[Openstack-devel] Bug#719632: Prepared a new Wheezy update for Nova

Thomas Goirand zigo at debian.org
Mon Dec 9 12:54:24 UTC 2013


On 12/09/2013 07:43 PM, Julien Cristau wrote:
> On Mon, Dec  9, 2013 at 15:42:30 +0800, Thomas Goirand wrote:
> 
>> Hi,
>>
>> Here's the new changelog, with the remarks of J.Cristau taken into account:
>>
>> [ Thomas Goirand ]
>> * CVE-2013-4261: [OSSA 2013-026] Fix problem with long messages in Qpid.
>> * CVE-2013-2096: [OSSA 2013-012] Check QCOW2 image size during root disk
>>   creation (Closes: #710157).
>> * Updates debian/gbp.conf to use the debian/wheezy branch for building.
>> * Applies https://review.openstack.org/#/c/10168/: resolves issue where
>>   querying /v1.1/$tenant/os-hosts returns an empty list
>>   (Closes: #689318).
>>
>> [ Julien Cristau ]
>> * Fixes log rotation of nova-consoleauth.log and nova-xvpvncproxy.log
>>   (Closes: #706011).
>>
>> The package is available here:
>> http://archive.gplhost.com/pub/security/nova/
>>
>> With the debdiff next to it.
>>
> Please send the debdiff to this bug...
> 
> Cheers,
> Julien

Here you are.

Thomas

-------------- next part --------------
diff -Nru nova-2012.1.1/debian/changelog nova-2012.1.1/debian/changelog
--- nova-2012.1.1/debian/changelog	2013-04-10 11:14:21.000000000 +0000
+++ nova-2012.1.1/debian/changelog	2013-12-09 07:25:58.000000000 +0000
@@ -1,3 +1,19 @@
+nova (2012.1.1-18+deb7u1) wheezy-proposed-updates; urgency=low
+
+  [ Thomas Goirand ]
+  * CVE-2013-4261: [OSSA 2013-026] Fix problem with long messages in Qpid.
+  * CVE-2013-2096: [OSSA 2013-012] Check QCOW2 image size during root disk
+    creation (Closes: #710157).
+  * Updates debian/gbp.conf to use the debian/wheezy branch for building.
+  * Applies https://review.openstack.org/#/c/10168/: resolves issue where
+    querying /v1.1/$tenant/os-hosts returns an empty list (Closes: #689318).
+
+  [ Julien Cristau ]
+  * Fixes log rotation of nova-consoleauth.log and nova-xvpvncproxy.log
+    (Closes: #706011).
+
+ -- Thomas Goirand <zigo at debian.org>  Sat, 13 Jul 2013 22:26:11 +0800
+
 nova (2012.1.1-18) unstable; urgency=low
 
   * nova-common isn't anymore using /usr/share/doc to store configuration files
diff -Nru nova-2012.1.1/debian/gbp.conf nova-2012.1.1/debian/gbp.conf
--- nova-2012.1.1/debian/gbp.conf	2013-04-10 11:14:21.000000000 +0000
+++ nova-2012.1.1/debian/gbp.conf	2013-12-09 07:25:58.000000000 +0000
@@ -1,6 +1,6 @@
 [DEFAULT]
 upstream-branch = master
-debian-branch = debian/unstable
+debian-branch = debian/wheezy
 upstream-tag = %(version)s
 compression = xz
 
