subject:"\[gentoo\-commits\] repo\/gentoo\:master commit in\: sys\-cluster\/heat\/files\/, sys\-cluster\/heat\/"

[gentoo-commits] repo/gentoo:master commit in: sys-cluster/heat/files/, sys-cluster/heat/

2017-02-26 Thread Matt Thode

commit: 9502763aafd263d8b2fba40cbfc5e4a96673e750
Author: Matthew Thode  gentoo  org>
AuthorDate: Mon Feb 27 06:41:09 2017 +
Commit: Matt Thode  gentoo  org>
CommitDate: Mon Feb 27 06:43:07 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9502763a

sys-cluster/heat: OCATA

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --force

 sys-cluster/heat/Manifest |1 +
 sys-cluster/heat/files/ocata-heat.conf.sample | 2635 +
 sys-cluster/heat/heat-2017.1..ebuild  |  149 ++
 sys-cluster/heat/heat-8.0.0.ebuild|  148 ++
 4 files changed, 2933 insertions(+)

diff --git a/sys-cluster/heat/Manifest b/sys-cluster/heat/Manifest
index 562f0f2be0..31d8b385c4 100644
--- a/sys-cluster/heat/Manifest
+++ b/sys-cluster/heat/Manifest
@@ -1 +1,2 @@
 DIST heat-7.0.2.tar.gz 2257003 SHA256 
5fb78bdb8859e3f037ffe11180b9a526830e8ce56a294bbb2dc79b638b7c99da SHA512 
0655b8e264bbfa227405759d28d74c9f71eefb8d2abce3f75d3a72fd0d927c114a5bb4658e73c553302632a086af34faa1e37f5bbef1b84f3564ca3fbac624e7
 WHIRLPOOL 
d1e3806534ad5d2930cd7b135ee78200b1d43f937cfcc3c3864263c6da8d0271476450f86b0ea2b84461a05ee794a3a1f3ed08086db9f0c1d1ed9d4f05a37db3
+DIST heat-8.0.0.tar.gz 2311784 SHA256 
edccf56b31a9c4cc01ba47c66f7b7197e3056f66c333c0c3f29b4ee44000f583 SHA512 
bbc4d19b254069e46f2bda554336f4fd0bc5eeb96974e1c997efca94304e32668ca6584671b5121af07004925829c770345356ebb0b113a4c1ff5dc2a949bcd7
 WHIRLPOOL 
7787008629aba8ad4e369822e2fd555df2d95a127246bd080de5d7b728bcc3ab049cd8097cc9618ce29e10e1f66af9335b58fa45cb604ca1b01208219cf3bc3c

diff --git a/sys-cluster/heat/files/ocata-heat.conf.sample 
b/sys-cluster/heat/files/ocata-heat.conf.sample
new file mode 100644
index 00..200ae61940
--- /dev/null
+++ b/sys-cluster/heat/files/ocata-heat.conf.sample
@@ -0,0 +1,2635 @@
+[DEFAULT]
+
+#
+# From heat.api.middleware.ssl
+#
+
+# The HTTP Header that will be used to determine what the original request
+# protocol scheme was, even if it was removed by an SSL terminator proxy.
+# (string value)
+# Deprecated group/name - [DEFAULT]/secure_proxy_ssl_header
+#secure_proxy_ssl_header = X-Forwarded-Proto
+
+#
+# From heat.common.config
+#
+
+# Name of the engine node. This can be an opaque identifier. It is not
+# necessarily a hostname, FQDN, or IP address. (string value)
+#host = slaanesh
+
+# List of directories to search for plug-ins. (list value)
+#plugin_dirs = 
/usr/lib64/heat,/usr/lib/heat,/usr/local/lib/heat,/usr/local/lib64/heat
+
+# The directory to search for environment files. (string value)
+#environment_dir = /etc/heat/environment.d
+
+# The directory to search for template files. (string value)
+#template_dir = /etc/heat/templates
+
+# Select deferred auth method, stored password or trusts. (string value)
+# Allowed values: password, trusts
+#deferred_auth_method = trusts
+
+# Allow reauthentication on token expiry, such that long-running tasks may
+# complete. Note this defeats the expiry of any provided user tokens. (string
+# value)
+# Allowed values: '', trusts
+#reauthentication_auth_method =
+
+# Gap, in seconds, to determine whether the given token is about to expire.
+# (integer value)
+#stale_token_duration = 30
+
+# Subset of trustor roles to be delegated to heat. If left unset, all roles of
+# a user will be delegated to heat when creating a stack. (list value)
+#trusts_delegated_roles =
+
+# Maximum resources allowed per top-level stack. -1 stands for unlimited.
+# (integer value)
+#max_resources_per_stack = 1000
+
+# Maximum number of stacks any one tenant may have active at one time. (integer
+# value)
+#max_stacks_per_tenant = 100
+
+# Number of times to retry to bring a resource to a non-error state. Set to 0
+# to disable retries. (integer value)
+#action_retry_limit = 5
+
+# Number of times to retry when a client encounters an expected intermittent
+# error. Set to 0 to disable retries. (integer value)
+#client_retry_limit = 2
+
+# Maximum length of a server name to be used in nova. (integer value)
+# Maximum value: 53
+#max_server_name_length = 53
+
+# Number of times to check whether an interface has been attached or detached.
+# (integer value)
+# Minimum value: 1
+#max_interface_check_attempts = 10
+
+# Controls how many events will be pruned whenever a stack's events are purged.
+# Set this lower to keep more events at the expense of more frequent purges.
+# (integer value)
+# Minimum value: 1
+#event_purge_batch_size = 200
+
+# Rough number of maximum events that will be available per stack. Actual
+# number of events can be a bit higher since purge checks take place randomly
+# 200/event_purge_batch_size percent of the time. Older events are deleted when
+# events are purged. Set to 0 for unlimited events per stack. (integer value)
+#max_events_per_stack = 1000
+
+# Timeout in seconds for stack action (ie. create or update). (integer value)
+#stack_action_timeout = 3600
+
+# The amount of time in seconds after an

