[openstack-nova/f16] include updated CVE-2012-2654 fix from upstream stable
Pádraig Brady
pbrady at fedoraproject.org
Wed Jun 13 15:49:29 UTC 2012
commit 29258e5016d1414dbcc43374786a14f895259cc3
Author: Pádraig Brady <P at draigBrady.com>
Date: Wed Jun 13 16:39:57 2012 +0100
include updated CVE-2012-2654 fix from upstream stable
...rotocol-case-handling-for-security-groups.patch | 9 ++++++---
openstack-nova.spec | 5 ++++-
2 files changed, 10 insertions(+), 4 deletions(-)
---
diff --git a/0022-Fix-up-protocol-case-handling-for-security-groups.patch b/0022-Fix-up-protocol-case-handling-for-security-groups.patch
index 08cd0ee..5d1b0be 100644
--- a/0022-Fix-up-protocol-case-handling-for-security-groups.patch
+++ b/0022-Fix-up-protocol-case-handling-for-security-groups.patch
@@ -1,4 +1,4 @@
-From 97c9e73ada674a1e009fc1126de0aef0de1c59e9 Mon Sep 17 00:00:00 2001
+From e0ed18da2c18de36ef98e18d9f3768919b483e5f Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda at gmail.com>
Date: Wed, 6 Jun 2012 13:25:04 -0400
Subject: [PATCH] Fix up protocol case handling for security groups.
@@ -13,6 +13,9 @@ applied.
(cherry picked from commit ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654)
+Also includes backport of thix fix:
+ https://review.openstack.org/#/c/8392
+
Change-Id: I36af1db29c2bd97627d614df21b5da07db29a8ab
---
nova/api/ec2/cloud.py | 2 +-
@@ -47,7 +50,7 @@ index 78d4881..2844b19 100644
values['to_port'] = to_port
else:
diff --git a/nova/virt/libvirt/firewall.py b/nova/virt/libvirt/firewall.py
-index dfa1deb..8d1bbe0 100644
+index dfa1deb..f234b28 100644
--- a/nova/virt/libvirt/firewall.py
+++ b/nova/virt/libvirt/firewall.py
@@ -417,20 +417,21 @@ class NWFilterFirewall(FirewallDriver):
@@ -83,7 +86,7 @@ index dfa1deb..8d1bbe0 100644
- protocol = rule.protocol
- if version == 6 and rule.protocol == 'icmp':
-+ protocol = rule.protocol.lower()
++ protocol = rule.protocol.lower() if rule.protocol else None
+ if version == 6 and protocol == 'icmp':
protocol = 'icmpv6'
diff --git a/openstack-nova.spec b/openstack-nova.spec
index 68a6d9a..031869e 100644
--- a/openstack-nova.spec
+++ b/openstack-nova.spec
@@ -2,7 +2,7 @@
Name: openstack-nova
Version: 2011.3.1
-Release: 9%{?dist}
+Release: 10%{?dist}
Summary: OpenStack Compute (nova)
Group: Applications/System
@@ -390,6 +390,9 @@ fi
%endif
%changelog
+* Wed Jun 13 2012 Pádraig Brady <P at draigBrady.com> - 2011.3.1-10
+- Fix issue with previous CVE-2012-2654 fix
+
* Wed Jun 06 2012 Pádraig Brady <P at draigBrady.com> - 2011.3.1-9
- Sync up with Diablo stable branch, including...
- Fix for protocol case handling (#829439, CVE-2012-2654)
More information about the scm-commits
mailing list