[gentoo-commits] repo/gentoo:master commit in: sys-cluster/neutron/, sys-cluster/neutron/files/
commit: a799b22ff524b58d7fd16be5853bc906611c1a04 Author: Matthew Thode gentoo org> AuthorDate: Sun Jan 28 03:46:36 2018 + Commit: Matt Thode gentoo org> CommitDate: Sun Jan 28 04:13:03 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a799b22f sys-cluster/neutron: remove ocata Package-Manager: Portage-2.3.19, Repoman-2.3.6 sys-cluster/neutron/Manifest | 5 - sys-cluster/neutron/files/neutron.initd| 13 +- sys-cluster/neutron/files/neutron.initd-2 | 17 -- sys-cluster/neutron/neutron-10.0.4.ebuild | 237 sys-cluster/neutron/neutron-11.0.2.ebuild | 16 +- sys-cluster/neutron/neutron-2017.1..ebuild | 238 - sys-cluster/neutron/neutron-2017.2..ebuild | 16 +- 7 files changed, 21 insertions(+), 521 deletions(-) diff --git a/sys-cluster/neutron/Manifest b/sys-cluster/neutron/Manifest index c1f6082d504..816c282aab8 100644 --- a/sys-cluster/neutron/Manifest +++ b/sys-cluster/neutron/Manifest @@ -1,10 +1,5 @@ -DIST neutron-10.0.4.tar.gz 3124422 BLAKE2B 76dc1f5f6031cb98e4e03bfd91a3f2ee5512566306ff48f8bcd2f21d6d21b308418f746e8d01185adfb049f8d06f03e149d60595977052f92b593baf0e04dbaf SHA512 f85949ac08728b6338cf58abfaf2c9e67882d49fefa16104580c73aaea3f0634602712583e88248f261fd3b0c8690172e4a72f550bd159cacf732440274cc844 DIST neutron-11.0.2.tar.gz 10481255 BLAKE2B 3e2ca3e7e24f21d92823b3d2e44d3fabe17d40cac493797a960b7c20fd906f3bd8ca946ca0729f8e03079f6615e2094f9228a01c2fc1e79ab2cf63bd2a8a5b36 SHA512 ba86e6448d0ae6e95dd4caa41888ee3d4ceeb4353b655b20912871e05cc2440f7d54bef7b119e1cec98da8fe3b9f22966ca8ad05dc3a5931b66b776bef9240cf -DIST neutron-configs-10.0.4.tar.gz 25094 BLAKE2B 879b3178f6688d04b62843889ce97d8d99eed311d2401119ad9ca526ff8a3166decfbd94b523ce46587c0bcf146d7f433051d4c55719257ba6d88aacf6a71d46 SHA512 40ab9f2f4ea338c061c57d9aa5611ee3f3476ab8f5199ac50577f94fec032ccd27028bd072d9d9d0cc9f12327613e542b4d62a0403540730f9d6efbc4992a00d DIST neutron-configs-11.0.2.tar.gz 25030 BLAKE2B 6ca7507571983cdf576cb943bb2981623351c3de4220ccf990ba478147bcbaea06f4d5218ba6ad65c98f2a0c60c820be03429e8a22a624cf10339b80fcf17bbd SHA512 d82abfcfe5c911dc8a0689e23aaad810bb3aacaf64bd35439220f41390a71958e7cd34e60500580c24ea9e8b55a6fb0441ce4e5612fad9aba2e48d6f14d4d87a -DIST neutron-configs-2017.1..tar.gz 25094 BLAKE2B 879b3178f6688d04b62843889ce97d8d99eed311d2401119ad9ca526ff8a3166decfbd94b523ce46587c0bcf146d7f433051d4c55719257ba6d88aacf6a71d46 SHA512 40ab9f2f4ea338c061c57d9aa5611ee3f3476ab8f5199ac50577f94fec032ccd27028bd072d9d9d0cc9f12327613e542b4d62a0403540730f9d6efbc4992a00d DIST neutron-configs-2017.2..tar.gz 25030 BLAKE2B 6ca7507571983cdf576cb943bb2981623351c3de4220ccf990ba478147bcbaea06f4d5218ba6ad65c98f2a0c60c820be03429e8a22a624cf10339b80fcf17bbd SHA512 d82abfcfe5c911dc8a0689e23aaad810bb3aacaf64bd35439220f41390a71958e7cd34e60500580c24ea9e8b55a6fb0441ce4e5612fad9aba2e48d6f14d4d87a -DIST neutron-ml2-plugins-10.0.4.tar.gz 6811 BLAKE2B c6ee0b9f03d9af349da8bdbcc3b9b55b8ca72ec5fd8326ac91879b5f0523d8d0787e5b36ece88c6ed812c94d33eb853dd3c28958f8685a9dc8a51581bc7443e1 SHA512 51c01eab8f424b871f55b7dc45bbae6300d477e8bc7be4587c4945f75a4fc65f622ed69dbfe0c63db7fced2118987730204d259bce53e353a6b4d24df89dadcb