[gentoo-commits] repo/gentoo:master commit in: sys-cluster/heat/files/, sys-cluster/heat/

2016-11-04 Thread Matt Thode

commit: 3930fb660c9d11c546f1959d4a2bdf66dd8f67e2
Author: Matthew Thode  gentoo  org>
AuthorDate: Fri Nov  4 14:48:04 2016 +
Commit: Matt Thode  gentoo  org>
CommitDate: Fri Nov  4 14:48:04 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3930fb66

sys-cluster/heat: fix CVE-2016-9185 bug 598940

Package-Manager: portage-2.3.0

 sys-cluster/heat/files/CVE-2016-9185.patch | 53 ++
 .../{heat-7.0.0.ebuild => heat-7.0.0-r1.ebuild}|  5 +-
 2 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/sys-cluster/heat/files/CVE-2016-9185.patch 
b/sys-cluster/heat/files/CVE-2016-9185.patch
new file mode 100644
index ..7b6bd86
--- /dev/null
+++ b/sys-cluster/heat/files/CVE-2016-9185.patch
@@ -0,0 +1,53 @@
+From 02dfb1a64f8a545a6dfed15245ac54c8ea835b81 Mon Sep 17 00:00:00 2001
+From: Daniel Gonzalez 
+Date: Mon, 17 Oct 2016 10:22:42 +0200
+Subject: Prevent template validate from scanning ports
+
+The template validation method in the heat API allows to specify the
+template to validate using a URL with the 'template_url' parameter.
+
+By entering invalid http URLs, like 'http://localhost:22' it is
+possible to scan ports by evaluating the error message of the request.
+
+For example, the request
+
+curl -H "Content-Type: application/json" -H "X-Auth-Token: " \
+-X POST -d '{"template_url": "http://localhost:22"}' \
+http://127.0.0.1:8004/v1//validate
+
+causes the following error message to be returned to the user:
+
+"Could not retrieve template: Failed to retrieve template:
+('Connection aborted.',
+BadStatusLine('SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\\r\\n',))"
+
+This could be misused by tenants to gain knowledge about the internal
+network the heat API runs in.
+
+To prevent this information leak, this patch alters the error message
+to not include such details when the url scheme is not 'file'.
+
+SecurityImpact
+
+Closes-Bug: #1606500
+
+Change-Id: Id1f86f41c1e6c028d889eca7ccbb9cde67631950
+(cherry picked from commit eab9a33ce760c55695a5beb2e541487588b08c98)
+---
+ heat/common/urlfetch.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/heat/common/urlfetch.py b/heat/common/urlfetch.py
+index 7efd968..8a7deae 100644
+--- a/heat/common/urlfetch.py
 b/heat/common/urlfetch.py
+@@ -75,4 +75,5 @@ def get(url, allowed_schemes=('http', 'https')):
+ return result
+ 
+ except exceptions.RequestException as ex:
+-raise URLFetchError(_('Failed to retrieve template: %s') % ex)
++LOG.info(_LI('Failed to retrieve template: %s') % ex)
++raise URLFetchError(_('Failed to retrieve template from %s') % url)
+-- 
+cgit v0.12
+

diff --git a/sys-cluster/heat/heat-7.0.0.ebuild 
b/sys-cluster/heat/heat-7.0.0-r1.ebuild
similarity index 99%
rename from sys-cluster/heat/heat-7.0.0.ebuild
rename to sys-cluster/heat/heat-7.0.0-r1.ebuild
index 9477a14..37461d9 100644
--- a/sys-cluster/heat/heat-7.0.0.ebuild
+++ b/sys-cluster/heat/heat-7.0.0-r1.ebuild
@@ -113,8 +113,9 @@ RDEPEND="
>=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
>=dev-python/yaql-1.1.0[${PYTHON_USEDEP}]"
 
