[gentoo-commits] gentoo-x86 commit in sys-cluster/nova/files: CVE-2013-7048-havana.patch CVE-2013-7048-grizzly.patch - gentoo-commits

From:	"Matt Thode (prometheanfire)" <prometheanfire@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in sys-cluster/nova/files: CVE-2013-7048-havana.patch CVE-2013-7048-grizzly.patch
Date:	Mon, 27 Jan 2014 08:44:55
Message-Id:	`20140127084451.90B012004C@flycatcher.gentoo.org`

1

prometheanfire    14/01/27 08:44:51

2

3

  Added:                CVE-2013-7048-havana.patch

4

                        CVE-2013-7048-grizzly.patch

5

  Log:

6

  fixes for bug 494026 CVE-2013-7048

7

8

  (Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)

9

10

Revision  Changes    Path

11

1.1                  sys-cluster/nova/files/CVE-2013-7048-havana.patch

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/nova/files/CVE-2013-7048-havana.patch?rev=1.1&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/nova/files/CVE-2013-7048-havana.patch?rev=1.1&content-type=text/plain

15

16

Index: CVE-2013-7048-havana.patch

17

===================================================================

18

From 75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d Mon Sep 17 00:00:00 2001

19

From: Xavier Queralt <xqueralt@××××××.com>

20

Date: Wed, 27 Nov 2013 19:44:36 +0000

21

Subject: Enforce permissions in snapshots temporary dir

22

23

Live snapshots creates a temporary directory where libvirt driver

24

creates a new image from the instance's disk using blockRebase.

25

Currently this directory is created with 777 permissions making this

26

directory accessible by all the users in the system.

27

28

This patch changes the tempdir permissions so they have the o+x

29

flag set, which is what libvirt needs to be able to write in it and

30

31

Closes-Bug: #1227027

32

Change-Id: I767ff5247b4452821727e92b668276004fc0f84d

33

(cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f)

34

---

35

diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py

36

index 5c05307..d427d65 100644

37

--- a/nova/virt/libvirt/driver.py

38

+++ b/nova/virt/libvirt/driver.py

39

@@ -1390,9 +1390,8 @@ class LibvirtDriver(driver.ComputeDriver):

40

             try:

41

                 out_path = os.path.join(tmpdir, snapshot_name)

42

                 if live_snapshot:

43

-                    # NOTE (rmk): libvirt needs to be able to write to the

44

-                    #             temp directory, which is owned nova.

45

-                    utils.execute('chmod', '777', tmpdir, run_as_root=True)

46

+                    # NOTE(xqueralt): libvirt needs o+x in the temp directory

47

+                    os.chmod(tmpdir, 0o701)

48

                     self._live_snapshot(virt_dom, disk_path, out_path,

49

                                         image_format)

50

                 else:

51

--

52

cgit v0.9.2

1.1                  sys-cluster/nova/files/CVE-2013-7048-grizzly.patch

57

58

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch?rev=1.1&view=markup

59

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch?rev=1.1&content-type=text/plain

60

61

Index: CVE-2013-7048-grizzly.patch

62

===================================================================

63

From 9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa Mon Sep 17 00:00:00 2001

64

From: Xavier Queralt <xqueralt@××××××.com>

65

Date: Wed, 27 Nov 2013 19:44:36 +0000

66

Subject: Enforce permissions in snapshots temporary dir

67

68

Live snapshots creates a temporary directory where libvirt driver

69

creates a new image from the instance's disk using blockRebase.

70

Currently this directory is created with 777 permissions making this

71

directory accessible by all the users in the system.

72

73

This patch changes the tempdir permissions so they have the o+x

74

flag set, which is what libvirt needs to be able to write in it and

75

76

Closes-Bug: #1227027

77

Change-Id: I767ff5247b4452821727e92b668276004fc0f84d

78

(cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f)

79

---

80

diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py

81

index 6b977cb..4cc85f1 100755

82

--- a/nova/virt/libvirt/driver.py

83

+++ b/nova/virt/libvirt/driver.py

84

@@ -1191,9 +1191,8 @@ class LibvirtDriver(driver.ComputeDriver):

85

             try:

86

                 out_path = os.path.join(tmpdir, snapshot_name)

87

                 if live_snapshot:

88

-                    # NOTE (rmk): libvirt needs to be able to write to the

89

-                    #             temp directory, which is owned nova.