DIST neutron-ml2-plugins-11.0.2.tar.gz 6885 BLAKE2B c953d7222932d09c545dcfe01923f77cbc9e76157f78e5cb85a8e3bb03c8f3b4ab2bcc7eb2fc213578f71cf70543c4182c98bc6e5947fc1a0cbffe3d845bce20 SHA512 e5acaed2fc370e99c9c8b54040cdc994cd35bfbd3d74682d3c03c381568c89b316a6a87356aa6ae538a19c2ae83b6b3c512095afcc778525c2885b9b6bef04bd -DIST neutron-ml2-plugins-2017.1..tar.gz 6811 BLAKE2B c6ee0b9f03d9af349da8bdbcc3b9b55b8ca72ec5fd8326ac91879b5f0523d8d0787e5b36ece88c6ed812c94d33eb853dd3c28958f8685a9dc8a51581bc7443e1 SHA512 51c01eab8f424b871f55b7dc45bbae6300d477e8bc7be4587c4945f75a4fc65f622ed69dbfe0c63db7fced2118987730204d259bce53e353a6b4d24df89dadcb DIST neutron-ml2-plugins-2017.2..tar.gz 6885 BLAKE2B c953d7222932d09c545dcfe01923f77cbc9e76157f78e5cb85a8e3bb03c8f3b4ab2bcc7eb2fc213578f71cf70543c4182c98bc6e5947fc1a0cbffe3d845bce20 SHA512 e5acaed2fc370e99c9c8b54040cdc994cd35bfbd3d74682d3c03c381568c89b316a6a87356aa6ae538a19c2ae83b6b3c512095afcc778525c2885b9b6bef04bd diff --git a/sys-cluster/neutron/files/neutron.initd b/sys-cluster/neutron/files/neutron.initd index 803ccb58f70..26bf768ddff 100644 --- a/sys-cluster/neutron/files/neutron.initd +++ b/sys-cluster/neutron/files/neutron.initd @@ -1,20 +1,17 @@ #!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 description="Starts ${SVCNAME} service for OpenStack" command=/usr/bin/"${SVCNAME}" command_background=yes -pidfile=/var/run/neutron/"${SVCNAME}".pid +command_user="${NEUTRON_USER:-neutron}" +pidfile=/run/"${SVCNAME}".pid required_files=(${NEUTRON_CONFS[@]:-/etc/neutron/neutron.conf})
[gentoo-commits] repo/gentoo:master commit in: sys-cluster/neutron/, sys-cluster/neutron/files/
commit: 0f4820951af6654ccaa79d9298b6c1c99028e1e1 Author: Matthew Thode gentoo org> AuthorDate: Thu Oct 6 18:33:21 2016 + Commit: Matt Thode gentoo org> CommitDate: Thu Oct 6 18:34:47 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f482095 sys-cluster/neutron: cleanup Package-Manager: portage-2.3.0 sys-cluster/neutron/files/neutron-linuxbridge-agent.confd | 2 +- sys-cluster/neutron/files/neutron-linuxbridge-agent.confd.liberty | 1 - sys-cluster/neutron/files/neutron-ovs-cleanup.confd | 1 - sys-cluster/neutron/neutron-2016.1..ebuild| 2 +- sys-cluster/neutron/neutron-2016.2..ebuild| 2 +- sys-cluster/neutron/neutron-8.2.0.ebuild | 2 +- sys-cluster/neutron/neutron-9.0.0.ebuild | 2 +- 7 files changed, 5 insertions(+), 7 deletions(-) diff --git a/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd b/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd index fdd4ed4..9a2d52c 100644 --- a/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd +++ b/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd @@ -1 +1 @@ -NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/plugins/ml2/ml2_conf.ini" "/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini") +NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/plugins/ml2/ml2_conf.ini" "/etc/neutron/plugins/ml2/linuxbridge_agent.ini") diff --git a/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd.liberty b/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd.liberty deleted file mode 100644 index 