Hello community, here is the log from the commit of package openstack-nova for openSUSE:Factory checked in at 2013-02-22 16:56:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openstack-nova (Old) and /work/SRC/openSUSE:Factory/.openstack-nova.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-nova", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/openstack-nova/openstack-nova.changes 2013-02-08 07:13:08.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openstack-nova.new/openstack-nova.changes 2013-02-22 16:56:06.000000000 +0100 @@ -1,0 +2,10 @@ +Fri Feb 22 10:11:47 UTC 2013 - [email protected] + +- Update to version 2012.2.4+git.1361527907.d5e7f55: + + Avoid stuck task_state on snapshot image failure + + Add a safe_minidom_parse_string function. (CVE-2013-1664) + + Enable libvirt to work with NoopFirewallDriver + + Fix state sync logic related to the PAUSED VM state + + libvirt: Fix nova-compute start when missing ip. + +-------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-nova-doc.spec ++++++ --- /var/tmp/diff_new_pack.56wMIe/_old 2013-02-22 16:56:08.000000000 +0100 +++ /var/tmp/diff_new_pack.56wMIe/_new 2013-02-22 16:56:08.000000000 +0100 @@ -20,7 +20,7 @@ %define majorversion 2012.2.3 Name: openstack-%{component}-doc -Version: 2012.2.4+git.1360133953.e5d0f4b +Version: 2012.2.4+git.1361527907.d5e7f55 Release: 1 License: Apache-2.0 Summary: OpenStack Compute (Nova) - Documentation ++++++ openstack-nova.spec ++++++ --- /var/tmp/diff_new_pack.56wMIe/_old 2013-02-22 16:56:08.000000000 +0100 +++ /var/tmp/diff_new_pack.56wMIe/_new 2013-02-22 16:56:08.000000000 +0100 @@ -22,7 +22,7 @@ %define username openstack-%{component} Name: openstack-%{component} -Version: 2012.2.4+git.1360133953.e5d0f4b +Version: 2012.2.4+git.1361527907.d5e7f55 Release: 1 License: Apache-2.0 Summary: OpenStack Compute (Nova) ++++++ nova-stable-folsom.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/ChangeLog new/nova-2012.2.4/ChangeLog --- old/nova-2012.2.4/ChangeLog 2013-02-01 02:09:20.000000000 +0100 +++ new/nova-2012.2.4/ChangeLog 2013-02-21 20:52:29.000000000 +0100 @@ -1,3 +1,93 @@ +commit d5e7f5512435fe0ca264be28ef23fe2ebb449d1c +Author: Vishvananda Ishaya <[email protected]> +Date: Thu Feb 21 10:40:45 2013 -0800 + + libvirt: Fix nova-compute start when missing ip. + + If nova-compute is restarted when an instance has no ip address + the libvirt/vif:_get_configuration method will throw an index + error. Check for existance of an ip before attempting to retrieve + one. Includes failing test. + + Fixes bug 1131330 + + Change-Id: Id383544b44e64205fc3b4f850d0d11ad2ebd5da7 + + nova/tests/test_libvirt_vif.py | 28 ++++++++++++++++++++++++++-- + nova/virt/libvirt/vif.py | 3 ++- + 2 files changed, 28 insertions(+), 3 deletions(-) + +commit 7ac3fe143ca35493b7a0247dafe0693cf1d6a376 +Merge: 15b2734 7ace55f +Author: Jenkins <[email protected]> +Date: Thu Feb 21 15:55:53 2013 +0000 + + Merge "Fix state sync logic related to the PAUSED VM state" into stable/folsom + +commit 15b2734d80168bd098c0113258b41917585df776 +Merge: 8836869 ecd98d2 +Author: Jenkins <[email protected]> +Date: Thu Feb 21 11:53:11 2013 +0000 + + Merge "Enable libvirt to work with NoopFirewallDriver" into stable/folsom + +commit 883686946c4e7847032345723bc485114b46c79a +Merge: 7de7108 2ae74f8 +Author: Jenkins <[email protected]> +Date: Wed Feb 20 00:39:01 2013 +0000 + + Merge "Add a safe_minidom_parse_string function." into stable/folsom + +commit ecd98d2555e2bf606e9078fcf4bd38f95abaaa69 +Author: Gary Kotton <[email protected]> +Date: Sun Feb 17 14:30:01 2013 +0000 + + Enable libvirt to work with NoopFirewallDriver + + Fixes bug 1050433 + + Change-Id: I49613c7d1e6b14411dcdc342366e163a21673f78 + + nova/virt/libvirt/vif.py | 36 +++++++++++++++++++----------------- + 1 file changed, 19 insertions(+), 17 deletions(-) + +commit 7de7108a0fbe69236036d08857f8e4f90637ad21 +Merge: e5d0f4b 21d5e90 +Author: Jenkins <[email protected]> +Date: Mon Feb 11 09:26:39 2013 +0000 + + Merge "Avoid stuck task_state on snapshot image failure" into stable/folsom + +commit 2ae74f8222058e475350458ca0c820adb910582c +Author: Dan Prince <[email protected]> +Date: Sat Feb 2 11:34:25 2013 -0500 + + Add a safe_minidom_parse_string function. + + Adds a new utils.safe_minidom_parse_string function and + updates external API facing Nova modules to use it. + This ensures we have safe defaults on our incoming API XML parsing. + + Internally safe_minidom_parse_string uses a ProtectedExpatParser + class to disable DTDs and entities from being parsed when using + minidom. + + Fixes LP Bug #1100282 for Folsom. + + Change-Id: I6a4051b5e66f3ce5a330b2589c42e6e9e5b9268e + + nova/api/openstack/common.py | 10 ++--- + nova/api/openstack/compute/contrib/hosts.py | 4 +- + .../openstack/compute/contrib/security_groups.py | 7 ++-- + nova/api/openstack/compute/contrib/volumes.py | 3 +- + nova/api/openstack/compute/servers.py | 5 +-- + .../api/openstack/volume/contrib/volume_actions.py | 4 +- + nova/api/openstack/volume/volumes.py | 3 +- + nova/api/openstack/wsgi.py | 13 +++--- + nova/tests/test_utils.py | 33 +++++++++++++++ + nova/utils.py | 44 ++++++++++++++++++++ + 10 files changed, 100 insertions(+), 26 deletions(-) + commit e5d0f4b95cae7b83233a517c083cfc0855b8f722 Author: Mark McLoughlin <[email protected]> Date: Thu Jan 31 21:32:07 2013 +0000 @@ -48,6 +138,31 @@ Merge "Fix to include error message in instance faults" into stable/folsom +commit 21d5e907575a2042f1d0daaa9658a8758f619a1c +Author: Eoghan Glynn <[email protected]> +Date: Fri Jan 25 15:47:33 2013 +0000 + + Avoid stuck task_state on snapshot image failure + + Fixes bug LP 1101136 + + Previously if the glance interaction failed prior to an + instance being snapshot'd or backed up, the task state + remained stuck at image_snapshot/backup. + + The normal task state reversion logic did not kick in, + as this is limited to the compute layer, whereas the + intial glance interaction occurs within the API layer. + + Now, we avoid this problem by delaying setting the task + state until the initial image creation has completed. + + Change-Id: Id498ae6b3674306743013e4fe99837da8e2031b5 + + nova/compute/api.py | 23 +++++++++++---------- + nova/tests/compute/test_compute.py | 40 ++++++++++++++++++++++++++++++++++++ + 2 files changed, 52 insertions(+), 11 deletions(-) + commit f6081d01878f0021a499f304c511b6e1e9c8f138 Merge: 1709c8e 5a66812 Author: Jenkins <[email protected]> @@ -62,6 +177,26 @@ Merge "remove session parameter from fixed_ip_get" into stable/folsom +commit 7ace55fcf9e1b7fea074f6c0331b6feafbbc4178 +Author: Yun Mao <[email protected]> +Date: Fri Jan 11 11:59:23 2013 -0500 + + Fix state sync logic related to the PAUSED VM state + + A VM may get into the paused state not only because the user request + via API calls, but also due to (temporary) external instrumentations. + Before the virt layer can reliably report the reason, we simply ignore + the state discrepancy. In many cases, the VM state will go back to + running after the external instrumentation is done. + + Fix bug 1097806. + + Change-Id: I8edef45d60fa79d6ddebf7d0438042a7b3986b55 + (cherry picked from commit f7fbdeb5672bae7d3bffd6fa76de1ce81fc132bf) + + nova/compute/manager.py | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + commit 03c3e9b0674623c2617cb4dc98f9dd9fbddfa0ca Merge: cf67f3b 03200fe Author: Jenkins <[email protected]> @@ -91640,7 +91775,7 @@ merged with 1383 commit 10ab2e76b1ea8bbbb6bff4ccaf506bfdd5b57388 -Merge: f1f86d2 dcac4bc +Merge: f1f86d22 dcac4bc Author: Ed Leafe <[email protected]> Date: Mon Aug 8 14:07:03 2011 +0000 @@ -127754,7 +127889,7 @@ - add testing for the openstack api versions resource and create a view builder commit 52da63c50cf248abb0753c675d5b96c0cbe0e842 -Merge: 596e0b3 dab4c0f +Merge: 596e0b37 dab4c0f Author: Brian Waldon <[email protected]> Date: Fri Mar 25 11:01:51 2011 -0400 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/common.py new/nova-2012.2.4/nova/api/openstack/common.py --- old/nova-2012.2.4/nova/api/openstack/common.