Bug#719632: [Openstack-devel] Bug#719632: Prepared a new Wheezy update for Nova
On 12/09/2013 07:43 PM, Julien Cristau wrote:
> On Mon, Dec 9, 2013 at 15:42:30 +0800, Thomas Goirand wrote:
>
>> Hi,
>>
>> Here's the new changelog, with the remarks of J.Cristau taken into account:
>>
>> [ Thomas Goirand ]
>> * CVE-2013-4261: [OSSA 2013-026] Fix problem with long messages in Qpid.
>> * CVE-2013-2096: [OSSA 2013-012] Check QCOW2 image size during root disk
>> creation (Closes: #710157).
>> * Updates debian/gbp.conf to use the debian/wheezy branch for building.
>> * Applies https://review.openstack.org/#/c/10168/: resolves issue where
>> querying /v1.1/$tenant/os-hosts returns an empty list
>> (Closes: #689318).
>>
>> [ Julien Cristau ]
>> * Fixes log rotation of nova-consoleauth.log and nova-xvpvncproxy.log
>> (Closes: #706011).
>>
>> The package is available here:
>> http://archive.gplhost.com/pub/security/nova/
>>
>> With the debdiff next to it.
>>
> Please send the debdiff to this bug...
>
> Cheers,
> Julien
Here you are.
Thomas
diff -Nru nova-2012.1.1/debian/changelog nova-2012.1.1/debian/changelog
--- nova-2012.1.1/debian/changelog 2013-04-10 11:14:21.000000000 +0000
+++ nova-2012.1.1/debian/changelog 2013-12-09 07:25:58.000000000 +0000
@@ -1,3 +1,19 @@
+nova (2012.1.1-18+deb7u1) wheezy-proposed-updates; urgency=low
+
+ [ Thomas Goirand ]
+ * CVE-2013-4261: [OSSA 2013-026] Fix problem with long messages in Qpid.
+ * CVE-2013-2096: [OSSA 2013-012] Check QCOW2 image size during root disk
+ creation (Closes: #710157).
+ * Updates debian/gbp.conf to use the debian/wheezy branch for building.
+ * Applies https://review.openstack.org/#/c/10168/: resolves issue where
+ querying /v1.1/$tenant/os-hosts returns an empty list (Closes: #689318).
+
+ [ Julien Cristau ]
+ * Fixes log rotation of nova-consoleauth.log and nova-xvpvncproxy.log
+ (Closes: #706011).
+
+ -- Thomas Goirand <zigo@debian.org> Sat, 13 Jul 2013 22:26:11 +0800
+
nova (2012.1.1-18) unstable; urgency=low
* nova-common isn't anymore using /usr/share/doc to store configuration files
diff -Nru nova-2012.1.1/debian/gbp.conf nova-2012.1.1/debian/gbp.conf
--- nova-2012.1.1/debian/gbp.conf 2013-04-10 11:14:21.000000000 +0000
+++ nova-2012.1.1/debian/gbp.conf 2013-12-09 07:25:58.000000000 +0000
@@ -1,6 +1,6 @@
[DEFAULT]
upstream-branch = master
-debian-branch = debian/unstable
+debian-branch = debian/wheezy
upstream-tag = %(version)s
compression = xz
diff -Nru nova-2012.1.1/debian/nova-console.logrotate nova-2012.1.1/debian/nova-console.logrotate
--- nova-2012.1.1/debian/nova-console.logrotate 2013-04-10 11:14:21.000000000 +0000
+++ nova-2012.1.1/debian/nova-console.logrotate 2013-12-09 07:25:58.000000000 +0000
@@ -1,4 +1,4 @@
-/var/log/nova/nova-console.log {
+/var/log/nova/nova-console.log /var/log/nova/nova-consoleauth.log {
daily
copytruncate
missingok
diff -Nru nova-2012.1.1/debian/nova-xvpvncproxy.logrotate nova-2012.1.1/debian/nova-xvpvncproxy.logrotate
--- nova-2012.1.1/debian/nova-xvpvncproxy.logrotate 2013-04-10 11:14:21.000000000 +0000
+++ nova-2012.1.1/debian/nova-xvpvncproxy.logrotate 2013-12-09 07:25:58.000000000 +0000
@@ -1,4 +1,4 @@
-/var/log/nova/nova-vncproxy.log {
+/var/log/nova/nova-xvpvncproxy.log {
daily
missingok
-}
\ No newline at end of file
+}
diff -Nru nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch
--- nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch 1970-01-01 00:00:00.000000000 +0000
+++ nova-2012.1.1/debian/patches/CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch 2013-12-09 07:25:58.000000000 +0000
@@ -0,0 +1,34 @@
+Description: Check QCOW2 image size during root disk creation
+ glance can only tell us the size of the file, not the virtual
+ size of the QCOW2. As such we need to check the virtual size of
+ the image once its cached and ensure it's <= to the flavor's
+ root disk size. Based on I833467284126557eb598b8350a84e10c06292fa9
+Author: Jamie Strandboge <jamie@canonical.com>
+Origin: https://bugs.launchpad.net/nova/+bug/1177830/comments/21
+Bug-Ubuntu: https://launchpad.net/bugs/1177830
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710157
+Last-Update: 2013-07-13
+
+Index: nova/nova/virt/libvirt/connection.py
+===================================================================
+--- nova.orig/nova/virt/libvirt/connection.py 2013-07-13 22:30:01.000000000 +0800
++++ nova/nova/virt/libvirt/connection.py 2013-07-13 22:30:01.000000000 +0800
+@@ -1125,6 +1125,18 @@
+ if cow:
+ cow_base = base
+ if size:
++ # NOTE(cfb): Having a flavor that sets the root size to
++ # 0 and having nova effectively ignore that
++ # size and use the size of the image is
++ # considered a feature at this time, not a
++ # bug.