90

-                    utils.execute('chmod', '777', tmpdir, run_as_root=True)

91

+                    # NOTE(xqueralt): libvirt needs o+x in the temp directory

92

+                    os.chmod(tmpdir, 0o701)

93

                     self._live_snapshot(virt_dom, disk_path, out_path,

94

                                         image_format)

95

                 else:

96

--

97

cgit v0.9.2

1	prometheanfire 14/01/27 08:44:51
2
3	Added: CVE-2013-7048-havana.patch
4	CVE-2013-7048-grizzly.patch
5	Log:
6	fixes for bug 494026 CVE-2013-7048
7
8	(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
9
10	Revision Changes Path
11	1.1 sys-cluster/nova/files/CVE-2013-7048-havana.patch
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/nova/files/CVE-2013-7048-havana.patch?rev=1.1&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/nova/files/CVE-2013-7048-havana.patch?rev=1.1&content-type=text/plain
15
16	Index: CVE-2013-7048-havana.patch
17	===================================================================
18	From 75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d Mon Sep 17 00:00:00 2001
19	From: Xavier Queralt <xqueralt@××××××.com>
20	Date: Wed, 27 Nov 2013 19:44:36 +0000
21	Subject: Enforce permissions in snapshots temporary dir
22
23	Live snapshots creates a temporary directory where libvirt driver
24	creates a new image from the instance's disk using blockRebase.
25	Currently this directory is created with 777 permissions making this
26	directory accessible by all the users in the system.
27
28	This patch changes the tempdir permissions so they have the o+x
29	flag set, which is what libvirt needs to be able to write in it and
30
31	Closes-Bug: #1227027
32	Change-Id: I767ff5247b4452821727e92b668276004fc0f84d
33	(cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f)
34	---
35	diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
36	index 5c05307..d427d65 100644
37	--- a/nova/virt/libvirt/driver.py
38	+++ b/nova/virt/libvirt/driver.py
39	@@ -1390,9 +1390,8 @@ class LibvirtDriver(driver.ComputeDriver):
40	try:
41	out_path = os.path.join(tmpdir, snapshot_name)
42	if live_snapshot:
43	- # NOTE (rmk): libvirt needs to be able to write to the
44	- # temp directory, which is owned nova.
45	- utils.execute('chmod', '777', tmpdir, run_as_root=True)
46	+ # NOTE(xqueralt): libvirt needs o+x in the temp directory
47	+ os.chmod(tmpdir, 0o701)
48	self._live_snapshot(virt_dom, disk_path, out_path,
49	image_format)
50	else:
51	--
52	cgit v0.9.2
53
54
55
56	1.1 sys-cluster/nova/files/CVE-2013-7048-grizzly.patch
57
58	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch?rev=1.1&view=markup
59	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/nova/files/CVE-2013-7048-grizzly.patch?rev=1.1&content-type=text/plain
60
61	Index: CVE-2013-7048-grizzly.patch
62	===================================================================
63	From 9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa Mon Sep 17 00:00:00 2001
64	From: Xavier Queralt <xqueralt@××××××.com>
65	Date: Wed, 27 Nov 2013 19:44:36 +0000
66	Subject: Enforce permissions in snapshots temporary dir
67
68	Live snapshots creates a temporary directory where libvirt driver
69	creates a new image from the instance's disk using blockRebase.
70	Currently this directory is created with 777 permissions making this
71	directory accessible by all the users in the system.
72
73	This patch changes the tempdir permissions so they have the o+x
74	flag set, which is what libvirt needs to be able to write in it and
75
76	Closes-Bug: #1227027
77	Change-Id: I767ff5247b4452821727e92b668276004fc0f84d
78	(cherry picked from commit 8a34fc3d48c467aa196f65eed444ccdc7c02f19f)
79	---
80	diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
81	index 6b977cb..4cc85f1 100755
82	--- a/nova/virt/libvirt/driver.py
83	+++ b/nova/virt/libvirt/driver.py
84	@@ -1191,9 +1191,8 @@ class LibvirtDriver(driver.ComputeDriver):
85	try:
86	out_path = os.path.join(tmpdir, snapshot_name)
87	if live_snapshot:
88	- # NOTE (rmk): libvirt needs to be able to write to the
89	- # temp directory, which is owned nova.
90	- utils.execute('chmod', '777', tmpdir, run_as_root=True)
91	+ # NOTE(xqueralt): libvirt needs o+x in the temp directory
92	+ os.chmod(tmpdir, 0o701)
93	self._live_snapshot(virt_dom, disk_path, out_path,
94	image_format)
95	else:
96	--
97	cgit v0.9.2

Gentoo Archives: gentoo-commits