nova-folsom fixes for bug 480048

(Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
author: Matthew Thode <prometheanfire@gentoo.org> 2013-08-11 03:48:29 +0000
committer: Matthew Thode <prometheanfire@gentoo.org> 2013-08-11 03:48:29 +0000
commit: 4ce82aaee4726424216f74af56c779152ca370ee (patch)
tree: 2074eb3ff8fd9e548219cf69298f51dc8c161a6d /sys-cluster
parent: updating quantumclient (diff)
download: gentoo-2-4ce82aaee4726424216f74af56c779152ca370ee.tar.gz
gentoo-2-4ce82aaee4726424216f74af56c779152ca370ee.tar.bz2
gentoo-2-4ce82aaee4726424216f74af56c779152ca370ee.zip
4 files changed, 439 insertions, 2 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index af2594654b12..6b62259baea0 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-cluster/nova
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.18 2013/08/11 01:24:31 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.19 2013/08/11 03:48:28 prometheanfire Exp $
+
+*nova-2012.2.4-r4 (11 Aug 2013)
+
+  11 Aug 2013; Matthew Thode <prometheanfire@gentoo.org>
+  +files/2012.2.4-CVE-2013-2256.patch, +files/2012.2.4-CVE-2013-4185.patch,
+  +nova-2012.2.4-r4.ebuild, -nova-2012.2.4-r3.ebuild:
+  nova-folsom fixes for bug 480048
 
 *nova-2013.1.3 (11 Aug 2013)
 
diff --git a/sys-cluster/nova/files/2012.2.4-CVE-2013-2256.patch b/sys-cluster/nova/files/2012.2.4-CVE-2013-2256.patch
new file mode 100644
index 000000000000..7b2f90663a8c
--- /dev/null
+++ b/sys-cluster/nova/files/2012.2.4-CVE-2013-2256.patch
@@ -0,0 +1,327 @@
+From f7aaf1fa04331522aee2158e372940df92f45cb0 Mon Sep 17 00:00:00 2001
+From: Russell Bryant <rbryant@redhat.com>
+Date: Thu, 27 Jun 2013 21:00:05 +0000
+Subject: [PATCH] Make flavors is_public option actually work
+
+When you create a flavor, you can set an is_public flag to be True or
+False.  It is True by default.  When False, the intention is that the
+flavor is only accessible by an admin, unless you use the flavor_access
+API extension to grant access to specific tenants.
+
+Unfortunately, the only place in the code where this was being enforced
+was when listing flavors through the API.  It would filter out the
+non-public ones for a non-admin.  Otherwise, the flavor was accessible.
+You could get the details, and you could boot an instance with it, if
+you figured out a valid flavor ID.
+
+This patch adds enforcement down in the db layer.  It also fixes one
+place in the API where the context wasn't passed down to enable the
+enforcement to happen.
+
+Fix bug 1194093.
+
+master -> grizzly
+(cherry picked from commit b65d506a5f9d9b2b20777a9aceb44a8ffed6a5de)
+
+Conflicts:
+	nova/api/openstack/compute/contrib/flavor_access.py
+	nova/api/openstack/compute/contrib/flavormanage.py
+	nova/api/openstack/compute/flavors.py
+	nova/compute/api.py
+	nova/db/sqlalchemy/api.py
+	nova/tests/api/openstack/compute/contrib/test_flavor_access.py
+	nova/tests/api/openstack/compute/contrib/test_flavor_disabled.py
+	nova/tests/api/openstack/compute/contrib/test_flavor_manage.py
+	nova/tests/api/openstack/compute/contrib/test_flavor_rxtx.py
+	nova/tests/api/openstack/compute/contrib/test_flavor_swap.py
+	nova/tests/api/openstack/compute/contrib/test_flavorextradata.py
+	nova/tests/api/openstack/compute/test_flavors.py
+	nova/tests/db/test_db_api.py
+
+grizzly -> folsom
+(cherry picked from commit 6df1b7a2a1413a98bffc8b8e0b947f3c90e3bbf5)
+
+Conflicts:
+	nova/db/sqlalchemy/api.py
+	nova/tests/api/openstack/compute/test_flavors.py
+
+Change-Id: I5b37fa0bb19683fe1642fd81222547d4a317054e
+---
+ .../api/openstack/compute/contrib/flavor_access.py |  3 ++-
