[openstack-nova/f16] include updated CVE-2012-2654 fix from upstream stable

Wed Jun 13 15:49:29 UTC 2012

commit 29258e5016d1414dbcc43374786a14f895259cc3
Author: Pádraig Brady <P at draigBrady.com>
Date:   Wed Jun 13 16:39:57 2012 +0100

    include updated CVE-2012-2654 fix from upstream stable

 ...rotocol-case-handling-for-security-groups.patch |    9 ++++++---
 openstack-nova.spec                                |    5 ++++-
 2 files changed, 10 insertions(+), 4 deletions(-)
---

diff --git a/0022-Fix-up-protocol-case-handling-for-security-groups.patch b/0022-Fix-up-protocol-case-handling-for-security-groups.patch
index 08cd0ee..5d1b0be 100644
--- a/0022-Fix-up-protocol-case-handling-for-security-groups.patch
+++ b/0022-Fix-up-protocol-case-handling-for-security-groups.patch
@@ -1,4 +1,4 @@
-From 97c9e73ada674a1e009fc1126de0aef0de1c59e9 Mon Sep 17 00:00:00 2001
+From e0ed18da2c18de36ef98e18d9f3768919b483e5f Mon Sep 17 00:00:00 2001
 From: Vishvananda Ishaya <vishvananda at gmail.com>
 Date: Wed, 6 Jun 2012 13:25:04 -0400
 Subject: [PATCH] Fix up protocol case handling for security groups.
@@ -13,6 +13,9 @@ applied.
 
 (cherry picked from commit ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654)
 
+Also includes backport of thix fix:
+    https://review.openstack.org/#/c/8392
+
 Change-Id: I36af1db29c2bd97627d614df21b5da07db29a8ab
 ---
  nova/api/ec2/cloud.py                         |    2 +-
@@ -47,7 +50,7 @@ index 78d4881..2844b19 100644
              values['to_port'] = to_port
          else:
 diff --git a/nova/virt/libvirt/firewall.py b/nova/virt/libvirt/firewall.py
-index dfa1deb..8d1bbe0 100644
+index dfa1deb..f234b28 100644
 --- a/nova/virt/libvirt/firewall.py
 +++ b/nova/virt/libvirt/firewall.py
 @@ -417,20 +417,21 @@ class NWFilterFirewall(FirewallDriver):
@@ -83,7 +86,7 @@ index dfa1deb..8d1bbe0 100644
  
 -                protocol = rule.protocol
 -                if version == 6 and rule.protocol == 'icmp':
-+                protocol = rule.protocol.lower()
++                protocol = rule.protocol.lower() if rule.protocol else None
 +                if version == 6 and protocol == 'icmp':
                      protocol = 'icmpv6'
  
diff --git a/openstack-nova.spec b/openstack-nova.spec
index 68a6d9a..031869e 100644
--- a/openstack-nova.spec
+++ b/openstack-nova.spec
@@ -2,7 +2,7 @@
 
 Name:             openstack-nova
 Version:          2011.3.1
-Release:          9%{?dist}
+Release:          10%{?dist}
 Summary:          OpenStack Compute (nova)
 
 Group:            Applications/System
@@ -390,6 +390,9 @@ fi
 %endif
 
 %changelog
+* Wed Jun 13 2012 Pádraig Brady <P at draigBrady.com> - 2011.3.1-10
+- Fix issue with previous CVE-2012-2654 fix
+
 * Wed Jun 06 2012 Pádraig Brady <P at draigBrady.com> - 2011.3.1-9
 - Sync up with Diablo stable branch, including...
 - Fix for protocol case handling (#829439, CVE-2012-2654)
