fix for bug 505980 CVE-2014-0056

Package-Manager: portage-2.2.8-r1/cvs/Linux x86_64 Manifest-Sign-Key: 0x2471EB3E40AC5AC3
author: Matt Thode <prometheanfire@gentoo.org> 2014-03-27 22:34:15 +0000
committer: Matt Thode <prometheanfire@gentoo.org> 2014-03-27 22:34:15 +0000
commit: 3c22934d739e9c97277090a528a15d15f6f332f1 (patch)
tree: 707b56a9119d3a627a10e18cdb1abad71b74e851 /sys-cluster
parent: Version bump (diff)
download: historical-3c22934d739e9c97277090a528a15d15f6f332f1.tar.gz
historical-3c22934d739e9c97277090a528a15d15f6f332f1.tar.bz2
historical-3c22934d739e9c97277090a528a15d15f6f332f1.zip
4 files changed, 272 insertions, 18 deletions
diff --git a/sys-cluster/neutron/ChangeLog b/sys-cluster/neutron/ChangeLog
index 70c7d4536636..52964766dfc0 100644
--- a/sys-cluster/neutron/ChangeLog
+++ b/sys-cluster/neutron/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-cluster/neutron
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/ChangeLog,v 1.25 2014/03/23 20:27:12 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/ChangeLog,v 1.26 2014/03/27 22:34:02 prometheanfire Exp $
+
+*neutron-2013.2.2-r1 (27 Mar 2014)
+
+  27 Mar 2014; Matthew Thode <prometheanfire@gentoo.org>
+  +files/2013.2.2-CVE-2014-0056.patch, +neutron-2013.2.2-r1.ebuild,
+  -neutron-2013.2.2.ebuild:
+  fix for bug 505980 CVE-2014-0056
 
 *neutron-2013.1.5 (23 Mar 2014)
 
diff --git a/sys-cluster/neutron/Manifest b/sys-cluster/neutron/Manifest
index 28038e95dc98..7e63877f5586 100644
--- a/sys-cluster/neutron/Manifest
+++ b/sys-cluster/neutron/Manifest
@@ -1,6 +1,7 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
+AUX 2013.2.2-CVE-2014-0056.patch 12233 SHA256 96c9225b7aa0e6c1788103776fec907a198f47038d57f650c7159ed057e5e65f SHA512 b5d3a58944d3a26369a8e4f18d982be944dea0aac8df213931dc18c599dd9648229739d988249205af2528452aa1adde1dc1b230fd0636ecdaf043e440bdb6ab WHIRLPOOL 32251b8e67fdb7c52eed1e9d36bee1bbb1d48f197c0ead4f43a2cdb736dc8d5959fbc713a2878f52bf03b30a15034b516d7a8def22c4e85abcc19907d6858946
 AUX neutron-confd 75 SHA256 2e03d5dee96eb235d3d2742fb59b52376914dae1d8683144396d796dd35ea9f5 SHA512 fefe7dd1924fabed3cdddae2a407b254c62f39c49abeae238486896e9d26863caebfdfea6d52c5eef34d25452b163c373105929bd069b969c2af0f7d62d6c0e6 WHIRLPOOL 1ac7ed6b2287e66bc51be8b521e355a48e888e1e57371362bfd41fb831d63cc90aab542c1668b4acc1c087cb6bacd418a480e2732a7611b8df290bf63444c902