+ nova/api/openstack/compute/contrib/flavormanage.py |  2 +-
+ nova/api/openstack/compute/flavors.py              |  4 +++-
+ nova/compute/api.py                                |  2 +-
+ nova/compute/instance_types.py                     |  2 +-
+ nova/db/api.py                                     |  4 ++--
+ nova/db/sqlalchemy/api.py                          | 26 +++++++++++++++-------
+ .../compute/contrib/test_flavor_access.py          |  2 +-
+ .../compute/contrib/test_flavor_disabled.py        |  2 +-
+ .../compute/contrib/test_flavor_manage.py          |  3 ++-
+ .../openstack/compute/contrib/test_flavor_rxtx.py  |  2 +-
+ .../openstack/compute/contrib/test_flavor_swap.py  |  2 +-
+ .../compute/contrib/test_flavorextradata.py        |  2 +-
+ nova/tests/api/openstack/compute/test_flavors.py   |  4 ++--
+ 14 files changed, 37 insertions(+), 23 deletions(-)
+
+diff --git a/nova/api/openstack/compute/contrib/flavor_access.py b/nova/api/openstack/compute/contrib/flavor_access.py
+index 9991408..26cd77f 100644
+--- a/nova/api/openstack/compute/contrib/flavor_access.py
++++ b/nova/api/openstack/compute/contrib/flavor_access.py
+@@ -99,7 +99,8 @@ class FlavorAccessController(object):
+         authorize(context)
+ 
+         try:
+-            flavor = instance_types.get_instance_type_by_flavor_id(flavor_id)
++            flavor = instance_types.get_instance_type_by_flavor_id(flavor_id,
++                    ctxt=context)
+         except exception.FlavorNotFound:
+             explanation = _("Flavor not found.")
+             raise webob.exc.HTTPNotFound(explanation=explanation)
+diff --git a/nova/api/openstack/compute/contrib/flavormanage.py b/nova/api/openstack/compute/contrib/flavormanage.py
+index e7731cc..79551b1 100644
+--- a/nova/api/openstack/compute/contrib/flavormanage.py
++++ b/nova/api/openstack/compute/contrib/flavormanage.py
+@@ -43,7 +43,7 @@ class FlavorManageController(wsgi.Controller):
+ 
+         try:
+             flavor = instance_types.get_instance_type_by_flavor_id(
+-                    id, read_deleted="no")
++                    id, ctxt=context, read_deleted="no")
+         except exception.NotFound, e:
+             raise webob.exc.HTTPNotFound(explanation=e.format_message())
+ 
+diff --git a/nova/api/openstack/compute/flavors.py b/nova/api/openstack/compute/flavors.py
+index 8aa57a2..d51b48a 100644
+--- a/nova/api/openstack/compute/flavors.py
++++ b/nova/api/openstack/compute/flavors.py
+@@ -84,7 +84,9 @@ class Controller(wsgi.Controller):
+     def show(self, req, id):
+         """Return data about the given flavor id."""
+         try:
+-            flavor = instance_types.get_instance_type_by_flavor_id(id)
++            context = req.environ['nova.context']
++            flavor = instance_types.get_instance_type_by_flavor_id(id,
++                    ctxt=context)
+             req.cache_db_flavor(flavor)
+         except exception.NotFound:
+             raise webob.exc.HTTPNotFound()
+diff --git a/nova/compute/api.py b/nova/compute/api.py
+index 5319d04..ca78830 100644
+--- a/nova/compute/api.py
++++ b/nova/compute/api.py
+@@ -1080,7 +1080,7 @@ class API(base.Base):
+     #NOTE(bcwaldon): this doesn't really belong in this class
+     def get_instance_type(self, context, instance_type_id):
+         """Get an instance type by instance type id."""
+-        return instance_types.get_instance_type(instance_type_id)
++        return instance_types.get_instance_type(instance_type_id, ctxt=context)
+ 
+     def get(self, context, instance_id):
+         """Get a single instance with the given instance_id."""