9a2d52c.. --- a/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd.liberty +++ /dev/null @@ -1 +0,0 @@ -NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/plugins/ml2/ml2_conf.ini" "/etc/neutron/plugins/ml2/linuxbridge_agent.ini") diff --git a/sys-cluster/neutron/files/neutron-ovs-cleanup.confd b/sys-cluster/neutron/files/neutron-ovs-cleanup.confd deleted file mode 100644 index eba422c.. --- a/sys-cluster/neutron/files/neutron-ovs-cleanup.confd +++ /dev/null @@ -1 +0,0 @@ -NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini") diff --git a/sys-cluster/neutron/neutron-2016.1..ebuild b/sys-cluster/neutron/neutron-2016.1..ebuild index e0eda23..bff65d2 100644 --- a/sys-cluster/neutron/neutron-2016.1..ebuild +++ b/sys-cluster/neutron/neutron-2016.1..ebuild @@ -167,7 +167,7 @@ python_install() { fi if use linuxbridge; then newinitd "${FILESDIR}/neutron.initd" "neutron-linuxbridge-agent" - newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd.liberty" "neutron-linuxbridge-agent" + newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd" "neutron-linuxbridge-agent" fi diropts -m 755 -o neutron -g neutron dodir /var/log/neutron /var/lib/neutron diff --git a/sys-cluster/neutron/neutron-2016.2..ebuild b/sys-cluster/neutron/neutron-2016.2..ebuild index 1a66a80..726e0f2 100644 --- a/sys-cluster/neutron/neutron-2016.2..ebuild +++ b/sys-cluster/neutron/neutron-2016.2..ebuild @@ -180,7 +180,7 @@ python_install() { fi if use linuxbridge; then newinitd "${FILESDIR}/neutron.initd" "neutron-linuxbridge-agent" - newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd.liberty" "neutron-linuxbridge-agent" + newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd" "neutron-linuxbridge-agent" fi diropts -m 755 -o neutron -g neutron dodir /var/log/neutron /var/lib/neutron diff --git a/sys-cluster/neutron/neutron-8.2.0.ebuild b/sys-cluster/neutron/neutron-8.2.0.ebuild index 943ebb5..a8d6d24 100644 --- a/sys-cluster/neutron/neutron-8.2.0.ebuild +++ b/sys-cluster/neutron/neutron-8.2.0.ebuild @@ -166,7 +166,7 @@ python_install() { fi if use linuxbridge; then newinitd "${FILESDIR}/neutron.initd" "neutron-linuxbridge-agent" - newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd.liberty" "neutron-linuxbridge-agent" + newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd" "neutron-linuxbridge-agent" fi diropts -m 755 -o neutron -g neutron dodir /var/log/neutron /var/lib/neutron diff --git a/sys-cluster/neutron/neutron-9.0.0.ebuild b/sys-cluster/neutron/neutron-9.0.0.ebuild index 5928506..c77faa3 100644 --- a/sys-cluster/neutron/neutron-9.0.0.ebuild +++ b/sys-cluster/neutron/neutron-9.0.0.ebuild @@ -179,7 +179,7 @@ python_install() { fi if use linuxbridge; then newinitd "${FILESDIR}/neutron.initd" "neutron-linuxbridge-agent" - newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd.liberty" "neutron-linuxbridge-agent" + newconfd
[gentoo-commits] repo/gentoo:master commit in: sys-cluster/neutron/, sys-cluster/neutron/files/