 AUX neutron-confd-2 75 SHA256 0fce0e6f6cec493b9b0bcb96fa3211ba47a6420b9ea675ef65979fd9505121c7 SHA512 e64116f6cab81a2ee56d797f8144dbc8b214fb627bc8d6c3045488b1fec694cee8e8f3f3fbd327fb28f704cdfae40ea468d8a212c819abd45e809a1fa56b9670 WHIRLPOOL fb027c386c99448c29b265adc234abbc4d23a8be015690fd024b1f39ccc18dd64a1ab57c6cc26a054d576a0bbbed797058b19db90abf0318ae79dddc4efd2056
 AUX neutron-initd 1610 SHA256 58f26e65b4f81ec3d4b0a670f06d9e5dddb35d2ad0dc5376587e654064059d81 SHA512 abd4170e7d7b720cd2aa7b4a65bd2fb4fdba0c11f976eb516a086e9e0e40a92428f4bcf5b3095ee8c31a0839a9d28a703fc42c0baf21bcf280867a805e86f19f WHIRLPOOL 7702f2df1e6fbebc8cc7fffb2590d9a2d3d7d496f0f5b62e72ab2c35fa226dad96492626c9ed5f5c59a33c1e9f06501f7625f037efe1926e22de0ad023d20669
@@ -12,25 +13,25 @@ DIST neutron-2013.2.2.tar.gz 4010144 SHA256 3181d76992b77b47b02f43aed1b62b17930d
 DIST quantum-2013.1.5.tar.gz 1182724 SHA256 1d6fd6905354225f9e225c5fa1c7a5c508f3c0c5b3236979a5e8e401876f2fb2 SHA512 e6f18e8900d56f95d099168d434c9154d4273d1958603b69fda564d1e2109b5505d2cc5c11842793e10ec07bde694cea1469e4ff727fbd5e529278147ada1cb9 WHIRLPOOL cf2789746bfb5c9b5166080f259e87bdda3d879cbcb82fa39b844aa9ee7d8d648eaab01d497d532886ed8f629f7af29c14f1d6dabeb177952e8b47d9d0f75c9f
 EBUILD neutron-2013.1.5.ebuild 4617 SHA256 3ef1b29e1f24d6aa8d15186e354ce42486ca9954eaa15c91b6e358f1b4fc5c5b SHA512 b657d4b7aa6efa0648fde06ce2e142c3b5985062d0d7d38ba7cd35f2ac3a75d360fd3c386773e250f171ee9d46a88cd88dabba6e431fe254b38a7b4611c8bf82 WHIRLPOOL 22634f0f07577e4fadf6f5f90a1a57c1e2c306740216149b97c2c715858cfe573e4ca49ad9bc70371c7d0384915ab73f2d8a0adda96afaf68bd9b585f84154d1
 EBUILD neutron-2013.1.9999.ebuild 4474 SHA256 325a48eb9f212eb2603ff2f5942f9dc34fffbad1a296bed6cf1b65afc32e40ba SHA512 d80dcc568b657fa7d25748213970dd5306c35ff0a1f3d32087ae78c469baafcb9844744d60db8595cc5afbcea8bced5087fa889f193f63870f9ba2287011d53b WHIRLPOOL 0874a425eb8e6b8ce1245453c1e095b6badb8a53c1912f05a9ffee5a4774f1e7e9e75b59793efb5fd2cf59b5c39488fd28bc86cce5aa910389d432f4119ffe75
-EBUILD neutron-2013.2.2.ebuild 5696 SHA256 bb96184e45e89c973c4e755981d8fe5f5c737f48edc4ef8fae683652e9206c0d SHA512 6afe633a4ffb6a7ff76dc9bb9930db9b43199d6092419e14489eeda0e66734319e51c448ceb6ad154e356dad091ff6d20500b84239806d46f6589254cc5143ec WHIRLPOOL 0c2cba7b5267f39f3014faee1adc731fdfc17503740be94e590065510f332172397afd21d62554d25ceb7d851226dd059a2760be315de05cdc472e3e49d99bdd