+diff --git a/nova/compute/instance_types.py b/nova/compute/instance_types.py
+index 6869672..5be97c1 100644
+--- a/nova/compute/instance_types.py
++++ b/nova/compute/instance_types.py
+@@ -163,7 +163,7 @@ def get_instance_type_by_flavor_id(flavorid, ctxt=None, read_deleted="yes"):
+     if ctxt is None:
+         ctxt = context.get_admin_context(read_deleted=read_deleted)
+ 
+-    return db.instance_type_get_by_flavor_id(ctxt, flavorid)
++    return db.instance_type_get_by_flavor_id(ctxt, flavorid, read_deleted)
+ 
+ 
+ def get_instance_type_access_by_flavor_id(flavorid, ctxt=None):
+diff --git a/nova/db/api.py b/nova/db/api.py
+index 9f2ff73..40db686 100644
+--- a/nova/db/api.py
++++ b/nova/db/api.py
+@@ -1460,9 +1460,9 @@ def instance_type_get_by_name(context, name):
+     return IMPL.instance_type_get_by_name(context, name)
+ 
+ 
+-def instance_type_get_by_flavor_id(context, id):
++def instance_type_get_by_flavor_id(context, id, read_deleted=None):
+     """Get instance type by flavor id."""
+-    return IMPL.instance_type_get_by_flavor_id(context, id)
++    return IMPL.instance_type_get_by_flavor_id(context, id, read_deleted)
+ 
+ 
+ def instance_type_destroy(context, name):
+diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
+index 7fcc4f8..ea32168 100644
+--- a/nova/db/sqlalchemy/api.py
++++ b/nova/db/sqlalchemy/api.py
+@@ -3910,7 +3910,7 @@ def instance_type_create(context, values):
+             pass
+         try:
+             instance_type_get_by_flavor_id(context, values['flavorid'],
+-                                           session)
++                    read_deleted='no', session=session)
+             raise exception.InstanceTypeExists(name=values['name'])
+         except exception.FlavorNotFound:
+             pass
+@@ -3952,9 +3952,16 @@ def _dict_with_extra_specs(inst_type_query):
+ 
+ 
+ def _instance_type_get_query(context, session=None, read_deleted=None):
+-    return model_query(context, models.InstanceTypes, session=session,
++    query = model_query(context, models.InstanceTypes, session=session,
+                        read_deleted=read_deleted).\
+-                     options(joinedload('extra_specs'))
++                       options(joinedload('extra_specs'))
++    if not context.is_admin:
++        the_filter = [models.InstanceTypes.is_public == True]
++        the_filter.extend([
++            models.InstanceTypes.projects.any(project_id=context.project_id)
++        ])
++        query = query.filter(or_(*the_filter))
++    return query
+ 
+ 
+ @require_context
+@@ -4029,9 +4036,11 @@ def instance_type_get_by_name(context, name, session=None):
+ 
+ 
+ @require_context
+-def instance_type_get_by_flavor_id(context, flavor_id, session=None):
++def instance_type_get_by_flavor_id(context, flavor_id, read_deleted,
++                                   session=None):
+     """Returns a dict describing specific flavor_id"""
+-    result = _instance_type_get_query(context, session=session).\
++    result = _instance_type_get_query(context, read_deleted=read_deleted,
++                                      session=session).\
+                     filter_by(flavorid=flavor_id).\
+                     first()
+ 
+@@ -4083,7 +4092,7 @@ def instance_type_access_add(context, flavor_id, project_id):
+     session = get_session()
+     with session.begin():
+         instance_type_ref = instance_type_get_by_flavor_id(context, flavor_id,
+-                                                           session=session)
++                read_deleted='no', session=session)