commit: 71beb2a9050f7ef521d53d9cbb544a8f89192d44 Author: Matthew Thode gentoo org> AuthorDate: Wed Feb 10 01:09:52 2016 + Commit: Matt Thode gentoo org> CommitDate: Wed Feb 10 01:09:52 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71beb2a9 sys-cluster/neutron: cleanup Package-Manager: portage-2.2.26 .../neutron/files/CVE-2015-5240_2015.1.1.patch | 155 - sys-cluster/neutron/neutron-2015.1..ebuild | 252 - 2 files changed, 407 deletions(-) diff --git a/sys-cluster/neutron/files/CVE-2015-5240_2015.1.1.patch b/sys-cluster/neutron/files/CVE-2015-5240_2015.1.1.patch deleted file mode 100644 index ccb2a66..000 --- a/sys-cluster/neutron/files/CVE-2015-5240_2015.1.1.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 8138e2fe38ad2cde5963685df47b1e4286776352 Mon Sep 17 00:00:00 2001 -From: Kevin Benton-Date: Tue, 25 Aug 2015 22:03:27 -0700 -Subject: [PATCH] Stop device_owner from being set to 'network:*' - -This patch adjusts the FieldCheck class in the policy engine to -allow a regex rule. It then leverages that to prevent users from -setting the device_owner field to anything that starts with -'network:' on networks which they do not own. - -This policy adjustment is necessary because any ports with a -device_owner that starts with 'network:' will not have any security -group rules applied because it is assumed they are trusted network -devices (e.g. router ports, DHCP ports, etc). These security rules -include the anti-spoofing protection for DHCP, IPv6 ICMP messages, -and IP headers. - -Without this policy adjustment, tenants can abuse this trust when -connected to a shared network with other tenants by setting their -VM port's device_owner field to 'network:' and hijack other -tenants' traffic via DHCP spoofing or MAC/IP spoofing. - -Closes-Bug: #1489111 -Change-Id: Ia64cf16142e0e4be44b5b0ed72c8e00792d770f9 -(cherry picked from commit 959a2f28cbbfc309381ea9ffb55090da6fb9c78f) - etc/policy.json | 3 +++ - neutron/api/v2/attributes.py | 2 +- - neutron/policy.py | 3 +++ - neutron/tests/etc/policy.json | 3 +++ - neutron/tests/unit/test_policy.py | 16 - 5 files changed, 26 insertions(+), 1 deletion(-) - -diff --git a/etc/policy.json b/etc/policy.json -index 8a5de9b..0f04eb2 100644 a/etc/policy.json -+++ b/etc/policy.json -@@ -46,7 +46,9 @@ - "update_network:router:external": "rule:admin_only", - "delete_network": "rule:admin_or_owner", - -+"network_device": "field:port:device_owner=~^network:", - "create_port": "", -+"create_port:device_owner": "not rule:network_device or rule:admin_or_network_owner or rule:context_is_advsvc", - "create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc", - "create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc", - "create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", -@@ -61,6 +63,7 @@ - "get_port:binding:host_id": "rule:admin_only", - "get_port:binding:profile": "rule:admin_only", - "update_port": "rule:admin_or_owner or rule:context_is_advsvc", -+"update_port:device_owner": "not rule:network_device or rule:admin_or_network_owner or rule:context_is_advsvc", - "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc", - "update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc", - "update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc", -diff --git a/neutron/api/v2/attributes.py b/neutron/api/v2/attributes.py -index b9c179a..9ceee78 