fixing CVE-2015-1851

(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0x33ED3FD25AFC78BA)
author: Matthew Thode <prometheanfire@gentoo.org> 2015-06-17 21:50:18 +0000
committer: Matthew Thode <prometheanfire@gentoo.org> 2015-06-17 21:50:18 +0000
commit: 69194a2e13c3bdf764b9b638f4b5fa74f76a604e (patch)
tree: 5bd6e271b34665d27fc66f5ebfe4532aeeeb1eff /sys-cluster/cinder
parent: adding s6 suport for bug 550594 (diff)
download: gentoo-2-69194a2e13c3bdf764b9b638f4b5fa74f76a604e.tar.gz
gentoo-2-69194a2e13c3bdf764b9b638f4b5fa74f76a604e.tar.bz2
gentoo-2-69194a2e13c3bdf764b9b638f4b5fa74f76a604e.zip
5 files changed, 336 insertions, 3 deletions
diff --git a/sys-cluster/cinder/ChangeLog b/sys-cluster/cinder/ChangeLog
index 19e20e272557..69af9267be59 100644
--- a/sys-cluster/cinder/ChangeLog
+++ b/sys-cluster/cinder/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-cluster/cinder
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/cinder/ChangeLog,v 1.56 2015/06/17 21:16:47 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/cinder/ChangeLog,v 1.57 2015/06/17 21:50:18 prometheanfire Exp $
+
+*cinder-2015.1.0-r1 (17 Jun 2015)
+*cinder-2014.2.3-r1 (17 Jun 2015)
+
+  17 Jun 2015; Matthew Thode <prometheanfire@gentoo.org>
+  +cinder-2014.2.3-r1.ebuild, +cinder-2015.1.0-r1.ebuild,
+  +files/CVE-2015-1851_2014.2.3.patch, +files/CVE-2015-1851_2015.1.0.patch,
+  -cinder-2015.1.0.ebuild:
+  fixing CVE-2015-1851
 
   17 Jun 2015; Matthew Thode <prometheanfire@gentoo.org> cinder-2015.1.0.ebuild,
   cinder-2015.1.9999.ebuild, metadata.xml:
diff --git a/sys-cluster/cinder/cinder-2014.2.3-r1.ebuild b/sys-cluster/cinder/cinder-2014.2.3-r1.ebuild
new file mode 100644
index 000000000000..375aed3e35c6
--- /dev/null
+++ b/sys-cluster/cinder/cinder-2014.2.3-r1.ebuild
@@ -0,0 +1,154 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/cinder/cinder-2014.2.3-r1.ebuild,v 1.1 2015/06/17 21:50:18 prometheanfire Exp $
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 eutils linux-info user
+
+DESCRIPTION="Cinder is the OpenStack Block storage service, a spin out of nova-volumes"
+HOMEPAGE="https://launchpad.net/cinder"
+SRC_URI="http://launchpad.net/${PN}/juno/${PV}/+download/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+api +scheduler +volume iscsi lvm mysql postgres sqlite test"
+REQUIRED_USE="|| ( mysql postgres sqlite )"
+
+#sudo is a build dep because I want the sudoers.d directory to exist, lazy.
+DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
+		>=dev-python/pbr-0.8[${PYTHON_USEDEP}]
+		<dev-python/pbr-1.0[${PYTHON_USEDEP}]
+		app-admin/sudo
+		test? (
+			${RDEPEND}
+			>=dev-python/hacking-0.9.2[${PYTHON_USEDEP}]
+			<dev-python/hacking-0.10[${PYTHON_USEDEP}]
+			>=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+			>=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
+			>=dev-python/mock-1.0[${PYTHON_USEDEP}]
+			>=dev-python/mox-0.5.3[${PYTHON_USEDEP}]
+			mysql? ( dev-python/mysql-python[${PYTHON_USEDEP}] )
+			postgres? ( dev-python/psycopg[${PYTHON_USEDEP}] )
+			>=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+			!~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
+			<dev-python/sphinx-1.3[${PYTHON_USEDEP}]
+			>=dev-python/subunit-0.0.18[${PYTHON_USEDEP}]
+			>=dev-python/testtools-0.9.34[${PYTHON_USEDEP}]
+			!~dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
+			>=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
+			>=dev-python/oslo-sphinx-2.2.0[${PYTHON_USEDEP}]
+		)"
+
+RDEPEND="
+	>=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}]
+	>=dev-python/Babel-1.3[${PYTHON_USEDEP}]
+	>=dev-python/eventlet-0.15.1[${PYTHON_USEDEP}]
+	<dev-python/eventlet-0.16.0[${PYTHON_USEDEP}]
+	>=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
+	>=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
+	>=dev-python/keystonemiddleware-1.0.0[${PYTHON_USEDEP}]
+	>=dev-python/kombu-2.5.0[${PYTHON_USEDEP}]
+	>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
+	>=dev-python/netaddr-0.7.12[${PYTHON_USEDEP}]
+	>=dev-python/oslo-config-1.4.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-db-1.0.0[${PYTHON_USEDEP}]
+	<dev-python/oslo-db-1.1.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-messaging-1.4.0[${PYTHON_USEDEP}]
+	!~dev-python/oslo-messaging-1.5.0[${PYTHON_USEDEP}]
+	<dev-python/oslo-messaging-1.6.0[${PYTHON_USEDEP}]
+	>=dev-python/oslo-rootwrap-1.3.0[${PYTHON_USEDEP}]
+	>=dev-python/osprofiler-0.3.0[${PYTHON_USEDEP}]
+	>=dev-python/paramiko-1.13.0[${PYTHON_USEDEP}]
+	dev-python/paste[${PYTHON_USEDEP}]
+	>=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}]
+	>=dev-python/python-barbicanclient-2.1.0[${PYTHON_USEDEP}]
+	!~dev-python/python-barbicanclient-3.0.0[${PYTHON_USEDEP}]
+	<dev-python/python-barbicanclient-3.0.2[${PYTHON_USEDEP}]
+	>=dev-python/python-glanceclient-0.14.0[${PYTHON_USEDEP}]
+	>=dev-python/python-novaclient-2.18.0[${PYTHON_USEDEP}]
+	>=dev-python/python-swiftclient-2.2.0[${PYTHON_USEDEP}]
+	>=dev-python/requests-2.1.0[${PYTHON_USEDEP}]
+	!~dev-python/requests-2.4.0[${PYTHON_USEDEP}]
+	>=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
+	!~dev-python/routes-2.0[${PYTHON_USEDEP}]
+	>=dev-python/taskflow-0.4[${PYTHON_USEDEP}]
+	<dev-python/taskflow-0.7.0[${PYTHON_USEDEP}]
+	>=dev-python/rtslib-fb-2.1.39[${PYTHON_USEDEP}]
+	>=dev-python/six-1.7.0[${PYTHON_USEDEP}]
+	sqlite? (
+		>=dev-python/sqlalchemy-0.9.7[sqlite,${PYTHON_USEDEP}]
+		<=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}]
+	)
+	mysql? (
+		dev-python/mysql-python
+		>=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+		<=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+	)
+	postgres? (
+		dev-python/psycopg:2
+		>=dev-python/sqlalchemy-0.9.7[${PYTHON_USEDEP}]
+		<=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}]
+	)
+	~dev-python/sqlalchemy-migrate-0.9.1[${PYTHON_USEDEP}]
+	>=dev-python/stevedore-1.0.0[${PYTHON_USEDEP}]
+	>=dev-python/suds-0.4[${PYTHON_USEDEP}]
+	>=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
+	>=dev-python/oslo-i18n-1.0.0[${PYTHON_USEDEP}]
+	iscsi? (
+		|| ( >=sys-block/iscsitarget-1.4.20.2_p20130821 sys-block/tgt )
+		sys-block/open-iscsi )
+	lvm? ( sys-fs/lvm2 )
+	sys-fs/sysfsutils"
+
+PATCHES=( "${FILESDIR}"/CVE-2015-1851_2014.2.3.patch )
+
+pkg_setup() {
+	linux-info_pkg_setup