++ if os.path.exists(cow_base) and \
++ size < disk.get_image_virtual_size(cow_base):
++ LOG.error(_("%(base)s virtual size larger than "
++ "flavor root disk size %(size)s" %
++ {'base': cow_base, 'size': size}))
++ raise exception.ImageTooLarge()
++
+ size_gb = size / (1024 * 1024 * 1024)
+ cow_base += "_%d" % size_gb
+ if not os.path.exists(cow_base):
diff -Nru nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch
--- nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch 1970-01-01 00:00:00.000000000 +0000
+++ nova-2012.1.1/debian/patches/CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch 2013-12-09 07:25:58.000000000 +0000
@@ -0,0 +1,98 @@
+Description: Fix problem with long messages in Qpid
+ Qpid has a limitation where it cannot serialize a dict containing a string
+ greater than 65535 characters. This change alters the Qpid implementation to
+ JSON encode the dict before sending it, but only if Qpid would fail to
+ serialize it. This maintains as much backward compatibility as possible,
+ though long messages will still fail if they are sent to an older receiver.
+ .
+ Even though this change will modify the message format, it will only do it
+ when messages are longer than 65K which would be broken anyway and could
+ cause serious bugs like the one linked below.
+Author: Ben Nemec <bnemec@us.ibm.com>
+Origin: upstream, https://review.openstack.org/#/c/44700/
+Bug-Ubuntu: https://launchpad.net/bugs/1215091
+Date: Thu, 9 May 2013 19:06:45 +0000 (+0000)
+
+--- nova-2012.1.1.orig/nova/rpc/impl_qpid.py
++++ nova-2012.1.1/nova/rpc/impl_qpid.py
+@@ -22,6 +22,7 @@ import json
+
+ import eventlet
+ import greenlet
++import qpid.codec010 as qpid_codec
+ import qpid.messaging
+ import qpid.messaging.exceptions
+
+@@ -81,6 +82,8 @@ qpid_opts = [
+ FLAGS = flags.FLAGS
+ FLAGS.register_opts(qpid_opts)
+
++JSON_CONTENT_TYPE = 'application/json; charset=utf8'
++
+
+ class ConsumerBase(object):
+ """Consumer base class."""
+@@ -135,10 +138,27 @@ class ConsumerBase(object):
+ self.receiver = session.receiver(self.address)
+ self.receiver.capacity = 1
+
++ def _unpack_json_msg(self, msg):
++ """Load the JSON data in msg if msg.content_type indicates that it
++ is necessary. Put the loaded data back into msg.content and
++ update msg.content_type appropriately.
++
++ A Qpid Message containing a dict will have a content_type of
++ 'amqp/map', whereas one containing a string that needs to be converted
++ back from JSON will have a content_type of JSON_CONTENT_TYPE.
++
++ :param msg: a Qpid Message object
++ :returns: None
++ """
++ if msg.content_type == JSON_CONTENT_TYPE:
++ msg.content = jsonutils.loads(msg.content)
++ msg.content_type = 'amqp/map'
++
+ def consume(self):
+ """Fetch the message and pass it to the callback object"""
+ message = self.receiver.fetch()
+ try:
++ self._unpack_json_msg(message)
+ self.callback(message.content)
+ except Exception:
+ LOG.exception(_("Failed to process message... skipping it."))
+@@ -234,8 +254,35 @@ class Publisher(object):
+ """Re-establish the Sender after a reconnection"""
+ self.sender = session.sender(self.address)
+
++ def _pack_json_msg(self, msg):
++ """Qpid cannot serialize dicts containing strings longer than 65535
++ characters. This function dumps the message content to a JSON
++ string, which Qpid is able to handle.
++
++ :param msg: May be either a Qpid Message object or a bare dict.
++ :returns: A Qpid Message with its content field JSON encoded.
++ """
++ try:
++ msg.content = jsonutils.dumps(msg.content)
++ except AttributeError:
++ # Need to have a Qpid message so we can set the content_type.