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/common.py 2013-02-21 20:47:14.000000000 +0100 @@ -21,7 +21,6 @@ import urlparse import webob -from xml.dom import minidom from nova.api.openstack import wsgi from nova.api.openstack import xmlutil @@ -32,6 +31,7 @@ from nova import flags from nova.openstack.common import log as logging from nova import quota +from nova import utils LOG = logging.getLogger(__name__) @@ -341,7 +341,7 @@ class MetadataDeserializer(wsgi.MetadataXMLDeserializer): def deserialize(self, text): - dom = minidom.parseString(text) + dom = utils.safe_minidom_parse_string(text) metadata_node = self.find_first_child_named(dom, "metadata") metadata = self.extract_metadata(metadata_node) return {'body': {'metadata': metadata}} @@ -349,7 +349,7 @@ class MetaItemDeserializer(wsgi.MetadataXMLDeserializer): def deserialize(self, text): - dom = minidom.parseString(text) + dom = utils.safe_minidom_parse_string(text) metadata_item = self.extract_metadata(dom) return {'body': {'meta': metadata_item}} @@ -367,7 +367,7 @@ return metadata def _extract_metadata_container(self, datastring): - dom = minidom.parseString(datastring) + dom = utils.safe_minidom_parse_string(datastring) metadata_node = self.find_first_child_named(dom, "metadata") metadata = self.extract_metadata(metadata_node) return {'body': {'metadata': metadata}} @@ -379,7 +379,7 @@ return self._extract_metadata_container(datastring) def update(self, datastring): - dom = minidom.parseString(datastring) + dom = utils.safe_minidom_parse_string(datastring) metadata_item = self.extract_metadata(dom) return {'body': {'meta': metadata_item}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/compute/contrib/hosts.py new/nova-2012.2.4/nova/api/openstack/compute/contrib/hosts.py --- old/nova-2012.2.4/nova/api/openstack/compute/contrib/hosts.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/compute/contrib/hosts.py 2013-02-21 20:47:14.000000000 +0100 @@ -16,7 +16,6 @@ """The hosts admin extension.""" import webob.exc -from xml.dom import minidom from xml.parsers import expat from nova.api.openstack import extensions @@ -27,6 +26,7 @@ from nova import exception from nova import flags from nova.openstack.common import log as logging +from nova import utils LOG = logging.getLogger(__name__) @@ -80,7 +80,7 @@ class HostDeserializer(wsgi.XMLDeserializer): def default(self, string): try: - node = minidom.parseString(string) + node = utils.safe_minidom_parse_string(string) except expat.ExpatError: msg = _("cannot understand XML") raise exception.MalformedRequestBody(reason=msg) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/compute/contrib/security_groups.py new/nova-2012.2.4/nova/api/openstack/compute/contrib/security_groups.py --- old/nova-2012.2.4/nova/api/openstack/compute/contrib/security_groups.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/compute/contrib/security_groups.py 2013-02-21 20:47:14.000000000 +0100 @@ -16,8 +16,6 @@ """The security groups extension.""" -from xml.dom import minidom - import webob from webob import exc @@ -30,6 +28,7 @@ from nova import exception from nova import flags from nova.openstack.common import log as logging +from nova import utils LOG = logging.getLogger(__name__) @@ -110,7 +109,7 @@ """ def default(self, string): """Deserialize an xml-formatted security group create request""" - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) security_group = {} sg_node = self.find_first_child_named(dom, 'security_group') @@ -131,7 +130,7 @@ def default(self, string): """Deserialize an xml-formatted security group create request""" - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) security_group_rule = self._extract_security_group_rule(dom) return {'body': {'security_group_rule': security_group_rule}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/compute/contrib/volumes.py new/nova-2012.2.4/nova/api/openstack/compute/contrib/volumes.py --- old/nova-2012.2.4/nova/api/openstack/compute/contrib/volumes.