch b/0026-handle-updated-qemu-img-info-output.patch
similarity index 93%
rename from 0028-handle-updated-qemu-img-info-output.patch
rename to 0026-handle-updated-qemu-img-info-output.patch
index bb453f3..d330bed 100644
--- a/0028-handle-updated-qemu-img-info-output.patch
+++ b/0026-handle-updated-qemu-img-info-output.patch
@@ -1,4 +1,4 @@
-From 4099a82112d192ba01cb3c5fb3a71b5ef8bb7683 Mon Sep 17 00:00:00 2001
+From 2b3bbc49da7ea7eebbc046e746db1c085b08a425 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Wed, 16 May 2012 13:44:46 +0100
Subject: [PATCH] handle updated qemu-img info output
@@ -23,6 +23,7 @@ Avoid an indexError exception when parsing the newer format.
Fixes bug 1000261
Change-Id: Ie2889b6da8a5c93e0e874e7a330529f6e6e71b0b
+(cherry picked from commit 0624b7aab0c0fe4869111ad8e302151548d6ba20)
---
nova/virt/libvirt/utils.py | 14 +++++++++++---
1 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/0027-Nail-pep8-dependencies-to-1.0.1.patch b/0027-Nail-pep8-dependencies-to-1.0.1.patch
new file mode 100644
index 0000000..9392054
--- /dev/null
+++ b/0027-Nail-pep8-dependencies-to-1.0.1.patch
@@ -0,0 +1,40 @@
+From 4aea7f1e31faceb3449372e81fce1a1b8bc64863 Mon Sep 17 00:00:00 2001
+From: Dan Prince <dprince at redhat.com>
+Date: Thu, 24 May 2012 09:31:16 -0400
+Subject: [PATCH] Nail pep8 dependencies to 1.0.1.
+
+Nails the pep8 deps for tox and test-requires to 1.0.1.
+Fixes an issues causing pep8 failures due to a new pep8 release.
+
+(cherry picked from commit e3d7d3a)
+
+Change-Id: I30be4909f052c29834afbfddba6007045afa519b
+---
+ tools/test-requires | 2 +-
+ tox.ini | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/test-requires b/tools/test-requires
+index 2395e78..d64e5f7 100644
+--- a/tools/test-requires
++++ b/tools/test-requires
+@@ -6,5 +6,5 @@ mox==0.5.3
+ nose
+ nosexcover
+ openstack.nose_plugin
+-pep8==0.6.1
++pep8==1.0.1
+ sphinx>=1.1.2
+diff --git a/tox.ini b/tox.ini
+index e3438e2..123558d 100644
+--- a/tox.ini
++++ b/tox.ini
+@@ -11,7 +11,7 @@ commands = /bin/bash run_tests.sh -N -P
+ downloadcache = ~/cache/pip
+
+ [testenv:pep8]
+-deps = pep8
++deps = pep8==1.0.1
+ commands = /bin/bash run_tests.sh -N --pep8
+
+ [testenv:coverage]
diff --git a/0028-Fix-Multi_Scheduler-to-process-host-capabilities.patch b/0028-Fix-Multi_Scheduler-to-process-host-capabilities.patch
new file mode 100644
index 0000000..82b7b0a
--- /dev/null
+++ b/0028-Fix-Multi_Scheduler-to-process-host-capabilities.patch
@@ -0,0 +1,75 @@
+From 4e423cd558e2f36ebe6553a9df1a32fca93b0428 Mon Sep 17 00:00:00 2001
+From: Armando Migliaccio <amigliaccio at internap.com>
+Date: Thu, 17 May 2012 01:54:53 +0100
+Subject: [PATCH] Fix Multi_Scheduler to process host capabilities
+
+To fix bug #1000403, make sure that each driver held by the
+Multi Scheduler gets called during update_service_capabilities.
