Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-cluster/nova
diff options
context:
space:
mode:
authorMatt Thode <prometheanfire@gentoo.org>2013-03-14 20:40:58 +0000
committerMatt Thode <prometheanfire@gentoo.org>2013-03-14 20:40:58 +0000
commit19ca1a2bfe2302ebf1cd0e6a1acd9e92ebc58f60 (patch)
tree3eb5a65d5aede4f53e80e01c7cf77494707c7cb1 /sys-cluster/nova
parentnet-misc/vpnc: Bump to latest upstream rev, fix resolv.conf handling, #406141... (diff)
downloadhistorical-19ca1a2bfe2302ebf1cd0e6a1acd9e92ebc58f60.tar.gz
historical-19ca1a2bfe2302ebf1cd0e6a1acd9e92ebc58f60.tar.bz2
historical-19ca1a2bfe2302ebf1cd0e6a1acd9e92ebc58f60.zip
revbump to nova-2012.2.3-r2 for bug 461750 CVE-2013-1838
Package-Manager: portage-2.1.11.52/cvs/Linux x86_64 Manifest-Sign-Key: 0x2471EB3E40AC5AC3
Diffstat (limited to 'sys-cluster/nova')
-rw-r--r--sys-cluster/nova/ChangeLog9
-rw-r--r--sys-cluster/nova/Manifest31
-rw-r--r--sys-cluster/nova/files/nova-folsom-3-CVE-2013-1838.patch507
-rw-r--r--sys-cluster/nova/nova-2012.2.3-r2.ebuild (renamed from sys-cluster/nova/nova-2012.2.3-r1.ebuild)3
4 files changed, 533 insertions, 17 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index e54fa990aa4a..e02562a7a2ed 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-cluster/nova
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.4 2013/02/26 21:44:05 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.5 2013/03/14 20:40:51 prometheanfire Exp $
+
+*nova-2012.2.3-r2 (14 Mar 2013)
+
+ 14 Mar 2013; Matthew Thode <prometheanfire@gentoo.org>
+ +files/nova-folsom-3-CVE-2013-1838.patch, -nova-2012.2.3-r1.ebuild,
+ +nova-2012.2.3-r2.ebuild:
+ revbump to nova-2012.2.3-r2 for bug 461750 CVE-2013-1838
*nova-2012.2.3-r1 (26 Feb 2013)
diff --git a/sys-cluster/nova/Manifest b/sys-cluster/nova/Manifest
index 4fb20ef0306b..733a702617fd 100644
--- a/sys-cluster/nova/Manifest
+++ b/sys-cluster/nova/Manifest
@@ -2,25 +2,26 @@
Hash: SHA256
AUX nova-folsom-3-CVE-2013-0335.patch 18147 SHA256 be947b94ea5b41c13e0c945f428c426cddbfa127ab2a166adc7d49965e4060da SHA512 ba687fe8c557d4c03eaa189f7c611255e1b1902d31e4f95847abf3649cdba2eaa90d1f4e6813ec0c8c9065f10f5d38c77716a02ac2d103310edaf40de0a4070c WHIRLPOOL e02563ff87b2bbc966a02ab026f5a718a6cfd3a7d6aeb5854d67c348e16d324e45a1859d3c6c52d655e7b0a8b0cac637aee3aca30bcde9d2c7d005e341c4f58e
+AUX nova-folsom-3-CVE-2013-1838.patch 22534 SHA256 e3faa721a3595edc346997c4553aa9cb92927bab41b4869b258038ff5cf119da SHA512 65fee6cc38bac0775fa2ea4f37632f6eaa7ac92ec4c61dbaf4f56c4a5e4796b0a6039e2b94a243703fd8d471e37e57d7151c2ed74185e36a5a4c56f6d150a55a WHIRLPOOL a78274b5cd5df2c23c0a772e45cf9f49c779026e08d7a71978cc38263049bf393e9e1558f154cf185a20ddab8e56723b44d3cb43a6c3e578b7d92faeacdf787a