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/compute/contrib/volumes.py 2013-02-21 20:47:14.000000000 +0100 @@ -17,7 +17,6 @@ import webob from webob import exc -from xml.dom import minidom from nova.api.openstack import common from nova.api.openstack import extensions @@ -155,7 +154,7 @@ def default(self, string): """Deserialize an xml-formatted volume create request.""" - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) volume = self._extract_volume(dom) return {'body': {'volume': volume}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/compute/servers.py new/nova-2012.2.4/nova/api/openstack/compute/servers.py --- old/nova-2012.2.4/nova/api/openstack/compute/servers.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/compute/servers.py 2013-02-21 20:47:14.000000000 +0100 @@ -21,7 +21,6 @@ import webob from webob import exc -from xml.dom import minidom from nova.api.openstack import common from nova.api.openstack.compute import ips @@ -297,7 +296,7 @@ """ def default(self, string): - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) action_node = dom.childNodes[0] action_name = action_node.tagName @@ -404,7 +403,7 @@ def default(self, string): """Deserialize an xml-formatted server create request.""" - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) server = self._extract_server(dom) return {'body': {'server': server}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/volume/contrib/volume_actions.py new/nova-2012.2.4/nova/api/openstack/volume/contrib/volume_actions.py --- old/nova-2012.2.4/nova/api/openstack/volume/contrib/volume_actions.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/volume/contrib/volume_actions.py 2013-02-21 20:47:14.000000000 +0100 @@ -13,7 +13,6 @@ # under the License. import webob -from xml.dom import minidom from nova.api.openstack import extensions from nova.api.openstack import wsgi @@ -22,6 +21,7 @@ from nova import flags from nova.openstack.common import log as logging from nova.openstack.common.rpc import common as rpc_common +from nova import utils from nova import volume @@ -54,7 +54,7 @@ class VolumeToImageDeserializer(wsgi.XMLDeserializer): """Deserializer to handle xml-formatted requests""" def default(self, string): - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) action_node = dom.childNodes[0] action_name = action_node.tagName diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/volume/volumes.py new/nova-2012.2.4/nova/api/openstack/volume/volumes.py --- old/nova-2012.2.4/nova/api/openstack/volume/volumes.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/volume/volumes.py 2013-02-21 20:47:14.000000000 +0100 @@ -17,7 +17,6 @@ import webob from webob import exc -from xml.dom import minidom from nova.api.openstack import common from nova.api.openstack import wsgi @@ -191,7 +190,7 @@ def default(self, string): """Deserialize an xml-formatted volume create request.""" - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) volume = self._extract_volume(dom) return {'body': {'volume': volume}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/api/openstack/wsgi.py new/nova-2012.2.4/nova/api/openstack/wsgi.py --- old/nova-2012.2.4/nova/api/openstack/wsgi.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/api/openstack/wsgi.py 2013-02-21 20:47:14.000000000 +0100 @@ -27,6 +27,7 @@ from nova import exception from nova.openstack.common import jsonutils from nova.openstack.common import log as logging +from nova import utils from nova import wsgi @@ -217,7 +218,7 @@ plurals = set(self.metadata.get('plurals', {})) try: - node = minidom.parseString(datastring).childNodes[0] + node = utils.safe_minidom_parse_string(datastring).childNodes[0] return {node.nodeName: self._from_xml_node(node, plurals)} except expat.ExpatError: msg = _("cannot understand XML") @@ -268,11 +269,11 @@ def extract_text(self, node): """Get the text field contained by the given