+EBUILD neutron-2013.2.2-r1.ebuild 5744 SHA256 8587a660a4d1ce37a07492b8527ba6f4aa5c5a633cff1976f8f32ff836f6da24 SHA512 ff73809d4634fa3ebdd652db64b599d921d2285f3adab9131e412f741b010597bd6d5b8a08a95204dfe394172309bf9dce3be06c633dfd4606559fada1c8c02f WHIRLPOOL ab3755438582661071f90621145914de1a914bf0a72f79bdf3fdc40278ae09f25bc15d74ffed237a45ebe09e119c163c91c06d1f71cc7a29222d26905b076c69
 EBUILD neutron-2013.2.9999.ebuild 5699 SHA256 eca1d474ea110482cc901ada794f72efb495de226834b11a87c005185af7bb1d SHA512 94bc0bf14894f20772586b7f19694f38fba9654404c6b507cfa9e483a90df166e32f6ab1db04d24f5a0147438fbc8f4def248d08101fec59d2849744bca5dde9 WHIRLPOOL fefec821fcfb38c3af2d84e961816486b86eeb2419ee33d6353991f6fd7fa710e5ee183c2469597850116028560eb67dec1a8ab17d471dd3b5aff3ba2523950c
 EBUILD neutron-9999.ebuild 4409 SHA256 7e81a4614bc6813ac6c71f330f02afdd4986de592bed8deb9ff662823f349b97 SHA512 cdca470997f7b31d5f99a682ae21f22870678437a1bd8128e3e7140589b3b6041f133108fdb3f390f8da768f4e131f327000ee3f3c7adb1bcc7332e038adde9d WHIRLPOOL 2288062acc8e99c6707917fc2ff80bf54ebf736cac1b3158b42148c6575e3f23c01257383ac030d75af9d0dcb422486bccc8f0d564c6eb805ff5c245d3cbcd4a
-MISC ChangeLog 9548 SHA256 d9789959ad34ba02ecc83c8d66d8b24d8ea83234561d28eaff754420cfd5d0f0 SHA512 7ff0576efbd7df9f57e3dee0a01de61747d06c875a7962653e30e53de219942ec1553d77349498269bb707c27906e001428c4c1a035386762498e52c437fb6c5 WHIRLPOOL e5d9e6f3e9c9b30573da32f42234662f4db2d6541f540ed752742005b3bd2371dfe83604cf4465cff2d25ffd3a23000e29cdb23f0fc8287143b03b6463f6ca03
+MISC ChangeLog 9773 SHA256 5fea7ad7ee143be876564dceb0adb3c61fd0682f54fe14db4d2a8e65a818d03e SHA512 7e448a479c77433fad44f8b72cf7588d21ada70f1d17da10874008dda17a4773186dcfd07820be5d9c41fe3fd18722ef60399ec4711fc73ac688e54865c7f2e8 WHIRLPOOL 1f2b5ced057a79e4ad239c601788880e865e7f9839c39e233e257b60c5dbb55932fa86bf54c57bbe19346eea59d37dc8686a510ca01bf51899e9541da3d69017
 MISC metadata.xml 1175 SHA256 95ceaccefb744f80032d97a4cc13c43c13d7e4116d6810d5779df5be3ebe11ce SHA512 74a46511f82bef78397bfaef2901606c6f468f532bbd7112fc8196b69362a4666fafbda8023a281514ada958cd2b4ba567f11dfa071d0b76bc94e456d96ed287 WHIRLPOOL 783aa30c05484b68b2a8f1ebcfd39294a21731cfa9587c0e1cd07ff291416d10912066e23c0572ac63a125f9836374c73b91775858c863abb0779eb13356ca11
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCAAGBQJTL0PRAAoJECRx6z5ArFrDadYP/2T9yV/etFNH1E+nrLoSosh4
-54oQ9F8OZoUNsxFHBASky4ymhM3wzrarGTTTozaQPLu1td54MaXkLBEDd9WOZ84x
-85vXDisBAtu00rFD20PUT75P3gOhC+/XonGiEdad3s36VD02NxCuQQUwC6O2PIUF