+
+Change-Id: If8a942317b9b26dd101c5bcf502aab7296608abd
+---
+ .mailmap | 1 +
+ nova/scheduler/multi.py | 6 ++++++
+ nova/tests/scheduler/test_multi_scheduler.py | 22 ++++++++++++++++++++++
+ 3 files changed, 29 insertions(+), 0 deletions(-)
+
+diff --git a/.mailmap b/.mailmap
+index 7fd6cb6..1537739 100644
+diff --git a/nova/scheduler/multi.py b/nova/scheduler/multi.py
+index dcc755d..144b8df 100644
+--- a/nova/scheduler/multi.py
++++ b/nova/scheduler/multi.py
+@@ -79,3 +79,9 @@ class MultiScheduler(driver.Scheduler):
+
+ def schedule_prep_resize(self, *args, **kwargs):
+ return self.drivers['compute'].schedule_prep_resize(*args, **kwargs)
++
++ def update_service_capabilities(self, service_name, host, capabilities):
++ # Multi scheduler is only a holder of sub-schedulers, so
++ # pass the capabilities to the schedulers that matter
++ for d in self.drivers.values():
++ d.update_service_capabilities(service_name, host, capabilities)
+diff --git a/nova/tests/scheduler/test_multi_scheduler.py b/nova/tests/scheduler/test_multi_scheduler.py
+index 3d7220c..4faf944 100644
+--- a/nova/tests/scheduler/test_multi_scheduler.py
++++ b/nova/tests/scheduler/test_multi_scheduler.py
+@@ -28,6 +28,10 @@ from nova.tests.scheduler import test_scheduler
+ class FakeComputeScheduler(driver.Scheduler):
+ is_fake_compute = True
+
++ def __init__(self):
++ super(FakeComputeScheduler, self).__init__()
++ self.is_update_caps_called = False
++
+ def schedule_theoretical(self, *args, **kwargs):
+ pass
+
+@@ -38,6 +42,10 @@ class FakeComputeScheduler(driver.Scheduler):
+ class FakeVolumeScheduler(driver.Scheduler):
+ is_fake_volume = True
+
++ def __init__(self):
++ super(FakeVolumeScheduler, self).__init__()
++ self.is_update_caps_called = False
++
+ def schedule_create_volume(self, *args, **kwargs):
+ pass
+
+@@ -103,3 +111,17 @@ class MultiDriverTestCase(test_scheduler.SchedulerTestCase):
+ self.mox.ReplayAll()
+ mgr.schedule(ctxt, 'compute', method, *fake_args, **fake_kwargs)
+ mgr.schedule(ctxt, 'volume', method, *fake_args, **fake_kwargs)
++
++ def test_update_service_capabilities(self):
++ def fake_update_service_capabilities(self, service, host, caps):
++ self.is_update_caps_called = True
++
++ mgr = self._manager
++ self.stubs.Set(driver.Scheduler,
++ 'update_service_capabilities',
++ fake_update_service_capabilities)
++ self.assertFalse(mgr.drivers['compute'].is_update_caps_called)
++ self.assertFalse(mgr.drivers['volume'].is_update_caps_called)
++ mgr.update_service_capabilities('foo_svc', 'foo_host', 'foo_caps')
++ self.assertTrue(mgr.drivers['compute'].is_update_caps_called)
++ self.assertTrue(mgr.drivers['volume'].is_update_caps_called)
diff --git a/0029-Add-libvirt-get_console_output-tests-pty-and-file.patch b/0029-Add-libvirt-get_console_output-tests-pty-and-file.patch
new file mode 100644
index 0000000..e1ba04e
--- /dev/null
+++ b/0029-Add-libvirt-get_console_output-tests-pty-and-file.patch
@@ -0,0 +1,123 @@
+From 8c72924523a01b2a0a938f60b65c050ef351b16b Mon Sep 17 00:00:00 2001
+From: Dan Prince <dprince at redhat.com>
+Date: Fri, 27 Apr 2012 21:40:02 -0400
+Subject: [PATCH] Add libvirt get_console_output tests: pty and file
+
+Add two new libvirt tests for the get_console_output:
+ - test_get_console_output_pty
+ - test_get_console_output_file
+
+Fixes LP Bug #990237.