node""" - if len(node.childNodes) == 1: - child = node.childNodes[0] + ret_val = "" + for child in node.childNodes: if child.nodeType == child.TEXT_NODE: - return child.nodeValue - return "" + ret_val += child.nodeValue + return ret_val def extract_elements(self, node): """Get only Element type childs from node""" @@ -631,7 +632,7 @@ def action_peek_xml(body): """Determine action to invoke.""" - dom = minidom.parseString(body) + dom = utils.safe_minidom_parse_string(body) action_node = dom.childNodes[0] return action_node.tagName diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/compute/api.py new/nova-2012.2.4/nova/compute/api.py --- old/nova-2012.2.4/nova/compute/api.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/compute/api.py 2013-02-21 20:47:14.000000000 +0100 @@ -1260,17 +1260,6 @@ else: raise Exception(_('Image type not recognized %s') % image_type) - # change instance state and notify - old_vm_state = instance["vm_state"] - old_task_state = instance["task_state"] - - self.db.instance_test_and_set( - context, instance_uuid, 'task_state', [None], task_state) - - notifications.send_update_with_states(context, instance, old_vm_state, - instance["vm_state"], old_task_state, instance["task_state"], - service="api", verify_states=True) - properties = { 'instance_uuid': instance_uuid, 'user_id': str(context.user_id), @@ -1301,6 +1290,18 @@ sent_meta['properties'] = properties recv_meta = self.image_service.create(context, sent_meta) + + # change instance state and notify + old_vm_state = instance["vm_state"] + old_task_state = instance["task_state"] + + self.db.instance_test_and_set( + context, instance_uuid, 'task_state', [None], task_state) + + notifications.send_update_with_states(context, instance, old_vm_state, + instance["vm_state"], old_task_state, instance["task_state"], + service="api", verify_states=True) + self.compute_rpcapi.snapshot_instance(context, instance=instance, image_id=recv_meta['id'], image_type=image_type, backup_type=backup_type, rotation=rotation) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/compute/manager.py new/nova-2012.2.4/nova/compute/manager.py --- old/nova-2012.2.4/nova/compute/manager.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/compute/manager.py 2013-02-21 20:47:22.000000000 +0100 @@ -2755,10 +2755,8 @@ LOG.exception(_("error during stop() in " "sync_power_state."), instance=db_instance) - elif vm_power_state in (power_state.PAUSED, - power_state.SUSPENDED): - LOG.warn(_("Instance is paused or suspended " - "unexpectedly. Calling " + elif vm_power_state == power_state.SUSPENDED: + LOG.warn(_("Instance is suspended unexpectedly. Calling " "the stop API."), instance=db_instance) try: self.compute_api.stop(context, db_instance) @@ -2766,6 +2764,16 @@ LOG.exception(_("error during stop() in " "sync_power_state."), instance=db_instance) + elif vm_power_state == power_state.PAUSED: + # Note(maoy): a VM may get into the paused state not only + # because the user request via API calls, but also + # due to (temporary) external instrumentations. + # Before the virt layer can reliably report the reason, + # we simply ignore the state discrepancy. In many cases, + # the VM state will go back to running after the external + # instrumentation is done. See bug 1097806 for details. + LOG.warn(_("Instance is paused unexpectedly. Ignore."), + instance=db_instance) elif vm_state == vm_states.STOPPED: if vm_power_state not in (power_state.NOSTATE, power_state.SHUTDOWN, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/tests/compute/test_compute.py new/nova-2012.2.4/nova/tests/compute/test_compute.py --- old/nova-2012.2.4/nova/tests/compute/test_compute.