-kiW9oJbGQfp7J121ndIlfZpYq6JV8c/wG9EgXt/V1MV4hz79VzcFA2ONF8jIEl3h
-VgYaFGvP5D3HJdY+gZqlrU5hSJGcqVAisNSoYw1ulUBd8jTtaFZo4E3qh9DupRY5
-xnodQiY66sGq8fDEZ5Zeeje4wM3+XgIYEwgrXhrBRxk2C31Zo3DF/e3Pq6g3qNdw
-s62e6taEGCsMUkvDHjlVzJJMSZiIwwWjmmTGERT8V4wwqWZXHnYYwJkUY1seP7Xs
-HPkMyNDilFoj9kZdE1b6eudKC9DySJuhWhj4MGdzEtcBaqL3oJRUEp6fANLPCLju
-5yElQygfczgu/2JXyi4ZrSQJ0Wf63T76EpNXS2H2S/9fzanl9+SWuH946bA1D4CE
-LNKuQr2zDuBWC3+cmTMckQXW1NNN9+CLbtZqEV7Hr+NSXbNF3AO4abSF2m3zk/kG
-NN+3dn8nDwsCEA/4bzmlcDvEEtuID1hxXsoGLLwJGD/SBLgPF9wmtg+zHhM8XB0Z
-8In+LFzctZknN4Bq/f2o
-=yAWK
+iQIcBAEBCAAGBQJTNKePAAoJECRx6z5ArFrDUFYP/0azBrkr719AblYnLJ2km0EG
+/nS5BRv4EaiVfy5OrzZzLmnlrUoZITimVndug8zDf+JqTrAgFEJ5yDulJUIMgp4C
+Hu9amCpjm1NAAM/EByvkxJQy0NZpIXaiRr0paRDnZCj8KQufiFx+M7sHOgq3VhB/
+39BMnab/DDUmFNRFiY4JqsLlNwOiQj2wAZNgV3XfrN+RDiOXplNVkROnb483pqzb
+tyOzzMii95gClerQcD2GBhh16lr5vaeZOaF0gjnvfLpabFK3LsKbEEAHnjQ3HlPV
+RuLXVE8dZMvt5V5hb8F3EsJphDXunZjjKMpdbntt5RbFcrGwni1fjzFMBnwougGC
+HYYROaroqS7GzeAKHgIQ9FtaCgiEwMwO/Fh0ifJqKWxrbFfeqPxuWMrfQ3kopIdx
+00QEFAyt7sJiydEHCrH2pU/yX2huE+px8S5CPv8iOTrSTBiCF4W6ST0xu5oHMKM2
+/WhcKl1YeLGf/lbhpPPacF/SbXSwEGyb5bMSjeAgvuP0uMkwf5+ic/uP2b/uKg5n
+lx/Xsk7zo0dwFDCrFEMiqVbsoebxdKQGgCS8K1ZY5LfcLYUdV55lAUVDAs5p4mZ8
+3W9JPWS+vPvStfGK8j4VIunlSPUTTE2VH2KF6sSLW50g1SKuPtVPvE2yE3YVtGuf
+4pq7QnGDaFkoQ7bW+AUB
+=oRH3
 -----END PGP SIGNATURE-----
diff --git a/sys-cluster/neutron/files/2013.2.2-CVE-2014-0056.patch b/sys-cluster/neutron/files/2013.2.2-CVE-2014-0056.patch
new file mode 100644
index 000000000000..fc3a37dbcc38
--- /dev/null
+++ b/sys-cluster/neutron/files/2013.2.2-CVE-2014-0056.patch
@@ -0,0 +1,245 @@
+From 1faec8354a0fab953524eaeb6042ad38461a58bc Mon Sep 17 00:00:00 2001
+From: Aaron Rosen <aaronorosen@gmail.com>
+Date: Wed, 26 Mar 2014 16:36:56 -0700
+Subject: [PATCH] Prevent cross plugging router ports from other tenants
+
+Previously, a tenant could plug an interface into another tenant's
+router if he knew their router_id by creating a port with the correct
+device_id and device_owner. This patch prevents this from occuring
+by preventing non-admin users from creating ports with device_owner
+network:router_interface with a device_id that matches another tenants router.
+In addition, it prevents one from updating a ports device_owner and device_id
+so that the device_id won't match another tenants router with device_owner
+being network:router_interface.