AUX nova-folsom-CVE-2013-1664.patch 14249 SHA256 5eb9827905a51a96e86e582a6fb06585f6f4aec29232b06b17294c9745dd7582 SHA512 4ad9a6e5919ab7eb7c7c592b4ec6dfd9b448f836dd6329c58df876b0cdb1a0f92c90c8307450d85fa9ce2cef6ed90906c64e0fabfa848b8f804e044d5d451b87 WHIRLPOOL 8c25ae9c76c0a48524f8b00ceaeadded64615be50114ab371e444f75bedf1962537d23cda989f169422e7ec6ed5e92d7010405251105d2f8863db0c7fef81459
DIST nova-2012.2.3.tar.gz 6260067 SHA256 e9640d89e84d3feaa537b1faa3945c708beb2cffd8a114ff83484ea151406994 SHA512 bbbbb140ff09d508a44d6b5dc9817b4d6e277ddc45ae1b70b45915c3e8c6873cffaf670a2a745381bbf63b4d5869fab6a524c7d2816fafe0aa4fe73a6ffca15d WHIRLPOOL da4cc6033426fb5268bff67a18574c8d2de4dbbc528df6982e2b87e8b3a92f2df999c8d6bf0b6fb3de1397feccdd906e064b78e3f7bab7fee679eee2437e3185
-EBUILD nova-2012.2.3-r1.ebuild 2003 SHA256 94a9c990ed979c364c64b92f16e6055bf1c3741e87742ac4c00e5382cac3af33 SHA512 2a6bcc17a21d41a2eceadd546be6953eaa711b2226173bb9d739395f41452e23f1297b7aa4a464c955cb01c1ed2bc755ee7ed0f00947f00716bdcc0bcd9f15f4 WHIRLPOOL 509d3df0a224b04f4a33765c2bd93890069043f064d4c7ef409e490c299768641e490bad28fd6737a056a849e5fe87a403e7fb02fa0fbc1b223833c8b3ffd6a5
-MISC ChangeLog 1089 SHA256 b7afd75fe163543ca2de7b48e5fd80dc1495100ffd8c0652a75427f3a7dfcf19 SHA512 a1f656d9b83dae4d8ff027001ca2fe34360d5db32793d0418f65d1dcd7818cf75df60df3315dd93eecedd2a98bdfa5607bff17e47d7f9c8d0bf59b1ad36ec695 WHIRLPOOL f83cb5bda66b55585e3653c29bcdf99773983f19ccec6fb310c9a6286ec18599176287fe9f97c13120237a6e05665b37c187c76edb4a2bb3294114635e98360e
+EBUILD nova-2012.2.3-r2.ebuild 2054 SHA256 70541ef50d170549dd3cd89a61ca4eb935b0e028d517dc475cdf9a00d0248f37 SHA512 2891c59eec366acf40fa26f9df8622c862429b8e5c0c64a29cff6af0734649dee72b29e9172d3781fc9920fc390339200bfed12077c845bc30d30d7b8b067edf WHIRLPOOL 8d74b6d11fb81a660817a3a8cb88d5a6217f00191ef474e42f0d07496c8232f24b7be8a0d0ae55ed7e647be7780eb2dd77c2ee52deb9731f551457b6c7732ddd
+MISC ChangeLog 1337 SHA256 07bf10cfa921d2bcf0556699b1e494aa7c6d3a86b9d1501da245d9d8cd709179 SHA512 4b8bfd51b0da229cf2d0b5ee1136205d8e8c381c1acc4d17c4e1333fd01a8d42b23b9dc33c2870c308ab58e307a43b579501bd6c00a088a59dd3f4a736359e18 WHIRLPOOL 9b9ee5458b568571ef7afd6d4157f48f5d7a04186337912a820d5e199d3816dc0968feb4274bc4284a3cd5c89516281a7ddc653b1134eb23007273750a64e400