+         instance_type_id = instance_type_ref['id']
+         access_ref = _instance_type_access_query(context, session=session).\
+                         filter_by(instance_type_id=instance_type_id).\
+@@ -4111,7 +4120,7 @@ def instance_type_access_remove(context, flavor_id, project_id):
+     session = get_session()
+     with session.begin():
+         instance_type_ref = instance_type_get_by_flavor_id(context, flavor_id,
+-                                                           session=session)
++                read_deleted='no', session=session)
+         instance_type_id = instance_type_ref['id']
+         access_ref = _instance_type_access_query(context, session=session).\
+                         filter_by(instance_type_id=instance_type_id).\
+@@ -4447,7 +4456,8 @@ def instance_type_extra_specs_update_or_create(context, flavor_id,
+                                                specs):
+     session = get_session()
+     spec_ref = None
+-    instance_type = instance_type_get_by_flavor_id(context, flavor_id)
++    instance_type = instance_type_get_by_flavor_id(context, flavor_id,
++                                                   read_deleted='no')
+     for key, value in specs.iteritems():
+         try:
+             spec_ref = instance_type_extra_specs_get_item(
+diff --git a/nova/tests/api/openstack/compute/contrib/test_flavor_access.py b/nova/tests/api/openstack/compute/contrib/test_flavor_access.py
+index 0bf1f1b..075810b 100644
+--- a/nova/tests/api/openstack/compute/contrib/test_flavor_access.py
++++ b/nova/tests/api/openstack/compute/contrib/test_flavor_access.py
+@@ -68,7 +68,7 @@ def fake_get_instance_type_access_by_flavor_id(flavorid):
+     return res
+ 
+ 
+-def fake_get_instance_type_by_flavor_id(flavorid):
++def fake_get_instance_type_by_flavor_id(flavorid, ctxt=None):
+     return INSTANCE_TYPES[flavorid]
+ 
+ 
+diff --git a/nova/tests/api/openstack/compute/contrib/test_flavor_disabled.py b/nova/tests/api/openstack/compute/contrib/test_flavor_disabled.py
+index 1225b56..933178a 100644
+--- a/nova/tests/api/openstack/compute/contrib/test_flavor_disabled.py
++++ b/nova/tests/api/openstack/compute/contrib/test_flavor_disabled.py
+@@ -44,7 +44,7 @@ FAKE_FLAVORS = {
+ }
+ 
+ 
+-def fake_instance_type_get_by_flavor_id(flavorid):
++def fake_instance_type_get_by_flavor_id(flavorid, ctxt=None):
+     return FAKE_FLAVORS['flavor %s' % flavorid]
+ 
+ 
+diff --git a/nova/tests/api/openstack/compute/contrib/test_flavor_manage.py b/nova/tests/api/openstack/compute/contrib/test_flavor_manage.py
+index 70fd5e4..7174ed2 100644
+--- a/nova/tests/api/openstack/compute/contrib/test_flavor_manage.py
++++ b/nova/tests/api/openstack/compute/contrib/test_flavor_manage.py
+@@ -25,7 +25,8 @@ from nova import test
+ from nova.tests.api.openstack import fakes
+ 
+ 
+-def fake_get_instance_type_by_flavor_id(flavorid, read_deleted='yes'):
++def fake_get_instance_type_by_flavor_id(flavorid, ctxt=None,
++                                        read_deleted='yes'):
+     if flavorid == 'failtest':
+         raise exception.NotFound("Not found sucka!")
+     elif not str(flavorid) == '1234':
+diff --git a/nova/tests/api/openstack/compute/contrib/test_flavor_rxtx.py b/nova/tests/api/openstack/compute/contrib/test_flavor_rxtx.py
+index 52163c7..afa2259 100644
+--- a/nova/tests/api/openstack/compute/contrib/test_flavor_rxtx.py
++++ b/nova/tests/api/openstack/compute/contrib/test_flavor_rxtx.py
+@@ -43,7 +43,7 @@ FAKE_FLAVORS = {
+ }
+ 
+ 
+-def fake_instance_type_get_by_flavor_id(flavorid):