+
+NOTE: with this change it does open up the possiblity for a tenant to discover
+router_id's of another tenant's by guessing them and updating a port till
+a conflict occurs. That said, randomly guessing the router id would be hard
+and in theory should not matter if exposed. We also need to allow a tenant
+to update the device_id on network:router_interface ports as this would be
+used for by anyone using a vm as a service router. This issue will be fixed in
+another patch upstream as a db migration is required but since this needs
+to be backported to all stable branches this is not possible.
+
+NOTE: The only plugins affect by this are the ones that use the l3-agent.
+
+NOTE: **One should perform and audit of the ports that are already
+        attached to routers after applying this patch and remove ports
+        that a tenant may have cross plugged.**
+
+Closes-bug: #1243327
+
+Conflicts:
+    neutron/common/exceptions.py
+    neutron/db/db_base_plugin_v2.py
+
+Change-Id: I8bc6241f537d937e5729072dcc76871bf407cdb3
+---
+ neutron/common/exceptions.py         |  5 +++
+ neutron/db/db_base_plugin_v2.py      | 62 +++++++++++++++++++++++++++++++++++
+ neutron/tests/unit/test_l3_plugin.py | 63 +++++++++++++++++++++++++++++++++++-
+ 3 files changed, 129 insertions(+), 1 deletion(-)
+
+diff --git a/neutron/common/exceptions.py b/neutron/common/exceptions.py
+index 7b02647..88fa6e4 100644
+--- a/neutron/common/exceptions.py
++++ b/neutron/common/exceptions.py
+@@ -301,3 +301,8 @@ def __init__(self, **kwargs):
+ 
+ class NetworkVxlanPortRangeError(object):
+     message = _("Invalid network VXLAN port range: '%(vxlan_range)s'")
++
++
++class DeviceIDNotOwnedByTenant(Conflict):
++    message = _("The following device_id %(device_id)s is not owned by your "
++                "tenant or matches another tenants router.")
+diff --git a/neutron/db/db_base_plugin_v2.py b/neutron/db/db_base_plugin_v2.py
+index 2afbac5..872463f 100644
+--- a/neutron/db/db_base_plugin_v2.py
++++ b/neutron/db/db_base_plugin_v2.py
+@@ -27,14 +27,18 @@
+ from neutron.api.v2 import attributes
+ from neutron.common import constants
+ from neutron.common import exceptions as q_exc
++from neutron import context as ctx
+ from neutron.db import api as db
+ from neutron.db import models_v2
+ from neutron.db import sqlalchemyutils
++from neutron.extensions import l3
++from neutron import manager
+ from neutron import neutron_plugin_base_v2
+ from neutron.openstack.common import excutils
+ from neutron.openstack.common import log as logging
+ from neutron.openstack.common import timeutils
+ from neutron.openstack.common import uuidutils
++from neutron.plugins.common import constants as service_constants
+ 
+ 
+ LOG = logging.getLogger(__name__)
+@@ -1311,6 +1315,9 @@ def create_port(self, context, port):
+         # NOTE(jkoelker) Get the tenant_id outside of the session to avoid
+         #                unneeded db action if the operation raises
+         tenant_id = self._get_tenant_id_for_create(context, p)
++        if p.get('device_owner') == constants.DEVICE_OWNER_ROUTER_INTF:
++            self._enforce_device_owner_not_router_intf_or_device_id(context, p,
++                                                                    tenant_id)
+ 
+         with context.session.begin(subtransactions=True):
+             network = self._get_network(context, network_id)
+@@ -1374,6 +1381,23 @@ def update_port(self, context, id, port):
+         changed_ips = False
+         with context.session.begin(subtransactions=True):
+             port = self._get_port(context, id)
++            if 'device_owner' in p:
++                current_device_owner = p['device_owner']
++                changed_device_owner = True
++            else:
++                current_device_owner = port['device_owner']
++                changed_device_owner = False
++            if p.get('device_id') != port['device_id']:
++                changed_device_id = True
++
++            # if the current device_owner is ROUTER_INF and the device_id or
++            # device_owner changed check device_id is not another tenants
++            # router
++            if ((current_device_owner == constants.DEVICE_OWNER_ROUTER_INTF)
++                    and (changed_device_id or changed_device_owner)):
++                self._enforce_device_owner_not_router_intf_or_device_id(
++                    context, p, port['tenant_id'], port)
++
+             # Check if the IPs need to be updated
+             if 'fixed_ips' in p:
+                 changed_ips = True
+@@ -1483,3 +1507,41 @@ def get_ports(self, context, filters=None, fields=None,
+ 
+     def get_ports_count(self, context, filters=None):
+         return self._get_ports_query(context, filters).count()
++
++    def _enforce_device_owner_not_router_intf_or_device_id(self, context,
++                                                           port_request,
++                                                           tenant_id,
++                                                           db_port=None):
++        if not context.is_admin:
++            # find the device_id. If the call was update_port and the
++            # device_id was not passed in we use the device_id from the
++            # db.