100644 a/neutron/api/v2/attributes.py -+++ b/neutron/api/v2/attributes.py -@@ -766,7 +766,7 @@ RESOURCE_ATTRIBUTE_MAP = { - 'is_visible': True}, - 'device_owner': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': DEVICE_OWNER_MAX_LEN}, -- 'default': '', -+ 'default': '', 'enforce_policy': True, - 'is_visible': True}, - 'tenant_id': {'allow_post': True, 'allow_put': False, - 'validate': {'type:string': TENANT_ID_MAX_LEN}, -diff --git a/neutron/policy.py b/neutron/policy.py -index 9e586dd..961ae21 100644 a/neutron/policy.py -+++ b/neutron/policy.py -@@ -335,6 +335,7 @@ class FieldCheck(policy.Check): - - self.field = field - self.value = conv_func(value) -+self.regex = re.compile(value[1:]) if value.startswith('~') else None - - def __call__(self, target_dict, cred_dict, enforcer): - target_value = target_dict.get(self.field) -@@ -344,6 +345,8 @@ class FieldCheck(policy.Check): - "%(target_dict)s", - {'field': self.field, 'target_dict': target_dict}) - return False
[gentoo-commits] repo/gentoo:master commit in: sys-cluster/neutron/, sys-cluster/neutron/files/
commit: c7c1bdf3636478a9bba245d8df282f3a8dccf1d2 Author: Matthew Thode gentoo org> AuthorDate: Fri Oct 23 20:12:42 2015 + Commit: Matt Thode gentoo org> CommitDate: Fri Oct 23 20:14:33 2015 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7c1bdf3 updating conf.d for liberty sys-cluster/neutron/files/neutron-linuxbridge-agent.confd.liberty | 1 + sys-cluster/neutron/neutron-2015.2..ebuild| 2 +- sys-cluster/neutron/neutron-7.0.0.ebuild | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd.liberty b/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd.liberty new file mode 100644 index 000..9a2d52c --- /dev/null +++ b/sys-cluster/neutron/files/neutron-linuxbridge-agent.confd.liberty @@ -0,0 +1 @@ +NEUTRON_CONFS=("/etc/neutron/neutron.conf" "/etc/neutron/plugins/ml2/ml2_conf.ini" "/etc/neutron/plugins/ml2/linuxbridge_agent.ini") diff --git a/sys-cluster/neutron/neutron-2015.2..ebuild b/sys-cluster/neutron/neutron-2015.2..ebuild index c5cca91..29b2e16 100644 --- a/sys-cluster/neutron/neutron-2015.2..ebuild +++ b/sys-cluster/neutron/neutron-2015.2..ebuild @@ -239,7 +239,7 @@ python_install() { fi if use linuxbridge; then newinitd "${FILESDIR}/neutron.initd" "neutron-linuxbridge-agent" - newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd" "neutron-linuxbridge-agent" + newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd.liberty" "neutron-linuxbridge-agent" fi diropts -m 755 -o neutron -g neutron dodir /var/log/neutron /var/lib/neutron diff --git a/sys-cluster/neutron/neutron-7.0.0.ebuild b/sys-cluster/neutron/neutron-7.0.0.ebuild index 68bd9ab..c0dc8d0 100644 --- a/sys-cluster/neutron/neutron-7.0.0.ebuild +++ b/sys-cluster/neutron/neutron-7.0.0.ebuild @@ -238,7 +238,7 @@ python_install() { fi if use linuxbridge; then newinitd "${FILESDIR}/neutron.initd" "neutron-linuxbridge-agent" - newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd" "neutron-linuxbridge-agent" + newconfd "${FILESDIR}/neutron-linuxbridge-agent.confd.liberty" "neutron-linuxbridge-agent" fi diropts -m 755 -o neutron -g neutron dodir /var/log/neutron /var/lib/neutron