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/tests/compute/test_compute.py 2013-02-21 20:47:15.000000000 +0100 @@ -3639,6 +3639,46 @@ db.instance_destroy(self.context, instance['uuid']) + def test_snapshot_image_service_fails(self): + # Ensure task_state remains at None if image service fails. + def fake_create(*args, **kwargs): + raise test.TestingException() + + restore = getattr(fake_image._FakeImageService, 'create') + self.stubs.Set(fake_image._FakeImageService, 'create', fake_create) + + instance = self._create_fake_instance() + self.assertRaises(test.TestingException, + self.compute_api.snapshot, + self.context, + instance, + 'no_image_snapshot') + + self.stubs.Set(fake_image._FakeImageService, 'create', restore) + db_instance = db.instance_get_all(context.get_admin_context())[0] + self.assertTrue(db_instance['task_state'] is None) + + def test_backup_image_service_fails(self): + # Ensure task_state remains at None if image service fails. + def fake_create(*args, **kwargs): + raise test.TestingException() + + restore = getattr(fake_image._FakeImageService, 'create') + self.stubs.Set(fake_image._FakeImageService, 'create', fake_create) + + instance = self._create_fake_instance() + self.assertRaises(test.TestingException, + self.compute_api.backup, + self.context, + instance, + 'no_image_backup', + 'DAILY', + 0) + + self.stubs.Set(fake_image._FakeImageService, 'create', restore) + db_instance = db.instance_get_all(context.get_admin_context())[0] + self.assertTrue(db_instance['task_state'] is None) + def test_backup(self): """Can't backup an instance which is already being backed up.""" instance = self._create_fake_instance() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/tests/test_libvirt_vif.py new/nova-2012.2.4/nova/tests/test_libvirt_vif.py --- old/nova-2012.2.4/nova/tests/test_libvirt_vif.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/tests/test_libvirt_vif.py 2013-02-21 20:47:22.000000000 +0100 @@ -65,7 +65,7 @@ self.stubs.Set(utils, 'execute', fake_execute) - def _get_instance_xml(self, driver): + def _get_instance_xml(self, driver, mapping=None): conf = config.LibvirtConfigGuest() conf.virt_type = "qemu" conf.name = "fake-name" @@ -73,7 +73,9 @@ conf.memory = 100 * 1024 conf.vcpus = 4 - nic = driver.plug(self.instance, (self.net, self.mapping)) + if mapping is None: + mapping = self.mapping + nic = driver.plug(self.instance, (self.net, mapping)) conf.add_device(nic) return conf.to_xml() @@ -90,6 +92,28 @@ self.assertEqual(br_name, self.net['bridge']) mac = node.find("mac").get("address") self.assertEqual(mac, self.mapping['mac']) + first_filter = node.find("filterref")[0] + self.assertEqual(first_filter.get('name'), 'IP') + + d.unplug(None, (self.net, self.mapping)) + + def test_bridge_driver_no_ips(self): + d = vif.LibvirtBridgeDriver() + mapping = dict(self.mapping) + mapping['ips'] = [] + xml = self._get_instance_xml(d, mapping) + + doc = etree.fromstring(xml) + ret = doc.findall('./devices/interface') + self.assertEqual(len(ret), 1) + node = ret[0] + self.assertEqual(node.get("type"), "bridge") + br_name = node.find("source").get("bridge") + self.assertEqual(br_name, self.net['bridge']) + mac = node.find("mac").get("address") + self.assertEqual(mac, self.mapping['mac']) + first_filter = node.find("filterref")[0] + self.assertNotEqual(first_filter.get('name'), 'IP') d.unplug(None, (self.net, self.mapping)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/tests/test_utils.py new/nova-2012.2.4/nova/tests/test_utils.py --- old/nova-2012.2.4/nova/tests/test_utils.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/tests/test_utils.py 2013-02-21 20:47:15.000000000 +0100 @@ -457,6 +457,39 @@ result = utils.service_is_up(service) self.assertFalse(result) + def test_safe_parse_xml(self): + + normal_body = (""" + <?xml version="1.0" ?><foo> + <bar> + <v1>hey</v1> + <v2>there</v2> + </bar> + </foo>""").strip() + + def killer_body(): + return (("""<!DOCTYPE x [ + <!ENTITY a "%(a)s"> + <!ENTITY b "%(b)s"> + <!ENTITY c "%(c)s">]> + <foo> + <bar> + <v1>%(d)s</v1> + </bar> + </foo>""") % { + 'a': 'A' * 10, + 'b': '&a;' * 10, + 'c': '&b;' * 10, + 'd': '&c;' * 9999, + }).strip() + + dom = utils.safe_minidom_parse_string(normal_body) + self.assertEqual(normal_body, str(dom.toxml())) + + self.assertRaises(ValueError, + utils.safe_minidom_parse_string, + killer_body()) + def test_xhtml_escape(self): self.assertEqual('"foo"', utils.xhtml_escape('"foo"')) self.assertEqual(''foo'', utils.xhtml_escape("'foo'")) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/utils.py new/nova-2012.2.4/nova/utils.py --- old/nova-2012.2.4/nova/utils.