++            device_id = port_request.get('device_id')
++            if not device_id and db_port:
++                device_id = db_port.get('device_id')
++            # check to make sure device_id does not match another tenants
++            # router.
++            if device_id:
++                if hasattr(self, 'get_router'):
++                    try:
++                        ctx_admin = ctx.get_admin_context()
++                        router = self.get_router(ctx_admin, device_id)
++                    except l3.RouterNotFound:
++                        return
++                else:
++                    l3plugin = (
++                        manager.NeutronManager.get_service_plugins().get(
++                            service_constants.L3_ROUTER_NAT))
++                    if l3plugin:
++                        try:
++                            ctx_admin = ctx.get_admin_context()
++                            router = l3plugin.get_router(ctx_admin,
++                                                         device_id)
++                        except l3.RouterNotFound:
++                            return
++                    else:
++                        # raise as extension doesn't support L3 anyways.
++                        raise q_exc.DeviceIDNotOwnedByTenant(
++                            device_id=device_id)
++                if tenant_id != router['tenant_id']:
++                    raise q_exc.DeviceIDNotOwnedByTenant(device_id=device_id)
+diff --git a/neutron/tests/unit/test_l3_plugin.py b/neutron/tests/unit/test_l3_plugin.py
+index 4f75b57..9cc5cf9 100644
+--- a/neutron/tests/unit/test_l3_plugin.py
++++ b/neutron/tests/unit/test_l3_plugin.py
+@@ -379,7 +379,8 @@ def _remove_external_gateway_from_router(self, router_id, network_id,
+ 
+     def _router_interface_action(self, action, router_id, subnet_id, port_id,
+                                  expected_code=exc.HTTPOk.code,
+-                                 expected_body=None):
++                                 expected_body=None,
++                                 tenant_id=None):
+         interface_data = {}
+         if subnet_id:
+             interface_data.update({'subnet_id': subnet_id})
+@@ -388,6 +389,10 @@ def _router_interface_action(self, action, router_id, subnet_id, port_id,
+ 
+         req = self.new_action_request('routers', interface_data, router_id,
+                                       "%s_router_interface" % action)
++        # if tenant_id was specified, create a tenant context for this request
++        if tenant_id:
++            req.environ['neutron.context'] = context.Context(
++                '', tenant_id)
+         res = req.get_response(self.ext_api)
+         self.assertEqual(res.status_int, expected_code)
+         response = self.deserialize(self.fmt, res)
+@@ -968,6 +973,62 @@ def test_router_add_gateway_tenant_ctx(self):
+                 gw_info = body['router']['external_gateway_info']
+                 self.assertEqual(gw_info, None)
+ 
++    def test_create_router_port_with_device_id_of_other_teants_router(self):
++        with self.router() as admin_router:
++            with self.network(tenant_id='tenant_a',
++                              set_context=True) as n:
++                with self.subnet(network=n):
++                    self._create_port(
++                        self.fmt, n['network']['id'],
++                        tenant_id='tenant_a',
++                        device_id=admin_router['router']['id'],
++                        device_owner='network:router_interface',
++                        set_context=True,
++                        expected_res_status=exc.HTTPConflict.code)
++
++    def test_create_non_router_port_device_id_of_other_teants_router_update(
++        self):
++        # This tests that HTTPConflict is raised if we create a non-router
++        # port that matches the device_id of another tenants router and then
++        # we change the device_owner to be network:router_interface.
++        with self.router() as admin_router:
++            with self.network(tenant_id='tenant_a',
++                              set_context=True) as n:
++                with self.subnet(network=n):
++                    port_res = self._create_port(
++                        self.fmt, n['network']['id'],
++                        tenant_id='tenant_a',
++                        device_id=admin_router['router']['id'],
++                        set_context=True)
++                    port = self.deserialize(self.fmt, port_res)
++                    neutron_context = context.Context('', 'tenant_a')
++                    data = {'port': {'device_owner':
++                                     'network:router_interface'}}
++                    self._update('ports', port['port']['id'], data,
++                                 neutron_context=neutron_context,
++                                 expected_code=exc.HTTPConflict.code)
++                    self._delete('ports', port['port']['id'])
++
++    def test_update_port_device_id_to_different_tenants_router(self):
++        with self.router() as admin_router:
++            with self.router(tenant_id='tenant_a',
++                             set_context=True) as tenant_router:
++                with self.network(tenant_id='tenant_a',
++                                  set_context=True) as n:
++                    with self.subnet(network=n) as s:
++                        port = self._router_interface_action(
++                            'add', tenant_router['router']['id'],
++                            s['subnet']['id'], None, tenant_id='tenant_a')
++                        neutron_context = context.Context('', 'tenant_a')
++                        data = {'port':
++                                {'device_id': admin_router['router']['id']}}
++                        self._update('ports', port['port_id'], data,
++                                     neutron_context=neutron_context,
++                                     expected_code=exc.HTTPConflict.code)
++                        self._router_interface_action(
++                            'remove', tenant_router['router']['id'],
++                            s['subnet']['id'], None, tenant_id='tenant_a')
++
+     def test_router_add_gateway_invalid_network_returns_404(self):
+         with self.router() as r:
+             self._add_external_gateway_to_router(
+-- 
+1.8.5.5
+
diff --git a/sys-cluster/neutron/neutron-2013.2.2.ebuild b/sys-cluster/neutron/neutron-2013.2.2-r1.ebuild
index dca0a0a47d19..f6d2eb3c9dbd 100644
--- a/sys-cluster/neutron/neutron-2013.2.2.ebuild
+++ b/sys-cluster/neutron/neutron-2013.2.2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/neutron-2013.2.2.ebuild,v 1.1 2014/02/20 21:10:50 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/neutron/neutron-2013.2.2-r1.ebuild,v 1.1 2014/03/27 22:34:02 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -76,7 +76,8 @@ RDEPEND="dev-python/paste[${PYTHON_USEDEP}]
 		dhcp? ( net-dns/dnsmasq[dhcp-tools] )"
 
 PATCHES=( "${FILESDIR}/sphinx_mapping.patch"
-		"${FILESDIR}/nicira.patch" )
+		"${FILESDIR}/nicira.patch"
+		"${FILESDIR}/2013.2.2-CVE-2014-0056.patch" )
 
 pkg_setup() {
 	enewgroup neutron
author	Matt Thode <prometheanfire@gentoo.org>	2014-03-27 22:34:15 +0000
committer	Matt Thode <prometheanfire@gentoo.org>	2014-03-27 22:34:15 +0000
commit	3c22934d739e9c97277090a528a15d15f6f332f1 (patch)
tree	707b56a9119d3a627a10e18cdb1abad71b74e851 /sys-cluster
parent	Version bump (diff)
download	historical-3c22934d739e9c97277090a528a15d15f6f332f1.tar.gz historical-3c22934d739e9c97277090a528a15d15f6f332f1.tar.bz2 historical-3c22934d739e9c97277090a528a15d15f6f332f1.zip