-#PATCHES=(
-#)
+PATCHES=(
+   "${FILESDIR}/CVE-2016-9185.patch"
+)
 
 pkg_setup() {
enewgroup heat

[gentoo-commits] repo/gentoo:master commit in: sys-cluster/heat/files/, sys-cluster/heat/

2016-10-03 Thread Matt Thode

commit: 1e60fdfa463928bd5340fb6933c3455dec69d370
Author: Matthew Thode  gentoo  org>
AuthorDate: Mon Oct  3 20:24:39 2016 +
Commit: Matt Thode  gentoo  org>
CommitDate: Mon Oct  3 20:36:13 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e60fdfa

sys-cluster/heat: adding heat :D

Package-Manager: portage-2.3.0

 sys-cluster/heat/files/heat.initd  |   53 +
 sys-cluster/heat/files/newton-heat.conf.sample | 1225 
 sys-cluster/heat/heat-2016.2..ebuild   |  152 +++
 sys-cluster/heat/metadata.xml  |   19 +
 4 files changed, 1449 insertions(+)

diff --git a/sys-cluster/heat/files/heat.initd 
b/sys-cluster/heat/files/heat.initd
new file mode 100644
index ..a3fa50e
--- /dev/null
+++ b/sys-cluster/heat/files/heat.initd
@@ -0,0 +1,53 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+BASENAME=$(echo $SVCNAME | cut -d '-' -f 1)
+SERVERNAME=$(echo $SVCNAME | cut -d '-' -f 2)
+
+depend() {
+need net 
+}
+
+checkconfig() {
+if [ ! -r /etc/conf.d/$BASENAME ]; then
+eerror "No heat conf.d file found: /etc/conf.d/$BASENAME)"
+return 1
+else
+. /etc/conf.d/$BASENAME
+fi
+}
+
+start() {
+checkconfig || return $?
+
+ebegin "Starting ${SVCNAME}"
+if [ ! -d ${PID_PATH} ]; then
+mkdir ${PID_PATH}
+chown heat:root ${PID_PATH}
+fi
+
+start-stop-daemon --start \
+  --quiet \
+  --user heat \
+  --pidfile "${PID_PATH}/${SVCNAME}.pid" \
+  --make-pidfile \
+  --background \
+  --exec /usr/bin/heat-${SERVERNAME} --  --config-file 
/etc/heat/heat.conf --log-file /var/log/heat/heat-${SERVERNAME}
+
+eend $? "Failed to start ${SVCNAME}"
+}
+
+stop() {
+checkconfig || return $?
+
+ebegin "Stopping ${SVCNAME}"
+
+start-stop-daemon --stop \
+  --quiet \
+  --user heat \
+  --pidfile "${PID_PATH}/${SVCNAME}.pid" \
+  --exec /usr/bin/heat-${SERVERNAME} --  --config-file 
/etc/heat/heat.conf
+
+eend $? "Failed to stop ${SVCNAME}"
+}

diff --git a/sys-cluster/heat/files/newton-heat.conf.sample 
b/sys-cluster/heat/files/newton-heat.conf.sample
new file mode 100644
index ..433b8ba
--- /dev/null
+++ b/sys-cluster/heat/files/newton-heat.conf.sample
@@ -0,0 +1,1225 @@
+[DEFAULT]
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+
+# DEPRECATED: If set to false, the logging level will be set to WARNING instead
+# of the default INFO level. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+#verbose = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = 
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = 
+
+# (Optional) The base directory used for relative log_file  paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = 
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# s

[gentoo-commits] repo/gentoo:master commit in: sys-cluster/heat/files/, sys-cluster/heat/

[gentoo-commits] repo/gentoo:master commit in: sys-cluster/heat/files/, sys-cluster/heat/

[gentoo-commits] repo/gentoo:master commit in: sys-cluster/heat/files/, sys-cluster/heat/

3 matches

Site Navigation

Mail list logo

Footer information