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/utils.py 2013-02-21 20:47:15.000000000 +0100 @@ -39,6 +39,10 @@ import time import uuid import weakref +from xml.dom import minidom +from xml.parsers import expat +from xml import sax +from xml.sax import expatreader from xml.sax import saxutils from eventlet import event @@ -567,6 +571,46 @@ return self.done.wait() +class ProtectedExpatParser(expatreader.ExpatParser): + """An expat parser which disables DTD's and entities by default.""" + + def __init__(self, forbid_dtd=True, forbid_entities=True, + *args, **kwargs): + # Python 2.x old style class + expatreader.ExpatParser.__init__(self, *args, **kwargs) + self.forbid_dtd = forbid_dtd + self.forbid_entities = forbid_entities + + def start_doctype_decl(self, name, sysid, pubid, has_internal_subset): + raise ValueError("Inline DTD forbidden") + + def entity_decl(self, entityName, is_parameter_entity, value, base, + systemId, publicId, notationName): + raise ValueError("<!ENTITY> forbidden") + + def unparsed_entity_decl(self, name, base, sysid, pubid, notation_name): + # expat 1.2 + raise ValueError("<!ENTITY> forbidden") + + def reset(self): + expatreader.ExpatParser.reset(self) + if self.forbid_dtd: + self._parser.StartDoctypeDeclHandler = self.start_doctype_decl + if self.forbid_entities: + self._parser.EntityDeclHandler = self.entity_decl + self._parser.UnparsedEntityDeclHandler = self.unparsed_entity_decl + + +def safe_minidom_parse_string(xml_string): + """Parse an XML string using minidom safely. + + """ + try: + return minidom.parseString(xml_string, parser=ProtectedExpatParser()) + except sax.SAXParseException as se: + raise expat.ExpatError() + + def xhtml_escape(value): """Escapes a string so it is valid within XML or XHTML. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nova-2012.2.4/nova/virt/libvirt/vif.py new/nova-2012.2.4/nova/virt/libvirt/vif.py --- old/nova-2012.2.4/nova/virt/libvirt/vif.py 2013-02-01 02:05:36.000000000 +0100 +++ new/nova-2012.2.4/nova/virt/libvirt/vif.py 2013-02-21 20:47:22.000000000 +0100 @@ -64,24 +64,27 @@ if FLAGS.libvirt_use_virtio_for_bridges: conf.model = "virtio" - conf.filtername = "nova-instance-" + instance['name'] + "-" + mac_id - conf.add_filter_param("IP", mapping['ips'][0]['ip']) - if mapping['dhcp_server']: - conf.add_filter_param("DHCPSERVER", mapping['dhcp_server']) + if FLAGS.firewall_driver != "nova.virt.firewall.NoopFirewallDriver": + conf.filtername = "nova-instance-" + instance['name'] + "-" + \ + mac_id + if mapping['ips']: + conf.add_filter_param("IP", mapping['ips'][0]['ip']) + if mapping['dhcp_server']: + conf.add_filter_param("DHCPSERVER", mapping['dhcp_server']) - if FLAGS.use_ipv6: - conf.add_filter_param("RASERVER", - mapping.get('gateway_v6') + "/128") - - if FLAGS.allow_same_net_traffic: - net, mask = netutils.get_net_and_mask(network['cidr']) - conf.add_filter_param("PROJNET", net) - conf.add_filter_param("PROJMASK", mask) if FLAGS.use_ipv6: - net_v6, prefixlen_v6 = netutils.get_net_and_prefixlen( - network['cidr_v6']) - conf.add_filter_param("PROJNET6", net_v6) - conf.add_filter_param("PROJMASK6", prefixlen_v6) + conf.add_filter_param("RASERVER", + mapping.get('gateway_v6') + "/128") + + if FLAGS.allow_same_net_traffic: + net, mask = netutils.get_net_and_mask(network['cidr']) + conf.add_filter_param("PROJNET", net) + conf.add_filter_param("PROJMASK", mask) + if FLAGS.use_ipv6: + net_v6, prefixlen_v6 = netutils.get_net_and_prefixlen( + network['cidr_v6']) + conf.add_filter_param("PROJNET6", net_v6) + conf.add_filter_param("PROJMASK6", prefixlen_v6) return conf -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