MISC metadata.xml 407 SHA256 87ac581ad3af018ee16b2c5a8dbc98553ad93fc48bf5cfd62a6f929353049e77 SHA512 4ae00a6fc5411c1795249864317143787b31cb068fb1508f8a1455fd6194254961cca80256e0b437dc131560126cdf5a59d98a5a5064ac49c6e43c1651718a4a WHIRLPOOL 52b178c072593baea26fa3d7e9c06aac003d1a828ffa98de712306f60eeddba92271bc6061d7224a76ac35fa3c1da33213983e998160acf92a6d7027b284bcc0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-iQIcBAEBCAAGBQJRLSxvAAoJECRx6z5ArFrDCkEP/33Mhwi0ddHgo5Mj05nUOmHQ
-nO53xWmVmffagMcMfoaDyEH02EnG6uxbfPiILut6/ElIsS1SdgPjzgf+CaBX8rCB
-4lUdsy0JgqZFCLUkKUJ4vGdAfKrLL5PBIXHsHo1kqDazb9j0SuA4ozpcbasYHrBG
-UeQBUUGjFrDlDLEzDR0lt17fonHVwbmxYbFrpp0dWONbh8FRzxnXDtTC5wURHNqX
-11p+v2UxyZ6b6Z88rKbDZLit8puNktHdo/U5IWjE/3mbVTis9RZKWYvJvwCUNzeq
-HCR3LUofaj1T28D/HbYW5ORx8jBWyOiUUzaDIOVYbtPL1W98xPC7JYU6RCmaYZB8
-/OZ3oOz0lRUyIHzt4qG33Mtq5VjUsd2Ia/d2hrRJOGo4ESiPYJyNALpj+NITZCSm
-LzZ/FqhA2KFB3+byWfKeRyvlJOrVke6xtkdZ2pUdsxWRmU56qdW/oEvyGKDQrRya
-j+lkGaj5EyriTj47Uzqjgal3TFrCbFAnXS/DE4RSGgBQ4wv+Nc5S+o7Z84HVyxVJ
-jQIs8TJaZVW7n8fZopWTR3cbL9hcCl0oH9Zx+vjSiAMdia7IAYSPa1c03bzfVQL/
-UdgLd0jn9dm08NawE4ypN6LLe2+o2wBTLwyy8p43YWMWv484VhDZM8zKZ7GxwPEr
-1Yb9NdovPadCE4LAoN2m
-=Bc1e
+iQIcBAEBCAAGBQJRQjXeAAoJECRx6z5ArFrDcWEP/RDnVkst39WfJV/yAdFKxhJp
+Y1EJh/fAuXo634lArOnCegjDHj4hGTs9/90ixrsHr8zjDT6qrK9V7Krld4ukX8/8
+8Mimka4IJ8D7ro2QT4xzYPWaHrUj/Xbs6IrzOnbsWTOzNwMbf11vJS1+4mqlkpz8
+oXlJcvcRJlnpIw5KkqCZPN37pRkkIEfKXEwH9stBtqo8P26zmOAFKIWcw9EfGt3r
+4RRPT+XVuahZZzg7fsfuUnqJozorB/jfrxf3MXq/A7i0DfjX7h4ThoLDaXc1XiiI
+fEZrR+RDoGoJVOqXFnCwh8XWg3k9Jfs6xwoHB/u38esaoKOUxMT7nj3DUnLiE51p
+kHv4Nf5rvMKp2oqQ6DBp7fLT3AsJDLJNL9PBwHrjp6ck3BQdxqDUNGCTY+rAD9SE
+0Jjxfswxj3+nP88e3lWRXUP7zTF/CZsjynhRosWniPyy7nzeOZ5A7A0wPilspyeO
+1GgyQs8KKorbdOa+5EUnMBh3CEK66GGp6Z1M73YH9TuL8kVWRAlPgQJWNtwsLN5O
+jRwxzaSWomj27KjGwfd9Pped3rPsdprv7Hs1G+w2+Yu7RM6C+sP/UmYtZ+ylzHDW
+5v8mvb2FLgrJVQxORMCUr2Enc7f3yuKpHCIxg5REShJ11PIRFB/ZTgRMMHy9jTik
+6MHVOFxcLj4MpKSCCtNd
+=wqGY
-----END PGP SIGNATURE-----
diff --git a/sys-cluster/nova/files/nova-folsom-3-CVE-2013-1838.patch b/sys-cluster/nova/files/nova-folsom-3-CVE-2013-1838.patch
new file mode 100644
index 000000000000..18ae387b2525
--- /dev/null
+++ b/sys-cluster/nova/files/nova-folsom-3-CVE-2013-1838.patch
@@ -0,0 +1,507 @@
+From 9561484166f245d0e4602a36351d6cac72dd9426 Mon Sep 17 00:00:00 2001
+From: Michael Still <mikal@stillhq.com>
+Date: Wed, 13 Mar 2013 04:44:14 +1100
+Subject: [PATCH] Add quotas for fixed ips.
+
+DocImpact: there is now a default quota of 10 fixed ips per tenant.
+This will need to be adjusted by deployers if that number does not
+meet their needs.
+
+Resolves bug 1125468 for folsom.
+
+Change-Id: I970d540cfa6a61b7e903703f845a6453ff55f225
+---
+ nova/db/api.py | 6 ++
+ nova/db/sqlalchemy/api.py | 21 +++++
+ nova/exception.py | 4 +
+ nova/network/manager.py | 89 ++++++++++++++--------
+ nova/quota.py | 10 +++
+ .../compute/contrib/test_quota_classes.py | 14 ++--
+ .../api/openstack/compute/contrib/test_quotas.py | 16 ++--
+ nova/tests/network/test_manager.py | 15 ++++
+ nova/tests/test_quota.py | 24 ++++++
+ 9 files changed, 157 insertions(+), 42 deletions(-)
+
+diff --git a/nova/db/api.py b/nova/db/api.py
+index bb69558..9f2ff73 100644
+--- a/nova/db/api.py
++++ b/nova/db/api.py
+@@ -507,6 +507,12 @@ def fixed_ip_update(context, address, values):
+ """Create a fixed ip from the values dictionary."""
+ return IMPL.fixed_ip_update(context, address, values)
+
++
++def fixed_ip_count_by_project(context, project_id, session=None):
++ """Count fixed ips used by project."""
++ return IMPL.fixed_ip_count_by_project(context, project_id,
++ session=session)
++
+ ####################
+
+
+diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
+index 4bdab49..013ff69 100644
+--- a/nova/db/sqlalchemy/api.py
++++ b/nova/db/sqlalchemy/api.py
+@@ -1273,6 +1273,27 @@ def fixed_ip_update(context, address, values):
+ fixed_ip_ref.save(session=session)
+
+
++@require_context
++def fixed_ip_count_by_project(context, project_id, session=None):
++ authorize_project_context(context, project_id)
++
++ # NOTE(mikal): Yes I know this is horrible, but I couldn't
++ # get a query using a join working, mainly because of a failure
++ # to be able to express the where clause sensibly. Patches
++ # welcome.
++ session = get_session()
++ with session.begin():
++ instance_uuid_query = model_query(context, models.Instance.uuid,
++ read_deleted="no", session=session).\
++ filter(models.Instance.project_id == \
++ project_id)
++ uuid_filter = models.FixedIp.instance_uuid.in_(instance_uuid_query)
++ return model_query(context, models.FixedIp, read_deleted="no",
++ session=session).\
++ filter(uuid_filter).\
++ count()
++
++
+ ###################
+
+
+diff --git a/nova/exception.py b/nova/exception.py
+index 64d31a1..fe80ca2 100644
+--- a/nova/exception.py
++++ b/nova/exception.py
+@@ -998,6 +998,10 @@ class FloatingIpLimitExceeded(QuotaError):
+ message = _("Maximum number of floating ips exceeded")
+
+
++class FixedIpLimitExceeded(QuotaError):
++ message = _("Maximum number of fixed ips exceeded")
++
++
+ class MetadataLimitExceeded(QuotaError):
+ message = _("Maximum number of metadata items exceeds %(allowed)d")
+
+diff --git a/nova/network/manager.py b/nova/network/manager.py
+index 00a6e58..df4493b 100644
+--- a/nova/network/manager.py
++++ b/nova/network/manager.py
+@@ -1294,37 +1294,53 @@ class NetworkManager(manager.SchedulerDependentManager):
+ address = None
+ instance_ref = self.db.instance_get(context, instance_id)
+
+- if network['cidr']:
+- address = kwargs.get('address', None)
+- if address:
+- address = self.db.fixed_ip_associate(context,
+- address,
+- instance_ref['uuid'],
+- network['id'])
+- else:
+- address = self.db.fixed_ip_associate_pool(context.elevated(),
+- network['id'],
+- instance_ref['uuid'])
+- self._do_trigger_security_group_members_refresh_for_instance(
+- instance_id)
+- get_vif = self.db.virtual_interface_get_by_instance_and_network
+- vif = get_vif(context, instance_ref['uuid'], network['id'])
+- values = {'allocated': True,
+- 'virtual_interface_id': vif['id']}
+- self.db.fixed_ip_update(context, address, values)
+-
+- name = instance_ref['display_name']
+-
+- if self._validate_instance_zone_for_dns_domain(context, instance_ref):
+- uuid = instance_ref['uuid']
+- self.instance_dns_manager.create_entry(name, address,
+- "A",
+- self.instance_dns_domain)
+- self.instance_dns_manager.create_entry(uuid, address,
+- "A",
+- self.instance_dns_domain)
+- self._setup_network_on_host(context, network)
+- return address
++ # Check the quota; can't put this in the API because we get
++ # called into from other places
++ try:
++ reservations = QUOTAS.reserve(context, fixed_ips=1)
++ except exception.OverQuota:
++ pid = context.project_id
++ LOG.warn(_("Quota exceeded for %(pid)s, tried to allocate "
++ "fixed IP") % locals())
++ raise exception.FixedIpLimitExceeded()
++
++ try:
++ if network['cidr']:
++ address = kwargs.get('address', None)
++ if address:
++ address = self.db.fixed_ip_associate(context,
++ address,
++ instance_ref['uuid'],
++ network['id'])
++ else:
++ address = self.db.fixed_ip_associate_pool(
++ context.elevated(), network['id'],
++ instance_ref['uuid'])
++ self._do_trigger_security_group_members_refresh_for_instance(
++ instance_id)
++ get_vif = self.db.virtual_interface_get_by_instance_and_network
++ vif = get_vif(context, instance_ref['uuid'], network['id'])
++ values = {'allocated': True,
++ 'virtual_interface_id': vif['id']}
++ self.db.fixed_ip_update(context, address, values)
++
++ name = instance_ref['display_name']
++
++ if self._validate_instance_zone_for_dns_domain(context,
++ instance_ref):
++ uuid = instance_ref['uuid']
++ self.instance_dns_manager.create_entry(
++ name, address, "A", self.instance_dns_domain)
++ self.instance_dns_manager.create_entry(
++ uuid, address, "A", self.instance_dns_domain)
++ self._setup_network_on_host(context, network)
++
++ QUOTAS.commit(context, reservations)
++ return address
++
++ except Exception:
++ with excutils.save_and_reraise_exception():
++ QUOTAS.rollback(context, reservations)
+
+ def deallocate_fixed_ip(self, context, address, host=None, teardown=True):
+ """Returns a fixed ip to the pool."""
+@@ -1334,6 +1350,13 @@ class NetworkManager(manager.SchedulerDependentManager):
+ context.elevated(read_deleted='yes'),
+ fixed_ip_ref['instance_uuid'])
+
++ try:
++ reservations = QUOTAS.reserve(context, fixed_ips=-1)
++ except Exception:
++ reservations = None
++ LOG.exception(_("Failed to update usages deallocating "
++ "fixed IP"))
++
+ self._do_trigger_security_group_members_refresh_for_instance(
+ instance['uuid'])
+
+@@ -1373,6 +1396,10 @@ class NetworkManager(manager.SchedulerDependentManager):
+ # callback will get called by nova-dhcpbridge.
+ self.driver.release_dhcp(dev, address, vif['address'])
+
++ # Commit the reservations
++ if reservations:
++ QUOTAS.commit(context, reservations)
++
+ def lease_fixed_ip(self, context, address):
+ """Called by dhcp-bridge when ip is leased."""
+ LOG.debug(_('Leased IP |%(address)s|'), locals(), context=context)
+diff --git a/nova/quota.py b/nova/quota.py
+index d3ba0aa..31e2794 100644
+--- a/nova/quota.py
++++ b/nova/quota.py
+@@ -50,6 +50,10 @@ quota_opts = [
+ cfg.IntOpt('quota_floating_ips',
+ default=10,
+ help='number of floating ips allowed per project'),
++ cfg.IntOpt('quota_fixed_ips',
++ default=10,
++ help=('number of fixed ips allowed per project (this should be '
++ 'at least the number of instances allowed)')),
+ cfg.IntOpt('quota_metadata_items',
+ default=128,
+ help='number of metadata items allowed per instance'),
+@@ -778,6 +782,11 @@ def _sync_floating_ips(context, project_id, session):
+ context, project_id, session=session))
+
+
++def _sync_fixed_ips(context, project_id, session):
++ return dict(fixed_ips=db.fixed_ip_count_by_project(
++ context, project_id, session=session))
++
++
+ def _sync_security_groups(context, project_id, session):
+ return dict(security_groups=db.security_group_count_by_project(
+ context, project_id, session=session))
+@@ -794,6 +803,7 @@ resources = [
+ ReservableResource('gigabytes', _sync_volumes, 'quota_gigabytes'),
+ ReservableResource('floating_ips', _sync_floating_ips,
+ 'quota_floating_ips'),
++ ReservableResource('fixed_ips', _sync_fixed_ips, 'quota_fixed_ips'),
+ AbsoluteResource('metadata_items', 'quota_metadata_items'),
+ AbsoluteResource('injected_files', 'quota_injected_files'),
+ AbsoluteResource('injected_file_content_bytes',
+diff --git a/nova/tests/api/openstack/compute/contrib/test_quota_classes.py b/nova/tests/api/openstack/compute/contrib/test_quota_classes.py
+index b732f88..5bee208 100644
+--- a/nova/tests/api/openstack/compute/contrib/test_quota_classes.py
++++ b/nova/tests/api/openstack/compute/contrib/test_quota_classes.py
+@@ -25,10 +25,11 @@ from nova.tests.api.openstack import fakes
+ def quota_set(class_name):
+ return {'quota_class_set': {'id': class_name, 'metadata_items': 128,
+ 'volumes': 10, 'gigabytes': 1000, 'ram': 51200,
+- 'floating_ips': 10, 'instances': 10, 'injected_files': 5,
+- 'cores': 20, 'injected_file_content_bytes': 10240,
+- 'security_groups': 10, 'security_group_rules': 20,
+- 'key_pairs': 100, 'injected_file_path_bytes': 255}}
++ 'floating_ips': 10, 'fixed_ips': 10, 'instances': 10,
++ 'injected_files': 5, 'cores': 20,
++ 'injected_file_content_bytes': 10240, 'security_groups': 10,
++ 'security_group_rules': 20, 'key_pairs': 100,
++ 'injected_file_path_bytes': 255}}
+
+
+ class QuotaClassSetsTest(test.TestCase):
+@@ -44,6 +45,7 @@ class QuotaClassSetsTest(test.TestCase):
+ 'ram': 51200,
+ 'volumes': 10,
+ 'floating_ips': 10,
++ 'fixed_ips': 10,
+ 'metadata_items': 128,
+ 'gigabytes': 1000,
+ 'injected_files': 5,
+@@ -91,7 +93,8 @@ class QuotaClassSetsTest(test.TestCase):
+ body = {'quota_class_set': {'instances': 50, 'cores': 50,
+ 'ram': 51200, 'volumes': 10,
+ 'gigabytes': 1000, 'floating_ips': 10,
+- 'metadata_items': 128, 'injected_files': 5,
++ 'fixed_ips': 10, 'metadata_items': 128,
++ 'injected_files': 5,
+ 'injected_file_content_bytes': 10240,
+ 'injected_file_path_bytes': 255,
+ 'security_groups': 10,
+@@ -139,6 +142,7 @@ class QuotaTemplateXMLSerializerTest(test.TestCase):
+ gigabytes=40,
+ ram=50,
+ floating_ips=60,
++ fixed_ips=10,
+ instances=70,
+ injected_files=80,
+ security_groups=10,
+diff --git a/nova/tests/api/openstack/compute/contrib/test_quotas.py b/nova/tests/api/openstack/compute/contrib/test_quotas.py
+index f628535..adfe129 100644
+--- a/nova/tests/api/openstack/compute/contrib/test_quotas.py
++++ b/nova/tests/api/openstack/compute/contrib/test_quotas.py
+@@ -26,11 +26,12 @@ from nova.tests.api.openstack import fakes
+
+ def quota_set(id):
+ return {'quota_set': {'id': id, 'metadata_items': 128, 'volumes': 10,
+- 'gigabytes': 1000, 'ram': 51200, 'floating_ips': 10,
+- 'instances': 10, 'injected_files': 5, 'cores': 20,
+- 'injected_file_content_bytes': 10240,
+- 'security_groups': 10, 'security_group_rules': 20,
+- 'key_pairs': 100, 'injected_file_path_bytes': 255}}
++ 'gigabytes': 1000, 'ram': 51200, 'floating_ips': 10,
++ 'fixed_ips': 10, 'instances': 10,
++ 'injected_files': 5, 'cores': 20,
++ 'injected_file_content_bytes': 10240,
++ 'security_groups': 10, 'security_group_rules': 20,
++ 'key_pairs': 100, 'injected_file_path_bytes': 255}}
+
+
+ class QuotaSetsTest(test.TestCase):
+@@ -46,6 +47,7 @@ class QuotaSetsTest(test.TestCase):
+ 'ram': 51200,
+ 'volumes': 10,
+ 'floating_ips': 10,
++ 'fixed_ips': 10,
+ 'metadata_items': 128,
+ 'gigabytes': 1000,
+ 'injected_files': 5,
+@@ -88,6 +90,7 @@ class QuotaSetsTest(test.TestCase):
+ 'volumes': 10,
+ 'gigabytes': 1000,
+ 'floating_ips': 10,
++ 'fixed_ips': 10,
+ 'metadata_items': 128,
+ 'injected_files': 5,
+ 'injected_file_path_bytes': 255,
+@@ -120,7 +123,7 @@ class QuotaSetsTest(test.TestCase):
+ 'injected_file_path_bytes': 255,
+ 'security_groups': 10,
+ 'security_group_rules': 20,
+- 'key_pairs': 100}}
++ 'key_pairs': 100, 'fixed_ips': 10}}
+
+ req = fakes.HTTPRequest.blank('/v2/fake4/os-quota-sets/update_me',
+ use_admin_context=True)
+@@ -171,6 +174,7 @@ class QuotaXMLSerializerTest(test.TestCase):
+ gigabytes=40,
+ ram=50,
+ floating_ips=60,
++ fixed_ips=10,
+ instances=70,
+ injected_files=80,
+ security_groups=10,
+diff --git a/nova/tests/network/test_manager.py b/nova/tests/network/test_manager.py
+index e983ad6..f27a176 100644
+--- a/nova/tests/network/test_manager.py
++++ b/nova/tests/network/test_manager.py
+@@ -30,6 +30,7 @@ from nova.openstack.common import importutils
+ from nova.openstack.common import log as logging
+ from nova.openstack.common import rpc
+ import nova.policy
++from nova import quota
+ from nova import test
+ from nova.tests import fake_network
+ from nova import utils
+@@ -278,6 +279,7 @@ class FlatNetworkTestCase(test.TestCase):
+ self.mox.StubOutWithMock(db,
+ 'virtual_interface_get_by_instance_and_network')
+ self.mox.StubOutWithMock(db, 'fixed_ip_update')
++ self.mox.StubOutWithMock(quota.QUOTAS, 'reserve')
+
+ db.fixed_ip_update(mox.IgnoreArg(),
+ mox.IgnoreArg(),
+@@ -291,6 +293,10 @@ class FlatNetworkTestCase(test.TestCase):
+ db.instance_get(mox.IgnoreArg(),
+ mox.IgnoreArg()).AndReturn({'security_groups':
+ [{'id': 0}]})
++
++ quota.QUOTAS.reserve(mox.IgnoreArg(),
++ fixed_ips=mox.IgnoreArg()).AndReturn(None)
++
+ db.fixed_ip_associate_pool(mox.IgnoreArg(),
+ mox.IgnoreArg(),
+ mox.IgnoreArg()).AndReturn('192.168.0.101')
+@@ -310,6 +316,7 @@ class FlatNetworkTestCase(test.TestCase):
+ self.mox.StubOutWithMock(db,
+ 'virtual_interface_get_by_instance_and_network')
+ self.mox.StubOutWithMock(db, 'fixed_ip_update')
++ self.mox.StubOutWithMock(quota.QUOTAS, 'reserve')
+
+ db.fixed_ip_update(mox.IgnoreArg(),
+ mox.IgnoreArg(),
+@@ -323,6 +330,10 @@ class FlatNetworkTestCase(test.TestCase):
+ db.instance_get(mox.IgnoreArg(),
+ mox.IgnoreArg()).AndReturn({'security_groups':
+ [{'id': 0}]})
++
++ quota.QUOTAS.reserve(mox.IgnoreArg(),
++ fixed_ips=mox.IgnoreArg()).AndReturn(None)
++
+ db.fixed_ip_associate_pool(mox.IgnoreArg(),
+ mox.IgnoreArg(),
+ mox.IgnoreArg()).AndReturn('192.168.0.101')
+@@ -376,6 +387,7 @@ class FlatNetworkTestCase(test.TestCase):
+ self.mox.StubOutWithMock(db,
+ 'virtual_interface_get_by_instance_and_network')
+ self.mox.StubOutWithMock(db, 'fixed_ip_update')
++ self.mox.StubOutWithMock(quota.QUOTAS, 'reserve')
+
+ db.fixed_ip_update(mox.IgnoreArg(),
+ mox.IgnoreArg(),
+@@ -390,6 +402,9 @@ class FlatNetworkTestCase(test.TestCase):
+ mox.IgnoreArg()).AndReturn({'security_groups':