++ msg = qpid.messaging.Message(jsonutils.dumps(msg))
++ msg.content_type = JSON_CONTENT_TYPE
++ return msg
++
+ def send(self, msg):
+ """Send a message"""
++ try:
++ # Check if Qpid can encode the message
++ check_msg = msg
++ if not hasattr(check_msg, 'content_type'):
++ check_msg = qpid.messaging.Message(msg)
++ content_type = check_msg.content_type
++ enc, dec = qpid.messaging.message.get_codec(content_type)
++ enc(check_msg.content)
++ except qpid_codec.CodecException:
++ # This means the message couldn't be serialized as a dict.
++ msg = self._pack_json_msg(msg)
+ self.sender.send(msg)
+
+
diff -Nru nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch
--- nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch 1970-01-01 00:00:00.000000000 +0000
+++ nova-2012.1.1/debian/patches/api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch 2013-12-09 07:25:58.000000000 +0000
@@ -0,0 +1,62 @@
+Description: API 'v1.1/{tenant_id}/os-hosts' does not return a list of hosts
+ Backports fix for bug 1014925 to stable/essex, which resolves issue
+ where querying /v1.1/$tenant/os-hosts returns an empty list.
+ .
+ Original fix by Joe Gordon reviewed into Folsom at:
+ https://review.openstack.org/#/c/8682/2
+Author: Adam Gandelman <adamg@canonical.com>
+Origin: https://review.openstack.org/#/c/10168/
+Bug-Ubuntu: https://bugs.launchpad.net/nova/+bug/1014925
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689318
+Date: Mon, 23 Jul 2012 13:16:46 -0700
+
+diff --git a/nova/api/openstack/compute/contrib/hosts.py b/nova/api/openstack/compute/contrib/hosts.py
+index a93da9e..202c8ca 100644
+--- a/nova/api/openstack/compute/contrib/hosts.py
++++ b/nova/api/openstack/compute/contrib/hosts.py
+@@ -98,7 +97,10 @@ def _list_hosts(req, service=None):
+ by service type.
+ """
+ context = req.environ['nova.context']
+- hosts = scheduler_api.get_host_list(context)
++ services = db.service_get_all(context, False)
++ hosts = []
++ for host in services:
++ hosts.append({"host_name": host['host'], 'service': host['topic']})
+ if service:
+ hosts = [host for host in hosts
+ if host["service"] == service]
+diff --git a/nova/tests/api/openstack/compute/contrib/test_hosts.py b/nova/tests/api/openstack/compute/contrib/test_hosts.py
+index 77beeae..0482eb5 100644
+--- a/nova/tests/api/openstack/compute/contrib/test_hosts.py
++++ b/nova/tests/api/openstack/compute/contrib/test_hosts.py
+@@ -36,10 +36,15 @@ HOST_LIST = [
+ {"host_name": "host_c2", "service": "compute"},
+ {"host_name": "host_v1", "service": "volume"},
+ {"host_name": "host_v2", "service": "volume"}]
++SERVICES_LIST = [
++ {"host": "host_c1", "topic": "compute"},
++ {"host": "host_c2", "topic": "compute"},
++ {"host": "host_v1", "topic": "volume"},
++ {"host": "host_v2", "topic": "volume"}]
+
+
+-def stub_get_host_list(req):
+- return HOST_LIST
++def stub_service_get_all(self, req):
++ return SERVICES_LIST
+
+
+ def stub_set_host_enabled(context, host, enabled):
+@@ -104,7 +109,7 @@ class HostTestCase(test.TestCase):
+ super(HostTestCase, self).setUp()
+ self.controller = os_hosts.HostController()
+ self.req = FakeRequest()
+- self.stubs.Set(scheduler_api, 'get_host_list', stub_get_host_list)
++ self.stubs.Set(db, 'service_get_all', stub_service_get_all)
+ self.stubs.Set(self.controller.api, 'set_host_enabled',
+ stub_set_host_enabled)
+ self.stubs.Set(self.controller.api, 'set_host_maintenance',
+--
+1.7.9.5
+
diff -Nru nova-2012.1.1/debian/patches/series nova-2012.1.1/debian/patches/series
--- nova-2012.1.1/debian/patches/series 2013-04-10 11:14:21.000000000 +0000
+++ nova-2012.1.1/debian/patches/series 2013-12-09 07:25:58.000000000 +0000
@@ -12,3 +12,6 @@
CVE-2013-0335_VNC-unit-tests-fixes.patch
CVE-2013-1838-Nova_DoS_by_allocating_all_Fixed_IPs_essex.patch
Fixed_broken_vncproxy_flush_tokens.patch
+CVE-2013-2096_Check_QCOW2_image_size_during_root_disk_creation.patch
+api_v1.1_os-hosts_does_not_return_a_list_of_hosts.patch
+CVE-2013-4261_Fix_problem_with_long_messages_in_Qpid.patch
Reply to: