nova update for cve-2013-4261

Package-Manager: portage-2.1.12.2/cvs/Linux x86_64 Manifest-Sign-Key: 0x2471EB3E40AC5AC3
author: Matt Thode <prometheanfire@gentoo.org> 2013-09-11 16:14:45 +0000
committer: Matt Thode <prometheanfire@gentoo.org> 2013-09-11 16:14:45 +0000
commit: e18f6f32e5a988b3d97a750429b264338d36ddba (patch)
tree: de693d52fd22f203b2c6d4fb43659ff21b0f8bde /sys-cluster
parent: updating keystone for cve-2013-4294 (diff)
download: historical-e18f6f32e5a988b3d97a750429b264338d36ddba.tar.gz
historical-e18f6f32e5a988b3d97a750429b264338d36ddba.tar.bz2
historical-e18f6f32e5a988b3d97a750429b264338d36ddba.zip
6 files changed, 225 insertions, 20 deletions
diff --git a/sys-cluster/nova/ChangeLog b/sys-cluster/nova/ChangeLog
index 48071d7ed69b..6da0079401aa 100644
--- a/sys-cluster/nova/ChangeLog
+++ b/sys-cluster/nova/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-cluster/nova
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.24 2013/09/10 05:04:23 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/ChangeLog,v 1.25 2013/09/11 16:14:30 prometheanfire Exp $
+
+*nova-2012.2.4-r6 (11 Sep 2013)
+*nova-2013.1.3-r3 (11 Sep 2013)
+
+  11 Sep 2013; Matthew Thode <prometheanfire@gentoo.org>
+  +files/2012.2.4-CVE-2013-4261.patch, +files/2013.1.3-CVE-2013-4261.patch,
+  +nova-2012.2.4-r6.ebuild, +nova-2013.1.3-r3.ebuild, -nova-2012.2.4-r5.ebuild,
+  -nova-2013.1.3-r2.ebuild:
+  nova update for cve-2013-4261
 
   10 Sep 2013; Matthew Thode <prometheanfire@gentoo.org>
   nova-2012.2.4-r5.ebuild, nova-2013.1.3-r2.ebuild, nova-2013.1.9999.ebuild,
diff --git a/sys-cluster/nova/Manifest b/sys-cluster/nova/Manifest
index 97186f39d7a5..d393ac41283d 100644
--- a/sys-cluster/nova/Manifest
+++ b/sys-cluster/nova/Manifest
@@ -3,6 +3,8 @@ Hash: SHA256
 
 AUX 2012.2.4-CVE-2013-2256.patch 14502 SHA256 752d430cfda003c42877c16638b8eefbfd1632ca9845e229d40aa0811e203d6f SHA512 51091d2cb4d352ed6f996ee7b261361d6eac51bc9a69c33f9e0c03810fb2da607173331275494517e8bb12c9ba14aaad448b80826ea8f7be0db880e9b1f9d4ec WHIRLPOOL 287ab4cddc376101b0d70c789de635efa18da847e104a7953ff0cafd4bf5f12394abdac457d376d3d0cd7f7ba8d06e2435151d17869db27381f0940f1e5ae937
 AUX 2012.2.4-CVE-2013-4185.patch 4519 SHA256 f2665d38ffc294a53a41f2ca4a83768ed406da5679212919a311648dc1b53b1e SHA512 8a4fd266524a1d297079637e35cacf219b03533bdea5d3279152b898dc473d75c6be91311d21a27f58179246b6337a61de79477655d29ce2319556bf52fbbbc2 WHIRLPOOL ad97c81fe752edcf205b41db1dbb1173b66cc81583134da5a56a7966dcb48dfbe450a869d953946a5be979f915e8ca288b890df0176a3e393ff8ad0fd55147c0
+AUX 2012.2.4-CVE-2013-4261.patch 4252 SHA256 b63b8ef33f42dd6f591b36505427c477ae0521c0896221f29a1eb5f7392ffa27 SHA512 664a410ec37c356f7d095427593c2b4bf35b2a4f5be734d2af3f094deddc518eae58662a48ccfbbd981e826a4b924bcfdcf72b92524b37a0b7748acb06fd8322 WHIRLPOOL 8a397b6482d84cce0525558475190c6bceffbcdcd3a78683f8ad416deb319f9744229a6595d852cea8faca37dd5646cc91f019a426dc3343f0c42ced125180ee
+AUX 2013.1.3-CVE-2013-4261.patch 3219 SHA256 8b16550aaaf0921a4a4020759b25944fcae1ad872637cc90283f7276e2e65711 SHA512 76919b36d76974d0f8d7fb7c978b7ca66e9c03181e47d3be9059da8f9efd8023ca6dcaf543d8d9af2ae0ff63199a134d4fe88defc08aec640e1790fa178fb4dc WHIRLPOOL da1976b1ebdfd0faa8e87e4e6db507883759d804a57d9a9b7fac7d14aa56faa7ee4b8cc1fccbe5ce8722eade8e19008fc8a9354ec30e5d9df24c640fc11c3991
 AUX nova-confd 101 SHA256 d9013141618d1e8b8ba85297155747d9c8fc362238de7bba3108b9a2539c8c73 SHA512 4c7ec1d123f2cdaf394d1f4824df861bbe309b0b329db44080160d81746cd0fc9d4cc1b35da0f66ab075f1d4e835ababfb7bccaf4a2e931e60f2c0ac572a552e WHIRLPOOL 6a237357a3905d29a96b32c37f6d189e4f5cefc0986bb091e24a79295191332143741c604c2a9fd44484c75b3be89742a5570862cf0cd4ba225425f7f32b5348
 AUX nova-folsom-4-CVE-2013-2030.patch 1303 SHA256 55ee950de12d27420762b99514a56075bcaf866eb4352dfc038a56eaa2f458f9 SHA512 1dade2e76f559fed97be0259ab1bf16404ee86fcd2039f1e4df78ecf0ddc9cd2ccd8cbb557f4194bc949bc2d9634abef4939f1fbd564ee73def997ce759f6dc3 WHIRLPOOL 45cef89069302b3d73da205600201620115364a5e4d9dc7c850073aed03baff3a731126308ab2ba75d16677d7e32cd17d780640aa8571a753bf797ae664924d1
 AUX nova-folsom-4-CVE-2013-2096.patch 4545 SHA256 b7203f3d380b3d545259060872933e38d40a53b1e9081ab8b93f623fb2a30115 SHA512 f97c4330f4cd8433b150390f22194e86fccf50ecd9300f1b3692e07e3a8b53ee4ec844f191ea28a75298535c66f11aed77c6cb8fb8624b382a793d05e683bc68 WHIRLPOOL 4460bf65d8bffe03f8a4518a99f81f86f6c2f11ce8c6d1ce6ff03ce836da247dc6c8bed73e875a3b47427970291a10d6f34be5b056c4c7fef505ca2bab0b18ed
@@ -11,26 +13,26 @@ AUX nova-initd 1496 SHA256 5b5f928335ac345103492555c3bc57407f547915b099762d0087a
 AUX nova-sudoers 78 SHA256 9e88c2843fb74cc46802c0b103067ad12915ec50335d05e546a5dba76acb4a76 SHA512 22c0606c6335b2d1a03bd18a319a54f16f76f091b2e8416dbba05ce7c15890beff7f32f0322eb5ba3f2a5c750436cacbe0cee189b390b878e3f0c0df219ef984 WHIRLPOOL bc42ae1d12e9f900b263fd5c3d0f59062f46fbec1ff97c0bceb234082bea5943eb64795b4f5e102b8e2749c6868163e5924467088cad42df09345e3406e5f83c
 DIST nova-2012.2.4.tar.gz 6286004 SHA256 883a44282514b484a1187c07875834b9c4648555bf20002aceb1d6731ebd0252 SHA512 c05705c7802035232921e7ca9cdcea05571f4771dae573f9364b740553e470d8e4b4e832bf04120c089bad48a75b8493921eefeb28383f70620495a935ad6ec3 WHIRLPOOL 9e8c56b1a66f15f5f6218413e1cd518a0e73f371baea774023a11ad38abccae3e172ec0894fd77f59848685d1993451499916b94c62289d16f57470005e7c123
 DIST nova-2013.1.3.tar.gz 5780115 SHA256 f7c25186920daccb16867c5fd272318beb8cc076e5a55f79b5906618ef2724f4 SHA512 3de29f1cf0789285c7600796588058f056d4196138584bb5ec13a0ea034bbc0569d116a668db67022e302b29995af5960093af1103996269d73dccd62a5dd238 WHIRLPOOL ebb06733a710764004f99da2a69d5479cdd50e35da6d0992233ab9ca0a7a5854a678c5d184d40f97a66fa3abd052b1e6de4629963dd58292f677707997e56239
-EBUILD nova-2012.2.4-r5.ebuild 3919 SHA256 0c93000aa94f3149a67268ea14f55e39793d4a196f276f420dd0a1fdfa54173f SHA512 defd776aa1811f1df2ec99e0dfe8ceb28fe8cbcd195cb294fab818b4f4248ecdf0d8881788c798ec4d65b7f4c0c605547a5d3a16de31cd47fa0afdc30e8421ca WHIRLPOOL 34aa55dc4218dcad7b99af7f54d1d88de357d4a075be03c3e73ffcded6ac993755cd15e4faf620a78387bdc6049e87b7aefc41d50b37e14986c83cadde465268
-EBUILD nova-2013.1.3-r2.ebuild 4133 SHA256 5d9a3e872583214f9f44601d5bd97940fbbae36c54115de0ea90de06b6f05758 SHA512 fbd98c82d9730609bf95c73b833c47d2c593d65c2552c791a06519b11e0446a0561888f45fd87c2ebfa65672d23e37614c189c0c7cfaef04875f884891f60aa3 WHIRLPOOL 99cb38bdff18f97b9c05c7a611b6313045f5ad77aa3a9e7ed07e8ded52d2bff9583fb078ff94435e905aa9a2e3ca92e493e3996d32673181f056e42d331ee064
+EBUILD nova-2012.2.4-r6.ebuild 3963 SHA256 bf81c9163154ab2eb436bbaa9059576374397aea5278964a6d29bef81e9be71c SHA512 2d303f2c7c5354ae30abe3bd61c3b1eb32966a5f048dd2710bc1604e1e689af38f32c6a8cb25b6ebaccec69176d8ebc9ae59bb8577d7bd799779de37d78c6bb3 WHIRLPOOL 09716e6e1f507428534c6b10de115d1818b6e902560064e6d041948316f6029064ea6584b9d1cce302ce4596867aabd67eab1226ac35f833ef9eb3436fe5918c
+EBUILD nova-2013.1.3-r3.ebuild 4126 SHA256 32b1a459100214912f7eb772c1289518ffcf6c7ef3087a7c79bd42958fc2c563 SHA512 b501c0a6f16e80152c7d9ebb0fc264c0c2b4b2f1fea6d7af1ce275f401145c59e09ae5c5049b882f28c3cdb8865e43d8d43bd2f17ad2c9030af09b6079b5bd02 WHIRLPOOL efc0feed8b19572020cb0b4616c137a6d61b7b3cb4cab8e37c766d7fdf98bbae0b3065d7695398e4a8b7f1d61a19bae17657b04e27623f9021d55cb543ee9bca
 EBUILD nova-2013.1.9999.ebuild 4087 SHA256 39e6b663f09c62cc87601eb4b101ef6f45af6e0173e75e94086b1b1e1c70eaff SHA512 2403588f176b8fcd2dd202d92609fa715a7f60b71f852a9b6fcd00392811d98eb416bff806362f7da1b2ae45a574b8caf551f253bafacff8b6ecd75b4768390f WHIRLPOOL dfd8ae625918f5e8a07fffe728f7f429c5227d5232a05eb9a2d6dd78352d803cf94771437b29e1955089337f799b5d49740d4ba6effdca07b444f344cf6364cb
 EBUILD nova-9999.ebuild 4399 SHA256 9c90c2109d76dae526e0730415bd3ed5d61acc30ed63a948686879893aded75b SHA512 71e98615bd635027856c722593ae2b4c9879dab978dac3c4ffd1407dc3ed2a55b367abe41e2a1344d23492c1b5ed2bde98fde95c21895fecd351b09f422172cb WHIRLPOOL 1d4a15def83e0f8545974f8e8c5d3d2bf03ca4741bf970cebcd1da0e53718aa1c56ea2acbeb9af58b0e23f45a97b80e63d8abc8cc6195478d8dab9918fbc7e79
-MISC ChangeLog 5527 SHA256 8869efad15826f8465af9257a3291bc3d6bccc893a81c82d3d39a57e4aa4239a SHA512 f3fecbbaff98d5264b640cca16bdedf824acf7cafdad6f12464e684b1d32e8ef9ed02291734910ae9700ef1a8a921d0451a4b1193a03d7ed536b05d33530f94a WHIRLPOOL efe97b595056e8ba62d677dd49713146584fbbff8593e8f0a6d816badf842729ce33f35bb8deb6173e2e5ff61341cb53b8fad144145b6ee65fda7e21639586bb
+MISC ChangeLog 5866 SHA256 5f6f226400542901f3617a4871ca34992745541dcb728e2fad612b7aa196849f SHA512 31592b827e94d62ab98a82b2dc53bcb9b21e017fdbcfbb3aa94e17e48d9397b10cdec65ced9e2a869f7b8a34cdd32c3e4ae2487b4d88cc107a251efa013dbcc9 WHIRLPOOL 9cd6436939068d87aa92c2ddb5a08da2eec5cb86229157a4b183efed66f1a57ae8563a6f5e5c9c2daae2dd232a8628b270cfbf359a25ed40a910da71a7aaf66d
 MISC metadata.xml 1320 SHA256 62fa65c1ae4717c2cd0340eef975d759710ed33d467c0603a48f23530d1dbdc3 SHA512 028077c33e7788e7825edd29d2506e6580df33d7b471fc7bdc1bf6cce4d01d3a4f1f9bbdbe3f62a9cb19929681dc0d23b6f56e597e2d9eee4140a21c4619e7ec WHIRLPOOL e5be2b277c7ac69fa8bb1696725b67eae3873de8a1d12c7fcf677cae757ff2321b9d2f1170e4cf7f520a58a8e16ca5d439c2d8127dc4178074f26c6883d0e3fd
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.20 (GNU/Linux)
 
-iQIcBAEBCAAGBQJSLqiyAAoJECRx6z5ArFrDjhIQALyhxsOEU3ZJe2mmU50smLnO
-Zx+uGrOkwOZc9TcvrjqJTBffdL84MU/fj4EA+158ezjP20fa4mRk4pXKb4ewLlKo
-DowAJg9F+zyllqWPaSxa2luYXavfJVMivSjf/WOBHazFYnHfFt3yf9z/o31sB6Zc
-AFIKKNmjVPpNzaEy1lomHa0F7lEaSRqNKqABx8acAhLOpEsR/lsMplMf8MWnRXQT
-Fx5OTPycshCrmo+V9JTJZcGYoZeGmSXg1dUa/soMioEodRz7nyewJAAV2UraiNSm
-ABtGapTEgsKagFDU7oNtd9BXIuZeFq8GjZoUd4oo2p4qZeA7hGfNszHuYQGm3Dbg
-h+sQ1NMCMS09z4SsKh8QQC9EuBBBUEhzwiHaPc3M90F63z/kvzMxwbVp0wvtrRSB
-mB1lVIm5G9YNzC7VstXhsaAxEjItXzUunpz56JAhjLMwt+gnnS9tUCS0ErLYzpKY
-w4ndKdzScmKhg6GtTrZG3q4Pig9tGQT6Zo+0NEm9Qhj9IkUI2ZnNZ3o8va7KWepW
-Uzd6/Km9Tqtay19CPy4n3sWczJNl0e75swHvRCspdyfnlBPUn2s4RWWNulDy7k5E
-utvUAlVHZXE1zh8CLuaZ8XVqOYLg+CRa0Ez1ylZQtmEAFL4JK8B17l4FVHor7iUL
-lsDTlWkvQx4twZbKOF/n
-=TDs5
+iQIcBAEBCAAGBQJSMJdDAAoJECRx6z5ArFrDufgP+gPk8RQRHLL65XCu/PtLossc
+94zYs+GnEkO+KkPs5wda5GQpGC6jJwZ5tmAFbC6mLnPI8Z2RKyfjslfD79dOnorV
+c2CtU7Uw/wwMtA8iG4+T8oVcYV0SzlgT/xgsCaUSWYYmJvrqmJaufGu+d4+CRlIN
+QY3rH+t/0sZyyYmrT/OGpK9csqVPRoJgnzxDDJ7y5ccLtHptftXBFza8WOyzzoia
+1jgYErTmw7FONxYb0dpv4zhfXw8KVuKrT/qJfG6jl2ysK5YMnyiO1N0Y6QLksBKL
+3b4OlAtKr94TMEY510qdy4IKTHQ2XGuvXOl9lFoi7H1RxW+TrgGBw5xdG409+ufU
+SRkllvscMAaEx6ivRaLnzOA2Ei2nvClaQiH7hgDbJus8Qn2I1RxdzGeZ0aU7jAcj
+ssfh+Zp7WMZXAoRtlyaF/gW2NbfFwH32FCE/OvnaaJU5JrZRmARJBVuw55fg/uDX
+ULvxTGjfiaKcxDM2H38Vw/B/gI0LWIs4LHBDMUg3LVABl2mhIeC0y1dK2vNiRtZv
+T21prTWLFdi38kQL2iCVE3hJZz3ckXg9XZTSH+jFf9+VasYY2mkydkfxGg0Kp84j
+kUwqG1HdX9bRZ9hC6+nSga1R+DTbhS9AmQk5RXTBNkpfmIfBJXAzf9wiDLwBpAFy
+Qj0a8ewtBeJ6lC0MxZG4
+=8Gfn
 -----END PGP SIGNATURE-----
diff --git a/sys-cluster/nova/files/2012.2.4-CVE-2013-4261.patch b/sys-cluster/nova/files/2012.2.4-CVE-2013-4261.patch
new file mode 100644
index 000000000000..eacc6286fb98
--- /dev/null
+++ b/sys-cluster/nova/files/2012.2.4-CVE-2013-4261.patch
@@ -0,0 +1,114 @@
+From ef5730a4620b409a3b46e46966e3bc6f3a306464 Mon Sep 17 00:00:00 2001
+From: Ben Nemec <bnemec@us.ibm.com>
+Date: Thu, 9 May 2013 19:06:45 +0000
+Subject: [PATCH] Fix problem with long messages in Qpid (from oslo)
+
+This is commit 478ac3a3e in oslo-incubator
+
+Qpid has a limitation where it cannot serialize a dict containing a
+string greater than 65535 characters. This change alters the Qpid
+implementation to JSON encode the dict before sending it, but only if
+Qpid would fail to serialize it. This maintains as much backward
+compatibility as possible, though long messages will still fail if they
+are sent to an older receiver.
+
+Even though this change will modify the message format, it will only do
+it when messages are longer than 65K which would be broken anyway and
+could cause serious bugs like the one linked below.
+
+Fixes bug 1215091
+
+Change-Id: I2f0e88435748bab631d969573d3a598d9e1f7fef
+---
+ nova/openstack/common/rpc/impl_qpid.py | 47 ++++++++++++++++++++++++++++++++++
+ 1 file changed, 47 insertions(+)
+
+diff --git a/nova/openstack/common/rpc/impl_qpid.py b/nova/openstack/common/rpc/impl_qpid.py
+index e579316..67388fd 100644
+--- a/nova/openstack/common/rpc/impl_qpid.py
++++ b/nova/openstack/common/rpc/impl_qpid.py
+@@ -23,6 +23,7 @@ import uuid
+ 
+ import eventlet
+ import greenlet
++import qpid.codec010 as qpid_codec
+ import qpid.messaging
+ import qpid.messaging.exceptions
+ 
+@@ -63,6 +64,8 @@ qpid_opts = [
+ 
+ cfg.CONF.register_opts(qpid_opts)
+ 
++JSON_CONTENT_TYPE = 'application/json; charset=utf8'
++
+ 
+ class ConsumerBase(object):
+     """Consumer base class."""
+@@ -117,10 +120,27 @@ class ConsumerBase(object):
+         self.receiver = session.receiver(self.address)
+         self.receiver.capacity = 1
+ 
++    def _unpack_json_msg(self, msg):
++        """Load the JSON data in msg if msg.content_type indicates that it
++           is necessary.  Put the loaded data back into msg.content and
++           update msg.content_type appropriately.
++
++        A Qpid Message containing a dict will have a content_type of
++        'amqp/map', whereas one containing a string that needs to be converted
++        back from JSON will have a content_type of JSON_CONTENT_TYPE.
++
++        :param msg: a Qpid Message object
++        :returns: None
++        """
++        if msg.content_type == JSON_CONTENT_TYPE:
++            msg.content = jsonutils.loads(msg.content)
++            msg.content_type = 'amqp/map'
++
+     def consume(self):
+         """Fetch the message and pass it to the callback object"""
+         message = self.receiver.fetch()
+         try:
++            self._unpack_json_msg(message)
+             self.callback(message.content)
+         except Exception:
+             LOG.exception(_("Failed to process message... skipping it."))
+@@ -220,8 +240,35 @@ class Publisher(object):
+         """Re-establish the Sender after a reconnection"""
+         self.sender = session.sender(self.address)
+ 
++    def _pack_json_msg(self, msg):
++        """Qpid cannot serialize dicts containing strings longer than 65535
++           characters.  This function dumps the message content to a JSON
++           string, which Qpid is able to handle.
++
++        :param msg: May be either a Qpid Message object or a bare dict.
++        :returns: A Qpid Message with its content field JSON encoded.
++        """
++        try:
++            msg.content = jsonutils.dumps(msg.content)
++        except AttributeError:
++            # Need to have a Qpid message so we can set the content_type.
++            msg = qpid.messaging.Message(jsonutils.dumps(msg))
++        msg.content_type = JSON_CONTENT_TYPE
++        return msg
++
+     def send(self, msg):
+         """Send a message"""
++        try:
++            # Check if Qpid can encode the message
++            check_msg = msg
++            if not hasattr(check_msg, 'content_type'):
++                check_msg = qpid.messaging.Message(msg)
++            content_type = check_msg.content_type
++            enc, dec = qpid.messaging.message.get_codec(content_type)
++            enc(check_msg.content)
++        except qpid_codec.CodecException:
++            # This means the message couldn't be serialized as a dict.
++            msg = self._pack_json_msg(msg)
+         self.sender.send(msg)
+ 
+ 
+-- 
+1.8.1.2
+
+
diff --git a/sys-cluster/nova/files/2013.1.3-CVE-2013-4261.patch b/sys-cluster/nova/files/2013.1.3-CVE-2013-4261.patch
new file mode 100644
index 000000000000..ce266d4dd453
--- /dev/null
+++ b/sys-cluster/nova/files/2013.1.3-CVE-2013-4261.patch
@@ -0,0 +1,79 @@
+From 2d949c415b97ed9649e78c880ab149d0d39c1152 Mon Sep 17 00:00:00 2001
+From: Xavier Queralt <xqueralt@redhat.com>
+Date: Thu, 5 Sep 2013 10:08:29 +0200
+Subject: [PATCH] Fix Qpid when sending long messages (from oslo)
+
+This is commit 4f97479ad in oslo-incubator
+
+Qpid has a limitation where it cannot serialize a dict containing a
+string greater than 65535 characters. This change alters the Qpid
+implementation to JSON encode the dict before sending it, but only if
+Qpid would fail to serialize it. This maintains as much backward
+compatibility as possible, though long messages will still fail if they
+are sent to an older receiver.
+
+The first part of this fix was ported to Grizzly in Ib52e9458a to allow
+receiving messages from Havana using the new format. Even though this
+change will modify the message format, it will only do it when messages
+are longer than 65K which would be broken anyway and could cause serious
+bugs like the one linked below.
+
+Fixes bug 1215091
+
+Change-Id: I505b648c3d0e1176ec7a3fc7d1646fa5a5232261
+---
+ nova/openstack/common/rpc/impl_qpid.py | 28 ++++++++++++++++++++++++++++
+ 1 file changed, 28 insertions(+)
+
+diff --git a/nova/openstack/common/rpc/impl_qpid.py b/nova/openstack/common/rpc/impl_qpid.py
+index 0044088..a7aebc1 100644
+--- a/nova/openstack/common/rpc/impl_qpid.py
++++ b/nova/openstack/common/rpc/impl_qpid.py
+@@ -31,6 +31,7 @@ from nova.openstack.common import log as logging
+ from nova.openstack.common.rpc import amqp as rpc_amqp
+ from nova.openstack.common.rpc import common as rpc_common
+ 
++qpid_codec = importutils.try_import("qpid.codec010")
+ qpid_messaging = importutils.try_import("qpid.messaging")
+ qpid_exceptions = importutils.try_import("qpid.messaging.exceptions")
+ 
+@@ -247,8 +248,35 @@ class Publisher(object):
+         """Re-establish the Sender after a reconnection"""
+         self.sender = session.sender(self.address)
+ 
++    def _pack_json_msg(self, msg):
++        """Qpid cannot serialize dicts containing strings longer than 65535
++           characters.  This function dumps the message content to a JSON
++           string, which Qpid is able to handle.
++
++        :param msg: May be either a Qpid Message object or a bare dict.
++        :returns: A Qpid Message with its content field JSON encoded.
++        """
++        try:
++            msg.content = jsonutils.dumps(msg.content)
++        except AttributeError:
++            # Need to have a Qpid message so we can set the content_type.
++            msg = qpid_messaging.Message(jsonutils.dumps(msg))
++        msg.content_type = JSON_CONTENT_TYPE
++        return msg
++
+     def send(self, msg):
+         """Send a message"""
++        try:
++            # Check if Qpid can encode the message
++            check_msg = msg
++            if not hasattr(check_msg, 'content_type'):
++                check_msg = qpid_messaging.Message(msg)
++            content_type = check_msg.content_type
++            enc, dec = qpid_messaging.message.get_codec(content_type)
++            enc(check_msg.content)
++        except qpid_codec.CodecException:
++            # This means the message couldn't be serialized as a dict.
++            msg = self._pack_json_msg(msg)
+         self.sender.send(msg)
+ 
+ 
+-- 
+1.8.1.2
+
+
diff --git a/sys-cluster/nova/nova-2012.2.4-r5.ebuild b/sys-cluster/nova/nova-2012.2.4-r6.ebuild
index b6fa0fa154b2..0fac44207aa8 100644
--- a/sys-cluster/nova/nova-2012.2.4-r5.ebuild
+++ b/sys-cluster/nova/nova-2012.2.4-r6.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2012.2.4-r5.ebuild,v 1.2 2013/09/10 05:04:23 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2012.2.4-r6.ebuild,v 1.1 2013/09/11 16:14:30 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -49,6 +49,7 @@ PATCHES=(
 	"${FILESDIR}/nova-folsom-4-CVE-2013-2096.patch"
 	"${FILESDIR}/2012.2.4-CVE-2013-2256.patch"
 	"${FILESDIR}/2012.2.4-CVE-2013-4185.patch"
+	"${FILESDIR}/2012.2.4-CVE-2013-4261.patch"
 )
 
 pkg_setup() {
diff --git a/sys-cluster/nova/nova-2013.1.3-r2.ebuild b/sys-cluster/nova/nova-2013.1.3-r3.ebuild
index 691eb8d64e68..49a53eaab447 100644
--- a/sys-cluster/nova/nova-2013.1.3-r2.ebuild
+++ b/sys-cluster/nova/nova-2013.1.3-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.3-r2.ebuild,v 1.2 2013/09/10 05:04:22 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/nova/nova-2013.1.3-r3.ebuild,v 1.1 2013/09/11 16:14:30 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -54,8 +54,8 @@ RDEPEND=">=dev-python/amqplib-0.6.1[${PYTHON_USEDEP}]
 		virtual/python-argparse[${PYTHON_USEDEP}]"
 
 PATCHES=(
+	"${FILESDIR}/2013.1.3-CVE-2013-4261.patch"
 )
-#	"${FILESDIR}/nova-grizzly-1-CVE-2013-2096.patch"
 
 pkg_setup() {
 	enewgroup nova
author	Matt Thode <prometheanfire@gentoo.org>	2013-09-11 16:14:45 +0000
committer	Matt Thode <prometheanfire@gentoo.org>	2013-09-11 16:14:45 +0000
commit	e18f6f32e5a988b3d97a750429b264338d36ddba (patch)
tree	de693d52fd22f203b2c6d4fb43659ff21b0f8bde /sys-cluster
parent	updating keystone for cve-2013-4294 (diff)
download	historical-e18f6f32e5a988b3d97a750429b264338d36ddba.tar.gz historical-e18f6f32e5a988b3d97a750429b264338d36ddba.tar.bz2 historical-e18f6f32e5a988b3d97a750429b264338d36ddba.zip