+	CONFIG_CHECK_MODULES="ISCSI_TCP"
+	if linux_config_exists; then
+		for module in ${CONFIG_CHECK_MODULES}; do
+			linux_chkconfig_present ${module} || ewarn "${module} needs to be built as module (builtin doesn't work)"
+		done
+	fi
+	enewgroup cinder
+	enewuser cinder -1 -1 /var/lib/cinder cinder
+}
+
+#python_compile_all() { leave for next attempt
+#	use doc && emake -C doc html
+#}
+
+python_test() {
+	# Let's track progress of this # https://bugs.launchpad.net/swift/+bug/1249727
+	nosetests -I test_wsgi.py cinder/tests/ || die "tests failed under python2.7"
+}
+
+python_install() {
+	distutils-r1_python_install
+	keepdir /etc/cinder
+	dodir /etc/cinder/rootwrap.d
+
+	for svc in api scheduler volume; do
+		newinitd "${FILESDIR}/cinder.initd" cinder-${svc}
+	done
+
+	insinto /etc/cinder
+	newins "${S}/etc/cinder/cinder.conf.sample" "cinder.conf"
+	newins "${S}/etc/cinder/api-paste.ini" "api-paste.ini"
+	newins "${S}/etc/cinder/logging_sample.conf" "logging_sample.conf"
+	newins "${S}/etc/cinder/policy.json" "policy.json"
+	newins "${S}/etc/cinder/rootwrap.conf" "rootwrap.conf"
+	insinto /etc/cinder/rootwrap.d
+	newins "${S}/etc/cinder/rootwrap.d/volume.filters" "volume.filters"
+
+	dodir /var/log/cinder
+	fowners cinder:cinder /var/log/cinder
+
+	#add sudoers definitions for user nova
+	insinto /etc/sudoers.d/
+	insopts -m 0440 -o root -g root
+	newins "${FILESDIR}/cinder.sudoersd" cinder
+}
diff --git a/sys-cluster/cinder/cinder-2015.1.0.ebuild b/sys-cluster/cinder/cinder-2015.1.0-r1.ebuild
index 7a44cec89fe8..b37563471a4b 100644
--- a/sys-cluster/cinder/cinder-2015.1.0.ebuild
+++ b/sys-cluster/cinder/cinder-2015.1.0-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/cinder/cinder-2015.1.0.ebuild,v 1.5 2015/06/17 21:16:47 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/cinder/cinder-2015.1.0-r1.ebuild,v 1.1 2015/06/17 21:50:18 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -130,7 +130,7 @@ RDEPEND="
 	memcached? ( net-misc/memcached )
 	sys-fs/sysfsutils"
 
-PATCHES=( )
+PATCHES=( "${FILESDIR}"/CVE-2015-1851_2015.1.0.patch )
 
 pkg_setup() {
 	linux-info_pkg_setup
diff --git a/sys-cluster/cinder/files/CVE-2015-1851_2014.2.3.patch b/sys-cluster/cinder/files/CVE-2015-1851_2014.2.3.patch
new file mode 100644
index 000000000000..5335e5c02ad5
--- /dev/null
+++ b/sys-cluster/cinder/files/CVE-2015-1851_2014.2.3.patch
@@ -0,0 +1,85 @@
+From d31c937c566005dedf41a60c6b5bd5e7b26f221b Mon Sep 17 00:00:00 2001
+From: Eric Harney <eharney@redhat.com>
+Date: Tue, 31 Mar 2015 19:48:17 -0400
+Subject: [PATCH] Disallow backing files when uploading volumes to image
+
+Volumes with a header referencing a backing file can leak
+file data into the destination image when uploading a
+volume to an image.
+
+Halt the upload process if the volume data references a
+backing file to prevent this.
+
+Closes-Bug: #1415087
+Change-Id: Iab9718794e7f7e8444015712cfa08c46848ebf78
+(cherry picked from commit 9634b76ba5886d6c2f2128d550cb005dabf48213)
+Conflicts:
+    cinder/tests/test_image_utils.py (backport to old tests)
+---
+ cinder/image/image_utils.py      | 14 ++++++++++++++
+ cinder/tests/test_image_utils.py | 13 +++++++++++++
+ 2 files changed, 27 insertions(+)
+
+diff --git a/cinder/image/image_utils.py b/cinder/image/image_utils.py
+index 160dfe7..cac0072 100644
+--- a/cinder/image/image_utils.py
++++ b/cinder/image/image_utils.py
+@@ -312,6 +312,20 @@ def upload_volume(context, image_service, image_meta, volume_path,
+     with fileutils.remove_path_on_error(tmp):
+         LOG.debug("%s was %s, converting to %s" %
+                   (image_id, volume_format, image_meta['disk_format']))
++
++        data = qemu_img_info(volume_path)
++        backing_file = data.backing_file
++        fmt = data.file_format
++        if backing_file is not None:
++            # Disallow backing files as a security measure.
++            # This prevents a user from writing an image header into a raw
++            # volume with a backing file pointing to data they wish to
++            # access.
++            raise exception.ImageUnacceptable(
++                image_id=image_id,
++                reason=_("fmt=%(fmt)s backed by:%(backing_file)s")
++                % {'fmt': fmt, 'backing_file': backing_file})
++
+         convert_image(volume_path, tmp, image_meta['disk_format'],
+                       bps_limit=CONF.volume_copy_bps_limit)
+ 
+diff --git a/cinder/tests/test_image_utils.py b/cinder/tests/test_image_utils.py
+index 86168c0..2cf571a 100644
+--- a/cinder/tests/test_image_utils.py
++++ b/cinder/tests/test_image_utils.py
+@@ -462,6 +462,10 @@ def test_upload_volume(self, mock_stat, bps_limit=0):
+         volume_utils.setup_blkio_cgroup(mox.IgnoreArg(), mox.IgnoreArg(),
+                                         bps_limit).AndReturn(prefix)
+ 
++        utils.execute(
++            'env', 'LC_ALL=C', 'qemu-img', 'info',
++            mox.IgnoreArg(), run_as_root=True).AndReturn(
++                (TEST_RET, 'ignored'))
+         utils.execute(*cmd, run_as_root=True)
+         utils.execute(
+             'env', 'LC_ALL=C', 'qemu-img', 'info',
+@@ -497,6 +501,11 @@ def test_upload_volume_with_bps_limit(self, mock_stat):
+ 
+         volume_utils.setup_blkio_cgroup(mox.IgnoreArg(), mox.IgnoreArg(),
+                                         bps_limit).AndReturn(prefix)
++
++        utils.execute(
++            'env', 'LC_ALL=C', 'qemu-img', 'info',
++            mox.IgnoreArg(), run_as_root=True).AndReturn(
++                (TEST_RET, 'ignored'))
+         utils.execute(*cmd, run_as_root=True)
+         utils.execute(
+             'env', 'LC_ALL=C', 'qemu-img', 'info',
+@@ -534,6 +543,10 @@ def test_upload_volume_on_error(self, mock_stat):
+         m.StubOutWithMock(utils, 'execute')
+         m.StubOutWithMock(volume_utils, 'check_for_odirect_support')
+ 
++        utils.execute(
++            'env', 'LC_ALL=C', 'qemu-img', 'info',
++            mox.IgnoreArg(), run_as_root=True).AndReturn(
++                (TEST_RET, 'ignored'))
+         utils.execute('qemu-img', 'convert', '-O', 'qcow2',
+                       mox.IgnoreArg(), mox.IgnoreArg(), run_as_root=True)
+         utils.execute(
diff --git a/sys-cluster/cinder/files/CVE-2015-1851_2015.1.0.patch b/sys-cluster/cinder/files/CVE-2015-1851_2015.1.0.patch
new file mode 100644
index 000000000000..2e1d31970fc1
--- /dev/null
+++ b/sys-cluster/cinder/files/CVE-2015-1851_2015.1.0.patch
@@ -0,0 +1,85 @@
+From 9634b76ba5886d6c2f2128d550cb005dabf48213 Mon Sep 17 00:00:00 2001
+From: Eric Harney <eharney@redhat.com>
+Date: Tue, 31 Mar 2015 19:48:17 -0400
+Subject: [PATCH] Disallow backing files when uploading volumes to image
+
+Volumes with a header referencing a backing file can leak
+file data into the destination image when uploading a
+volume to an image.
+
+Halt the upload process if the volume data references a
+backing file to prevent this.
+
+Closes-Bug: #1415087
+Change-Id: Iab9718794e7f7e8444015712cfa08c46848ebf78
+(cherry picked from commit b1143ee45323e63b965a3710f9063e65b252c978)
+---
+ cinder/image/image_utils.py      | 14 ++++++++++++++
+ cinder/tests/test_image_utils.py |  8 ++++++--
+ 2 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/cinder/image/image_utils.py b/cinder/image/image_utils.py
+index 6e5e2fb..6ae0f81 100644
+--- a/cinder/image/image_utils.py
++++ b/cinder/image/image_utils.py
+@@ -344,6 +344,20 @@ def upload_volume(context, image_service, image_meta, volume_path,
+     with temporary_file() as tmp:
+         LOG.debug("%s was %s, converting to %s",
+                   image_id, volume_format, image_meta['disk_format'])
++
++        data = qemu_img_info(volume_path, run_as_root=run_as_root)
++        backing_file = data.backing_file
++        fmt = data.file_format
++        if backing_file is not None:
++            # Disallow backing files as a security measure.
++            # This prevents a user from writing an image header into a raw
++            # volume with a backing file pointing to data they wish to
++            # access.
++            raise exception.ImageUnacceptable(
++                image_id=image_id,
++                reason=_("fmt=%(fmt)s backed by:%(backing_file)s")
++                % {'fmt': fmt, 'backing_file': backing_file})
++
+         convert_image(volume_path, tmp, image_meta['disk_format'],
+                       run_as_root=run_as_root)
+ 
+diff --git a/cinder/tests/test_image_utils.py b/cinder/tests/test_image_utils.py
+index ab41243..3f8e763 100644
+--- a/cinder/tests/test_image_utils.py
++++ b/cinder/tests/test_image_utils.py
+@@ -381,6 +381,7 @@ def test_diff_format(self, mock_os, mock_temp, mock_convert, mock_info,
+         mock_os.name = 'posix'
+         data = mock_info.return_value
+         data.file_format = mock.sentinel.disk_format
++        data.backing_file = None
+         temp_file = mock_temp.return_value.__enter__.return_value
+ 
+         output = image_utils.upload_volume(ctxt, image_service, image_meta,
+@@ -391,7 +392,8 @@ def test_diff_format(self, mock_os, mock_temp, mock_convert, mock_info,
+                                              temp_file,
+                                              mock.sentinel.disk_format,
+                                              run_as_root=True)
+-        mock_info.assert_called_once_with(temp_file, run_as_root=True)
++        mock_info.assert_called_with(temp_file, run_as_root=True)
++        self.assertEqual(mock_info.call_count, 2)
+         mock_open.assert_called_once_with(temp_file, 'rb')
+         image_service.update.assert_called_once_with(
+             ctxt, image_meta['id'], {},
+@@ -470,6 +472,7 @@ def test_convert_error(self, mock_os, mock_temp, mock_convert, mock_info,
+         mock_os.name = 'posix'
+         data = mock_info.return_value
+         data.file_format = mock.sentinel.other_disk_format
++        data.backing_file = None
+         temp_file = mock_temp.return_value.__enter__.return_value
+ 
+         self.assertRaises(exception.ImageUnacceptable,
+@@ -479,7 +482,8 @@ def test_convert_error(self, mock_os, mock_temp, mock_convert, mock_info,
+                                              temp_file,
+                                              mock.sentinel.disk_format,
+                                              run_as_root=True)
+-        mock_info.assert_called_once_with(temp_file, run_as_root=True)
++        mock_info.assert_called_with(temp_file, run_as_root=True)
++        self.assertEqual(mock_info.call_count, 2)
+         self.assertFalse(image_service.update.called)
+ 
+
author	Matthew Thode <prometheanfire@gentoo.org>	2015-06-17 21:50:18 +0000
committer	Matthew Thode <prometheanfire@gentoo.org>	2015-06-17 21:50:18 +0000
commit	69194a2e13c3bdf764b9b638f4b5fa74f76a604e (patch)
tree	5bd6e271b34665d27fc66f5ebfe4532aeeeb1eff /sys-cluster/cinder
parent	adding s6 suport for bug 550594 (diff)
download	gentoo-2-69194a2e13c3bdf764b9b638f4b5fa74f76a604e.tar.gz gentoo-2-69194a2e13c3bdf764b9b638f4b5fa74f76a604e.tar.bz2 gentoo-2-69194a2e13c3bdf764b9b638f4b5fa74f76a604e.zip