diff -Nru nova-2012.1.1/debian/nova-console.logrotate nova-2012.1.1/debian/nova-console.logrotate
--- nova-2012.1.1/debian/nova-console.logrotate	2013-04-10 11:14:21.000000000 +0000
+++ nova-2012.1.1/debian/nova-console.logrotate	2013-12-09 07:25:58.000000000 +0000
@@ -1,4 +1,4 @@
-/var/log/nova/nova-console.log {
+/var/log/nova/nova-console.log /var/log/nova/nova-consoleauth.log {
     daily
     copytruncate
     missingok
diff -Nru nova-2012.1.1/debian/nova-xvpvncproxy.logrotate nova-2012.1.1/debian/nova-xvpvncproxy.logrotate
--- nova-2012.1.1/debian/nova-xvpvncproxy.logrotate	2013-04-10 11:14:21.000000000 +0000
+++ nova-2012.1.1/debian/nova-xvpvncproxy.logrotate	2013-12-09 07:25:58.000000000 +0000
@@ -1,4 +1,4 @@
-/var/log/nova/nova-vncproxy.log {
+/var/log/nova/nova-xvpvncproxy.log {
     daily
     missingok
-}
\ No newline at end of file
+}
diff -Nru nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch
--- nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch	1970-01-01 00:00:00.000000000 +0000
+++ nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch	2013-12-09 07:25:58.000000000 +0000
@@ -0,0 +1,34 @@
+Description: Check QCOW2 image size during root disk creation
+ glance can only tell us the size of the file, not the virtual
+ size of the QCOW2. As such we need to check the virtual size of
+ the image once its cached and ensure it's <= to the flavor's
+ root disk size. Based on I833467284126557eb598b8350a84e10c06292fa9
+Author: Jamie Strandboge <jamie at canonical.com>
+Origin: https://bugs.launchpad.net/nova/+bug/1177830/comments/21
+Bug-Ubuntu: https://launchpad.net/bugs/1177830
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157
+Last-Update: 2013-07-13
+
+Index: nova/nova/virt/libvirt/connection.py
+===================================================================
+--- nova.orig/nova/virt/libvirt/connection.py	2013-07-13 22:30:01.000000000 +0800
++++ nova/nova/virt/libvirt/connection.py	2013-07-13 22:30:01.000000000 +0800
+@@ -1125,6 +1125,18 @@
+                 if cow:
+                     cow_base = base
+                     if size:
++                        # NOTE(cfb): Having a flavor that sets the root size to
++                        #            0 and having nova effectively ignore that
++                        #            size and use the size of the image is
++                        #            considered a feature at this time, not a
++                        #            bug.
++                        if os.path.exists(cow_base) and \
++                                size < disk.get_image_virtual_size(cow_base):
++                            LOG.error(_("%(base)s virtual size larger than "
++                                        "flavor root disk size %(size)s" %
++                                        {'base': cow_base, 'size': size}))
++                            raise exception.ImageTooLarge()
++
+                         size_gb = size / (1024 * 1024 * 1024)
+                         cow_base += "_%d" % size_gb
+                         if not os.path.exists(cow_base):
diff -Nru nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch
--- nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch	1970-01-01 00:00:00.000000000 +0000
+++ nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch	2013-12-09 07:25:58.000000000 +0000
@@ -0,0 +1,98 @@
+Description: Fix problem with long messages in Qpid
+ Qpid has a limitation where it cannot serialize a dict containing a string
+ greater than 65535 characters. This change alters the Qpid implementation to
+ JSON encode the dict before sending it, but only if Qpid would fail to
+ serialize it. This maintains as much backward compatibility as possible,
+ though long messages will still fail if they are sent to an older receiver.
+ .
+ Even though this change will modify the message format, it will only do it
+ when messages are longer than 65K which would be broken anyway and could
+ cause serious bugs like the one linked below.
+Author: Ben Nemec <bnemec at us.ibm.com>
+Origin: upstream, https://review.openstack.org/#/c/44700/
+Bug-Ubuntu: https://launchpad.net/bugs/1215091
+Date: Thu, 9 May 2013 19:06:45 +0000 (+0000)
+
+--- nova-2012.1.1.orig/nova/rpc/impl_qpid.py
++++ nova-2012.1.1/nova/rpc/impl_qpid.py
+@@ -22,6 +22,7 @@ import json
+ 
+ import eventlet
+ import greenlet
++import qpid.codec010 as qpid_codec
+ import qpid.messaging
+ import qpid.messaging.exceptions
+ 
+@@ -81,6 +82,8 @@ qpid_opts = [
+ FLAGS = flags.FLAGS
+ FLAGS.register_opts(qpid_opts)
+ 
++JSON_CONTENT_TYPE = 'application/json; charset=utf8'
++
+ 
+ class ConsumerBase(object):
+     """Consumer base class."""
+@@ -135,10 +138,27 @@ class ConsumerBase(object):
+         self.receiver = session.receiver(self.address)
+         self.receiver.capacity = 1
+ 
++    def _unpack_json_msg(self, msg):
++        """Load the JSON data in msg if msg.content_type indicates that it
++           is necessary.  Put the loaded data back into msg.content and
++           update msg.content_type appropriately.
++
++        A Qpid Message containing a dict will have a content_type of
++        'amqp/map', whereas one containing a string that needs to be converted
++        back from JSON will have a content_type of JSON_CONTENT_TYPE.
++
++        :param msg: a Qpid Message object
++        :returns: None
++        """
++        if msg.content_type == JSON_CONTENT_TYPE:
++            msg.content = jsonutils.loads(msg.content)