+
+Change-Id: I308862c131c4c9c9c4accab1822039f8f5a775b4
+---
+ nova/tests/test_libvirt.py | 82 +++++++++++++++++++++++++++++++++++++++
+ nova/virt/libvirt/connection.py | 2 +-
+ 2 files changed, 83 insertions(+), 1 deletions(-)
+
+diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
+index 4830204..ac8cdca 100644
+--- a/nova/tests/test_libvirt.py
++++ b/nova/tests/test_libvirt.py
+@@ -1329,6 +1329,88 @@ class LibvirtConnTestCase(test.TestCase):
+ shutil.rmtree(os.path.join(FLAGS.instances_path,
+ FLAGS.base_dir_name))
+
++ @test.skip_if(missing_libvirt(), "Test requires libvirt")
++ def test_get_console_output_file(self):
++
++ with utils.tempdir() as tmpdir:
++ self.flags(instances_path=tmpdir)
++
++ instance_ref = self.test_instance
++ instance_ref['image_ref'] = 123456
++ instance = db.instance_create(self.context, instance_ref)
++
++ console_dir = (os.path.join(tmpdir, instance['name']))
++ os.mkdir(console_dir)
++ console_log = '%s/console.log' % (console_dir)
++ f = open(console_log, "w")
++ f.write("foo")
++ f.close()
++ fake_dom_xml = """
++ <domain type='kvm'>
++ <devices>
++ <disk type='file'>
++ <source file='filename'/>
++ </disk>
++ <console type='file'>
++ <source path='%s'/>
++ <target port='0'/>
++ </console>
++ </devices>
++ </domain>
++ """ % console_log
++
++ def fake_lookup(id):
++ return FakeVirtDomain(fake_dom_xml)
++
++ self.create_fake_libvirt_mock()
++ connection.LibvirtConnection._conn.lookupByName = fake_lookup
++ connection.libvirt_utils = libvirt_utils
++
++ conn = connection.LibvirtConnection(False)
++ output = conn.get_console_output(instance)
++ self.assertEquals("foo", output)
++
++ @test.skip_if(missing_libvirt(), "Test requires libvirt")
++ def test_get_console_output_pty(self):
++
++ with utils.tempdir() as tmpdir:
++ self.flags(instances_path=tmpdir)
++
++ instance_ref = self.test_instance
++ instance_ref['image_ref'] = 123456
++ instance = db.instance_create(self.context, instance_ref)
++
++ console_dir = (os.path.join(tmpdir, instance['name']))
++ os.mkdir(console_dir)
++ pty_file = '%s/fake_pty' % (console_dir)
++ f = open(pty_file, "w")
++ f.write("foo")
++ f.close()
++ fake_dom_xml = """
++ <domain type='kvm'>
++ <devices>
++ <disk type='file'>
++ <source file='filename'/>
++ </disk>
++ <console type='pty'>
++ <source path='%s'/>
++ <target port='0'/>
++ </console>
++ </devices>
++ </domain>
++ """ % pty_file
++
++ def fake_lookup(id):
++ return FakeVirtDomain(fake_dom_xml)
++
++ self.create_fake_libvirt_mock()
++ connection.LibvirtConnection._conn.lookupByName = fake_lookup
++ connection.libvirt_utils = libvirt_utils
++
++ conn = connection.LibvirtConnection(False)
++ output = conn.get_console_output(instance)
++ self.assertEquals("foo", output)
++
+ def test_get_host_ip_addr(self):
+ conn = connection.LibvirtConnection(False)
+ ip = conn.get_host_ip_addr()
+diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
+index 31e6511..b0b5caa 100644
+--- a/nova/virt/libvirt/connection.py
++++ b/nova/virt/libvirt/connection.py
+@@ -1009,7 +1009,7 @@ class LibvirtConnection(driver.ComputeDriver):
+
+ self._chown_console_log_for_instance(instance['name'])
+ data = self._flush_libvirt_console(pty)
+- console_log = self._get_console_log_path(instance_name)
++ console_log = self._get_console_log_path(instance['name'])
+ fpath = self._append_to_file(data, console_log)
+
+ return libvirt_utils.load_file(fpath)
diff --git a/0030-Report-memory-correctly-on-Xen.-Fixes-bug-997014.patch b/0030-Report-memory-correctly-on-Xen.-Fixes-bug-997014.patch
new file mode 100644
index 0000000..6cbc91f
--- /dev/null
+++ b/0030-Report-memory-correctly-on-Xen.-Fixes-bug-997014.patch
@@ -0,0 +1,66 @@
+From 84a43e140568c4806c5962b273297439db2a5199 Mon Sep 17 00:00:00 2001
+From: Alvaro Lopez Garcia <aloga at ifca.unican.es>
+Date: Thu, 10 May 2012 10:30:29 +0200
+Subject: [PATCH] Report memory correctly on Xen. Fixes bug 997014
+
+/proc/meminfo may show wrong values for the memory when using Xen, so
+this correctly computes the memory by querying libvirt.
+
+Change-Id: I188e2d34bcee13954653b93b9b816cf4530b8859
+---
+ nova/virt/libvirt/connection.py | 35 +++++++++++++++++++++++++++++------
+ 1 files changed, 29 insertions(+), 6 deletions(-)
+
+diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
+index 31e6511..77e15bc 100644
+--- a/nova/virt/libvirt/connection.py
++++ b/nova/virt/libvirt/connection.py
+@@ -1707,10 +1707,15 @@ class LibvirtConnection(driver.ComputeDriver):
+ if sys.platform.upper() not in ['LINUX2', 'LINUX3']:
+ return 0
+
+- meminfo = open('/proc/meminfo').read().split()
+- idx = meminfo.index('MemTotal:')
+- # transforming kb to mb.
+- return int(meminfo[idx + 1]) / 1024
++ if FLAGS.libvirt_type == 'xen':
++ meminfo = self._conn.getInfo()[1]
++ # this is in MB
++ return meminfo
++ else:
++ meminfo = open('/proc/meminfo').read().split()
++ idx = meminfo.index('MemTotal:')
++ # transforming KB to MB
++ return int(meminfo[idx + 1]) / 1024
+
+ @staticmethod
+ def get_local_gb_total():
+@@ -1759,8 +1764,26 @@ class LibvirtConnection(driver.ComputeDriver):
+ idx1 = m.index('MemFree:')
+ idx2 = m.index('Buffers:')
+ idx3 = m.index('Cached:')
+- avail = (int(m[idx1 + 1]) + int(m[idx2 + 1]) + int(m[idx3 + 1])) / 1024
+- return self.get_memory_mb_total() - avail
++ if FLAGS.libvirt_type == 'xen':
++ used = 0
++ for domain_id in self._conn.listDomainsID():
++ # skip dom0
++ dom_mem = int(self._conn.lookupByID(domain_id).info()[2])
++ if domain_id != 0:
++ used += dom_mem
++ else:
++ # the mem reported by dom0 is be greater of what
++ # it is being used
++ used += (dom_mem -
++ (int(m[idx1 + 1]) +
++ int(m[idx2 + 1]) +
++ int(m[idx3 + 1])))
++ # Convert it to MB
++ return used / 1024
++ else:
++ avail = (int(m[idx1 + 1]) + int(m[idx2 + 1]) + int(m[idx3 + 1]))
++ # Convert it to MB
++ return self.get_memory_mb_total() - avail / 1024
+
+ def get_local_gb_used(self):
+ """Get the free hdd size(GB) of physical computer.
diff --git a/0031-Fix-up-protocol-case-handling-for-security-groups.patch b/0031-Fix-up-protocol-case-handling-for-security-groups.patch
new file mode 100644
index 0000000..3018ad8
--- /dev/null
+++ b/0031-Fix-up-protocol-case-handling-for-security-groups.patch
@@ -0,0 +1,63 @@
+From 9f9e9da777161426a6f8cb4314b78e09beac2978 Mon Sep 17 00:00:00 2001
+From: Vishvananda Ishaya <vishvananda at gmail.com>
+Date: Wed, 6 Jun 2012 13:25:04 -0400
+Subject: [PATCH] Fix up protocol case handling for security groups.
+
+Fix bug 985184.
+
+When creating security group rules, any case for the protocol was
+accepted as input, such as TCP, Tcp, tcp, etc., and was stored in the
+database as specified. However, unless specified as all lowercase, the
+code to apply the rules would break and result in some rules not being
+applied.
+
+(cherry picked from commit ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654)
+
+Change-Id: If737104f492aacd3688f04d78eb9bc993ffa33fc
+---
+ nova/api/ec2/cloud.py | 2 +-
+ .../openstack/compute/contrib/security_groups.py | 2 +-
+ nova/virt/firewall.py | 4 ++--
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
+index 52def33..ac445c2 100644
+--- a/nova/api/ec2/cloud.py
++++ b/nova/api/ec2/cloud.py
+@@ -610,7 +610,7 @@ class CloudController(object):
+ to_port=to_port, msg="For ICMP, the"
+ " type:code must be valid")
+
+- values['protocol'] = ip_protocol
++ values['protocol'] = ip_protocol.lower()
+ values['from_port'] = from_port
+ values['to_port'] = to_port
+ else:
+diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py
+index 281cc8c..a9368c5 100644
+--- a/nova/api/openstack/compute/contrib/security_groups.py
++++ b/nova/api/openstack/compute/contrib/security_groups.py
+@@ -497,7 +497,7 @@ class SecurityGroupRulesController(SecurityGroupControllerBase):
+ to_port=to_port, msg="For ICMP, the"
+ " type:code must be valid")
+
+- values['protocol'] = ip_protocol
++ values['protocol'] = ip_protocol.lower()
+ values['from_port'] = from_port
+ values['to_port'] = to_port
+ else:
+diff --git a/nova/virt/firewall.py b/nova/virt/firewall.py
+index 3f53334..a41ece6 100644
+--- a/nova/virt/firewall.py
++++ b/nova/virt/firewall.py
+@@ -300,8 +300,8 @@ class IptablesFirewallDriver(FirewallDriver):
+ else:
+ fw_rules = ipv6_rules
+
+- protocol = rule.protocol
+- if version == 6 and rule.protocol == 'icmp':
++ protocol = rule.protocol.lower()
++ if version == 6 and protocol == 'icmp':
+ protocol = 'icmpv6'
+
+ args = ['-j ACCEPT']
diff --git a/0024-ensure-atomic-manipulation-of-libvirt-disk-images.patch b/0032-ensure-atomic-manipulation-of-libvirt-disk-images.patch
similarity index 98%
rename from 0024-ensure-atomic-manipulation-of-libvirt-disk-images.patch
rename to 0032-ensure-atomic-manipulation-of-libvirt-disk-images.patch
index f4a760f..b2ed502 100644
--- a/0024-ensure-atomic-manipulation-of-libvirt-disk-images.patch
+++ b/0032-ensure-atomic-manipulation-of-libvirt-disk-images.patch
@@ -1,4 +1,4 @@
-From 6a3eabcd01981c6ccead47e2b610bd82b5d6be80 Mon Sep 17 00:00:00 2001
+From 78bb6c54c53cee35a0e31ef72b7c39b730cdbebb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Fri, 16 Mar 2012 03:43:49 +0000
Subject: [PATCH] ensure atomic manipulation of libvirt disk images
@@ -169,7 +169,7 @@ index 1e0ae0a..626f3ff 100644
return metadata
diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
-index 31e6511..dc16d05 100644
+index 37a6c2c..e536eeb 100644
--- a/nova/virt/libvirt/connection.py
+++ b/nova/virt/libvirt/connection.py
@@ -1105,7 +1105,8 @@ class LibvirtConnection(driver.ComputeDriver):
diff --git a/0025-Ensure-we-don-t-access-the-net-when-building-docs.patch b/0033-Ensure-we-don-t-access-the-net-when-building-docs.patch
similarity index 94%
rename from 0025-Ensure-we-don-t-access-the-net-when-building-docs.patch
rename to 0033-Ensure-we-don-t-access-the-net-when-building-docs.patch
index 0f49ded..9a2522a 100644
--- a/0025-Ensure-we-don-t-access-the-net-when-building-docs.patch
+++ b/0033-Ensure-we-don-t-access-the-net-when-building-docs.patch
@@ -1,4 +1,4 @@
-From 73185a4a4abe3dc87efa7ec1b4e60f98c049b75b Mon Sep 17 00:00:00 2001
+From 064c01976f8e9b99ee1a6e99b6ede753440294b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Fri, 6 Jan 2012 12:16:34 +0000
Subject: [PATCH] Ensure we don't access the net when building docs
diff --git a/0026-fix-useexisting-deprecation-warnings.patch b/0034-fix-useexisting-deprecation-warnings.patch
similarity index 97%
rename from 0026-fix-useexisting-deprecation-warnings.patch
rename to 0034-fix-useexisting-deprecation-warnings.patch
index dbc3a07..6cb0176 100644
--- a/0026-fix-useexisting-deprecation-warnings.patch
+++ b/0034-fix-useexisting-deprecation-warnings.patch
@@ -1,4 +1,4 @@
-From bf7f18bf91718babb30e8ded89410667bc940320 Mon Sep 17 00:00:00 2001
+From 5340c0e8836fed360eb22941f9b022e3e15f2da8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Thu, 8 Mar 2012 16:32:30 +0000
Subject: [PATCH] fix useexisting deprecation warnings
diff --git a/0027-support-a-configurable-libvirt-injection-partition.patch b/0035-support-a-configurable-libvirt-injection-partition.patch
similarity index 97%
rename from 0027-support-a-configurable-libvirt-injection-partition.patch
rename to 0035-support-a-configurable-libvirt-injection-partition.patch
index 343b50e..6cb5812 100644
--- a/0027-support-a-configurable-libvirt-injection-partition.patch
+++ b/0035-support-a-configurable-libvirt-injection-partition.patch
@@ -1,4 +1,4 @@
-From 862cb7a4bad82f7347f495ad3a91df31cad79214 Mon Sep 17 00:00:00 2001
+From dc24715c17202a5827d1191220bd500b9b2fedd9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Wed, 18 Apr 2012 23:27:31 +0100
Subject: [PATCH] support a configurable libvirt injection partition
@@ -47,7 +47,7 @@ index 4fb5dda..11959b2 100644
else:
self.mapped_device = map_path
diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
-index dc16d05..81fd587 100644
+index e536eeb..169041c 100644
--- a/nova/virt/libvirt/connection.py
+++ b/nova/virt/libvirt/connection.py
@@ -108,6 +108,11 @@ libvirt_opts = [
diff --git a/openstack-nova.spec b/openstack-nova.spec
index df900b6..f2efad2 100644
--- a/openstack-nova.spec
+++ b/openstack-nova.spec
@@ -2,7 +2,7 @@
Name: openstack-nova
Version: 2012.1
-Release: 8%{?dist}
+Release: 9%{?dist}
Summary: OpenStack Compute (nova)
Group: Applications/System
@@ -55,11 +55,18 @@ Patch0020: 0020-Fix-bug-983206-_try_convert-parsing-string.patch
Patch0021: 0021-QuantumManager-will-start-dnsmasq-during-startup.-Fi.patch
Patch0022: 0022-Fixes-bug-952176.patch
Patch0023: 0023-Fix-nova.tests.test_nova_rootwrap-on-Fedora-17.patch
-Patch0024: 0024-ensure-atomic-manipulation-of-libvirt-disk-images.patch
-Patch0025: 0025-Ensure-we-don-t-access-the-net-when-building-docs.patch
-Patch0026: 0026-fix-useexisting-deprecation-warnings.patch
-Patch0027: 0027-support-a-configurable-libvirt-injection-partition.patch
-Patch0028: 0028-handle-updated-qemu-img-info-output.patch
+Patch0024: 0024-Generate-a-Changelog-for-Nova.patch
+Patch0025: 0025-Fix-type-of-snapshot_id-column-to-match-db.patch
+Patch0026: 0026-handle-updated-qemu-img-info-output.patch
+Patch0027: 0027-Nail-pep8-dependencies-to-1.0.1.patch
+Patch0028: 0028-Fix-Multi_Scheduler-to-process-host-capabilities.patch
+Patch0029: 0029-Add-libvirt-get_console_output-tests-pty-and-file.patch
+Patch0030: 0030-Report-memory-correctly-on-Xen.-Fixes-bug-997014.patch
+Patch0031: 0031-Fix-up-protocol-case-handling-for-security-groups.patch
+Patch0032: 0032-ensure-atomic-manipulation-of-libvirt-disk-images.patch
+Patch0033: 0033-Ensure-we-don-t-access-the-net-when-building-docs.patch
+Patch0034: 0034-fix-useexisting-deprecation-warnings.patch
+Patch0035: 0035-support-a-configurable-libvirt-injection-partition.patch
# This is EPEL specific and not upstream
Patch100: openstack-nova-newdeps.patch
@@ -213,6 +220,13 @@ This package contains documentation files for nova.
%patch0026 -p1
%patch0027 -p1
%patch0028 -p1
+%patch0029 -p1
+%patch0030 -p1
+%patch0031 -p1
+%patch0032 -p1
+%patch0033 -p1
+%patch0034 -p1
+%patch0035 -p1
# Apply EPEL patch
%patch100 -p1
@@ -410,6 +424,10 @@ fi
%endif
%changelog
+* Wed Jun 06 2012 Pádraig Brady <P at draigBrady.com> - 2012.1-9
+- Sync up with Essex stable branch, including...
+- Fix for protocol case handling (#829441, CVE-2012-2654)
+
* Wed May 16 2012 Alan Pevec <apevec at redhat.com> - 2012.1-8
- Remove m2crypto and other dependencies no loner needed by Essex
More information about the scm-commits
mailing list