++def fake_instance_type_get_by_flavor_id(flavorid, ctxt=None):
+     return FAKE_FLAVORS['flavor %s' % flavorid]
+ 
+ 
+diff --git a/nova/tests/api/openstack/compute/contrib/test_flavor_swap.py b/nova/tests/api/openstack/compute/contrib/test_flavor_swap.py
+index 75e9cd7..3fd1ae9 100644
+--- a/nova/tests/api/openstack/compute/contrib/test_flavor_swap.py
++++ b/nova/tests/api/openstack/compute/contrib/test_flavor_swap.py
+@@ -43,7 +43,7 @@ FAKE_FLAVORS = {
+ }
+ 
+ 
+-def fake_instance_type_get_by_flavor_id(flavorid):
++def fake_instance_type_get_by_flavor_id(flavorid, ctxt=None):
+     return FAKE_FLAVORS['flavor %s' % flavorid]
+ 
+ 
+diff --git a/nova/tests/api/openstack/compute/contrib/test_flavorextradata.py b/nova/tests/api/openstack/compute/contrib/test_flavorextradata.py
+index 8f5301a..9654605 100644
+--- a/nova/tests/api/openstack/compute/contrib/test_flavorextradata.py
++++ b/nova/tests/api/openstack/compute/contrib/test_flavorextradata.py
+@@ -23,7 +23,7 @@ from nova import test
+ from nova.tests.api.openstack import fakes
+ 
+ 
+-def fake_get_instance_type_by_flavor_id(flavorid):
++def fake_get_instance_type_by_flavor_id(flavorid, ctxt=None):
+     return {
+         'id': flavorid,
+         'flavorid': str(flavorid),
+diff --git a/nova/tests/api/openstack/compute/test_flavors.py b/nova/tests/api/openstack/compute/test_flavors.py
+index 77d40df..cfa3429 100644
+--- a/nova/tests/api/openstack/compute/test_flavors.py
++++ b/nova/tests/api/openstack/compute/test_flavors.py
+@@ -54,7 +54,7 @@ FAKE_FLAVORS = {
+ }
+ 
+ 
+-def fake_instance_type_get_by_flavor_id(flavorid):
++def fake_instance_type_get_by_flavor_id(flavorid, ctxt=None):
+     return FAKE_FLAVORS['flavor %s' % flavorid]
+ 
+ 
+@@ -80,7 +80,7 @@ def empty_instance_type_get_all(inactive=False, filters=None):
+     return {}
+ 
+ 
+-def return_instance_type_not_found(flavor_id):
++def return_instance_type_not_found(flavor_id, ctxt=None):
+     raise exception.InstanceTypeNotFound(flavor_id=flavor_id)
+ 
+ 
+-- 
+1.8.1.5
+
diff --git a/sys-cluster/nova/files/2012.2.4-CVE-2013-4185.patch b/sys-cluster/nova/files/2012.2.4-CVE-2013-4185.patch
new file mode 100644
index 000000000000..3e02ae10a473
--- /dev/null
+++ b/sys-cluster/nova/files/2012.2.4-CVE-2013-4185.patch
@@ -0,0 +1,101 @@
+From d4ee081c5c0a5132781235177c430ebcf72b0b0b Mon Sep 17 00:00:00 2001
+From: Vishvananda Ishaya <vishvananda@gmail.com>
+Date: Fri, 19 Jul 2013 10:23:59 -0700
+Subject: [PATCH] Use cached nwinfo for secgroup rules
+
+This stops a potential DOS with source security groups by using the
+db cached version of the network info instead of calling out to
+the network api multiple times.
+
+Fixes bug 1184041
+
+Change-Id: Id5f24ecf0e8cce60c27a9aecbc6e606c4c44d6b6
+(cherry picked from commit 85aac04704350566d6b06aa7a3b99649946c672c)
+---
+ nova/db/sqlalchemy/api.py  |  2 ++
+ nova/tests/test_libvirt.py |  4 +++-
+ nova/tests/test_xenapi.py  |  5 +++--
+ nova/virt/firewall.py      | 12 +++---------
+ 4 files changed, 11 insertions(+), 12 deletions(-)
+
+diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
+index 7fcc4f8..6d3b139 100644
+--- a/nova/db/sqlalchemy/api.py
++++ b/nova/db/sqlalchemy/api.py
+@@ -3649,6 +3649,8 @@ def security_group_rule_get_by_security_group(context, security_group_id,
+     return _security_group_rule_get_query(context, session=session).\
+             filter_by(parent_group_id=security_group_id).\
+             options(joinedload_all('grantee_group.instances.instance_type')).\
++            options(joinedload('grantee_group.instances.'
++                               'info_cache')).\
+             all()
+ 
+ 
+diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
+index b26a006..e956eb0 100644
+--- a/nova/tests/test_libvirt.py
++++ b/nova/tests/test_libvirt.py
+@@ -3240,7 +3240,9 @@ class IptablesFirewallTestCase(test.TestCase):
+         from nova.network import linux_net
+         linux_net.iptables_manager.execute = fake_iptables_execute
+ 
+-        _fake_stub_out_get_nw_info(self.stubs, lambda *a, **kw: network_model)
++        from nova.compute import utils as compute_utils
++        self.stubs.Set(compute_utils, 'get_nw_info_for_instance',
++                       lambda instance: network_model)
+ 
+         network_info = network_model.legacy()
+         self.fw.prepare_instance_filter(instance_ref, network_info)
+diff --git a/nova/tests/test_xenapi.py b/nova/tests/test_xenapi.py
+index 0cf69d6..7a8f9b4 100644
+--- a/nova/tests/test_xenapi.py
++++ b/nova/tests/test_xenapi.py
+@@ -1690,8 +1690,9 @@ class XenAPIDom0IptablesFirewallTestCase(stubs.XenAPITestBase):
+         network_model = fake_network.fake_get_instance_nw_info(self.stubs,
+                                                       1, spectacular=True)
+ 
+-        fake_network.stub_out_nw_api_get_instance_nw_info(self.stubs,
+-                                      lambda *a, **kw: network_model)
++        from nova.compute import utils as compute_utils
++        self.stubs.Set(compute_utils, 'get_nw_info_for_instance',
++                       lambda instance: network_model)
+ 
+         network_info = network_model.legacy()
+         self.fw.prepare_instance_filter(instance_ref, network_info)
+diff --git a/nova/virt/firewall.py b/nova/virt/firewall.py
+index a093a35..7c22c86 100644
+--- a/nova/virt/firewall.py
++++ b/nova/virt/firewall.py
+@@ -17,10 +17,10 @@
+ #    License for the specific language governing permissions and limitations
+ #    under the License.
+ 
++from nova.compute import utils as compute_utils
+ from nova import context
+ from nova import db
+ from nova import flags
+-from nova import network
+ from nova.network import linux_net
+ from nova.openstack.common import cfg
+ from nova.openstack.common import importutils
+@@ -405,15 +405,9 @@ class IptablesFirewallDriver(FirewallDriver):
+                     fw_rules += [' '.join(args)]
+                 else:
+                     if rule['grantee_group']:
+-                        # FIXME(jkoelker) This needs to be ported up into
+-                        #                 the compute manager which already
+-                        #                 has access to a nw_api handle,
+-                        #                 and should be the only one making
+-                        #                 making rpc calls.
+-                        nw_api = network.API()
+                         for instance in rule['grantee_group']['instances']:
+-                            nw_info = nw_api.get_instance_nw_info(ctxt,
+-                                                                  instance)
++                            nw_info = compute_utils.get_nw_info_for_instance(
++                                    instance)
+ 
+                             ips = [ip['address']
+                                 for ip in nw_info.fixed_ips()
+-- 
+1.8.1.5
+
diff --git a/sys-cluster/nova/nova-2012.2.4-r3.ebuild b/sys-cluster/nova/nova-2012.2.4-r4.ebuild
index f08ab6c27de0..84343ee8697c 100644
--- a/sys-cluster/nova/nova-2012.2.4-r3.ebuild
+++ b/sys-cluster/nova/nova-2012.2.4-r4.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2012.2.4-r3.ebuild,v 1.1 2013/06/25 19:04:50 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2012.2.4-r4.ebuild,v 1.1 2013/08/11 03:48:28 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -46,6 +46,8 @@ RDEPEND="=dev-python/amqplib-0.6.1
 PATCHES=(
 	"${FILESDIR}/nova-folsom-4-CVE-2013-2030.patch"
 	"${FILESDIR}/nova-folsom-4-CVE-2013-2096.patch"
+	"${FILESDIR}/2012.2.4-CVE-2013-2256.patch"
+	"${FILESDIR}/2012.2.4-CVE-2013-4185.patch"
 )
 
 python_install() {
author	Matthew Thode <prometheanfire@gentoo.org>	2013-08-11 03:48:29 +0000
committer	Matthew Thode <prometheanfire@gentoo.org>	2013-08-11 03:48:29 +0000
commit	4ce82aaee4726424216f74af56c779152ca370ee (patch)
tree	2074eb3ff8fd9e548219cf69298f51dc8c161a6d /sys-cluster
parent	updating quantumclient (diff)
download	gentoo-2-4ce82aaee4726424216f74af56c779152ca370ee.tar.gz gentoo-2-4ce82aaee4726424216f74af56c779152ca370ee.tar.bz2 gentoo-2-4ce82aaee4726424216f74af56c779152ca370ee.zip