++            msg.content_type = 'amqp/map'
++
+     def consume(self):
+         """Fetch the message and pass it to the callback object"""
+         message = self.receiver.fetch()
+         try:
++            self._unpack_json_msg(message)
+             self.callback(message.content)
+         except Exception:
+             LOG.exception(_("Failed to process message... skipping it."))
+@@ -234,8 +254,35 @@ class Publisher(object):
+         """Re-establish the Sender after a reconnection"""
+         self.sender = session.sender(self.address)
+ 
++    def _pack_json_msg(self, msg):
++        """Qpid cannot serialize dicts containing strings longer than 65535
++           characters.  This function dumps the message content to a JSON
++           string, which Qpid is able to handle.
++
++        :param msg: May be either a Qpid Message object or a bare dict.
++        :returns: A Qpid Message with its content field JSON encoded.
++        """
++        try:
++            msg.content = jsonutils.dumps(msg.content)
++        except AttributeError:
++            # Need to have a Qpid message so we can set the content_type.
++            msg = qpid.messaging.Message(jsonutils.dumps(msg))
++        msg.content_type = JSON_CONTENT_TYPE
++        return msg
++
+     def send(self, msg):
+         """Send a message"""
++        try:
++            # Check if Qpid can encode the message
++            check_msg = msg
++            if not hasattr(check_msg, 'content_type'):
++                check_msg = qpid.messaging.Message(msg)
++            content_type = check_msg.content_type
++            enc, dec = qpid.messaging.message.get_codec(content_type)
++            enc(check_msg.content)
++        except qpid_codec.CodecException:
++            # This means the message couldn't be serialized as a dict.
++            msg = self._pack_json_msg(msg)
+         self.sender.send(msg)
+ 
+ 
diff -Nru nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch
--- nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch	1970-01-01 00:00:00.000000000 +0000
+++ nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch	2013-12-09 07:25:58.000000000 +0000
@@ -0,0 +1,62 @@
+Description: API 'v1.1/{tenant_id}/os-hosts' does not return a list of hosts
+ Backports fix for bug 1014925 to stable/essex, which resolves issue
+ where querying /v1.1/$tenant/os-hosts returns an empty list.
+ .
+ Original fix by Joe Gordon reviewed into Folsom at:
+  https://review.openstack.org/#/c/8682/2
+Author: Adam Gandelman <adamg at canonical.com>
+Origin: https://review.openstack.org/#/c/10168/
+Bug-Ubuntu: https://bugs.launchpad.net/nova/+bug/1014925
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689318
+Date: Mon, 23 Jul 2012 13:16:46 -0700
+
+diff --git a/nova/api/openstack/compute/contrib/hosts.py b/nova/api/openstack/compute/contrib/hosts.py
+index a93da9e..202c8ca 100644
+--- a/nova/api/openstack/compute/contrib/hosts.py
++++ b/nova/api/openstack/compute/contrib/hosts.py
+@@ -98,7 +97,10 @@ def _list_hosts(req, service=None):
+     by service type.
+     """
+     context = req.environ['nova.context']
+-    hosts = scheduler_api.get_host_list(context)
++    services = db.service_get_all(context, False)
++    hosts = []
++    for host in services:
++        hosts.append({"host_name": host['host'], 'service': host['topic']})
+     if service:
+         hosts = [host for host in hosts
+                 if host["service"] == service]
+diff --git a/nova/tests/api/openstack/compute/contrib/test_hosts.py b/nova/tests/api/openstack/compute/contrib/test_hosts.py
+index 77beeae..0482eb5 100644
+--- a/nova/tests/api/openstack/compute/contrib/test_hosts.py
++++ b/nova/tests/api/openstack/compute/contrib/test_hosts.py
+@@ -36,10 +36,15 @@ HOST_LIST = [
+         {"host_name": "host_c2", "service": "compute"},
+         {"host_name": "host_v1", "service": "volume"},
+         {"host_name": "host_v2", "service": "volume"}]
++SERVICES_LIST = [
++        {"host": "host_c1", "topic": "compute"},
++        {"host": "host_c2", "topic": "compute"},
++        {"host": "host_v1", "topic": "volume"},
++        {"host": "host_v2", "topic": "volume"}]
+ 
+ 
+-def stub_get_host_list(req):
+-    return HOST_LIST
++def stub_service_get_all(self, req):
++    return SERVICES_LIST
+ 
+ 
+ def stub_set_host_enabled(context, host, enabled):
+@@ -104,7 +109,7 @@ class HostTestCase(test.TestCase):
+         super(HostTestCase, self).setUp()
+         self.controller = os_hosts.HostController()
+         self.req = FakeRequest()
+-        self.stubs.Set(scheduler_api, 'get_host_list', stub_get_host_list)
++        self.stubs.Set(db, 'service_get_all', stub_service_get_all)
+         self.stubs.Set(self.controller.api, 'set_host_enabled',
+                        stub_set_host_enabled)
+         self.stubs.Set(self.controller.api, 'set_host_maintenance',
+-- 
+1.7.9.5
+
diff -Nru nova-2012.1.1/debian/patches/series nova-2012.1.1/debian/patches/series
--- nova-2012.1.1/debian/patches/series	2013-04-10 11:14:21.000000000 +0000
+++ nova-2012.1.1/debian/patches/series	2013-12-09 07:25:58.000000000 +0000
@@ -12,3 +12,6 @@
 CVE-2013-0335_VNC-unit-tests-fixes.patch
 CVE-2013-1838-Nova_DoS_by_allocating_all_Fixed_IPs_essex.patch
 Fixed_broken_vncproxy_flush_tokens.patch
+CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch
+api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch
+CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch


More information about the Openstack-devel mailing list