+ [{'id': 0}]})
+
++ quota.QUOTAS.reserve(mox.IgnoreArg(),
++ fixed_ips=mox.IgnoreArg()).AndReturn(None)
++
+ db.fixed_ip_associate_pool(mox.IgnoreArg(),
+ mox.IgnoreArg(),
+ mox.IgnoreArg()).AndReturn(fixedip)
+diff --git a/nova/tests/test_quota.py b/nova/tests/test_quota.py
+index dd86c7c..5baf966 100644
+--- a/nova/tests/test_quota.py
++++ b/nova/tests/test_quota.py
+@@ -723,6 +723,7 @@ class DbQuotaDriverTestCase(test.TestCase):
+ quota_volumes=10,
+ quota_gigabytes=1000,
+ quota_floating_ips=10,
++ quota_fixed_ips=10,
+ quota_metadata_items=128,
+ quota_injected_files=5,
+ quota_injected_file_content_bytes=10 * 1024,
+@@ -755,6 +756,7 @@ class DbQuotaDriverTestCase(test.TestCase):
+ volumes=10,
+ gigabytes=1000,
+ floating_ips=10,
++ fixed_ips=10,
+ metadata_items=128,
+ injected_files=5,
+ injected_file_content_bytes=10 * 1024,
+@@ -791,6 +793,7 @@ class DbQuotaDriverTestCase(test.TestCase):
+ volumes=10,
+ gigabytes=500,
+ floating_ips=10,
++ fixed_ips=10,
+ metadata_items=64,
+ injected_files=5,
+ injected_file_content_bytes=5 * 1024,
+@@ -847,6 +850,7 @@ class DbQuotaDriverTestCase(test.TestCase):
+ self._stub_quota_class_get_all_by_name()
+
+ def test_get_project_quotas(self):
++ self.maxDiff = None
+ self._stub_get_by_project()
+ result = self.driver.get_project_quotas(
+ FakeContext('test_project', 'test_class'),
+@@ -888,6 +892,11 @@ class DbQuotaDriverTestCase(test.TestCase):
+ in_use=2,
+ reserved=0,
+ ),
++ fixed_ips=dict(
++ limit=10,
++ in_use=0,
++ reserved=0,
++ ),
+ metadata_items=dict(
+ limit=64,
+ in_use=0,
+@@ -926,6 +935,7 @@ class DbQuotaDriverTestCase(test.TestCase):
+ ))
+
+ def test_get_project_quotas_alt_context_no_class(self):
++ self.maxDiff = None
+ self._stub_get_by_project()
+ result = self.driver.get_project_quotas(
+ FakeContext('other_project', 'other_class'),
+@@ -966,6 +976,11 @@ class DbQuotaDriverTestCase(test.TestCase):
+ in_use=2,
+ reserved=0,
+ ),
++ fixed_ips=dict(
++ limit=10,
++ in_use=0,
++ reserved=0,
++ ),
+ metadata_items=dict(
+ limit=128,
+ in_use=0,
+@@ -1004,6 +1019,7 @@ class DbQuotaDriverTestCase(test.TestCase):
+ ))
+
+ def test_get_project_quotas_alt_context_with_class(self):
++ self.maxDiff = None
+ self._stub_get_by_project()
+ result = self.driver.get_project_quotas(
+ FakeContext('other_project', 'other_class'),
+@@ -1045,6 +1061,11 @@ class DbQuotaDriverTestCase(test.TestCase):
+ in_use=2,
+ reserved=0,
+ ),
++ fixed_ips=dict(
++ limit=10,
++ in_use=0,
++ reserved=0,
++ ),
+ metadata_items=dict(
+ limit=64,
+ in_use=0,
+@@ -1145,6 +1166,9 @@ class DbQuotaDriverTestCase(test.TestCase):
+ floating_ips=dict(
+ limit=10,
+ ),
++ fixed_ips=dict(
++ limit=10,
++ ),
+ metadata_items=dict(
+ limit=64,
+ ),
+--
+1.8.1.5
+
diff --git a/sys-cluster/nova/nova-2012.2.3-r1.ebuild b/sys-cluster/nova/nova-2012.2.3-r2.ebuild
index 1addf2883bf6..cb080dad8b99 100644
--- a/sys-cluster/nova/nova-2012.2.3-r1.ebuild
+++ b/sys-cluster/nova/nova-2012.2.3-r2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2012.2.3-r1.ebuild,v 1.1 2013/02/26 21:44:05 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2012.2.3-r2.ebuild,v 1.1 2013/03/14 20:40:51 prometheanfire Exp $
EAPI=5
PYTHON_COMPAT=( python2_5 python2_6 python2_7 )
@@ -46,6 +46,7 @@ RDEPEND="=dev-python/amqplib-0.6.1
PATCHES=(
"${FILESDIR}/nova-folsom-CVE-2013-1664.patch"
"${FILESDIR}/nova-folsom-3-CVE-2013-0335.patch"
+ "${FILESDIR}/nova-folsom-3-CVE-2013-1838.patch"
)
python_install() {