From 353ead38dc41437704919d82b9bc4e64ed294cdc Mon Sep 17 00:00:00 2001 From: Matthew Thode Date: Tue, 11 Feb 2020 12:12:01 -0600 Subject: [PATCH] app-emulation/cloud-init: 19.4 bump includes fix for CVE-2020-{8631,8632} Bug: https://bugs.gentoo.org/708738 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Matthew Thode --- app-emulation/cloud-init/Manifest | 1 + .../cloud-init/cloud-init-19.4.ebuild | 90 ++++++++++++++++++ ....4-gentoo-support-upstream-templates.patch | 93 +++++++++++++++++++ .../files/cloud-init-19.4_CVE-2020-8631.patch | 25 +++++ app-emulation/cloud-init/metadata.xml | 2 +- 5 files changed, 210 insertions(+), 1 deletion(-) create mode 100644 app-emulation/cloud-init/cloud-init-19.4.ebuild create mode 100644 app-emulation/cloud-init/files/cloud-init-19.4-gentoo-support-upstream-templates.patch create mode 100644 app-emulation/cloud-init/files/cloud-init-19.4_CVE-2020-8631.patch diff --git a/app-emulation/cloud-init/Manifest b/app-emulation/cloud-init/Manifest index 4f2aa6f1599a..41552972418d 100644 --- a/app-emulation/cloud-init/Manifest +++ b/app-emulation/cloud-init/Manifest @@ -1,3 +1,4 @@ DIST cloud-init-17.2.tar.gz 810821 BLAKE2B df1a7c1ed1fc48a7801a53bd89839d963debca6abf7f892d61bf7ec9222ab33bf78221e65d79028e0445cac4c5fe1e0c1620d49aea26c036ee17933d9c1893f5 SHA512 ad1c7f6ca9762b70a1f06a6b538032a7de0c5371fd792260d5959df113f4f51509d184b2207ffa23b41f395c1903d551d66aaf2a2ad60af3594cf1f18d1e4a38 DIST cloud-init-18.4.tar.gz 965112 BLAKE2B 2879aafedea877e4e406a5e837d100ba65e40c62660621f606e7a189af7b1ec8d98ba2c02ae5d253a0b4587502d3a636dec5c2772c968a9037b47e62a05656b4 SHA512 730aca6406f652f55afc2dd50c49eb6708584e0a96715606bcba05cb7f40e47c256faff1f9748f04674a8f941ec9435801c9ed2ac79adec8a6ef167d6b195103 DIST cloud-init-18.5.tar.gz 990381 BLAKE2B 0dbbd5b2402d3a7742c46f8a37b0ea31f40ac16bdbfe49dca0056ab8f90c47dbf26e6d3f40f34275caf5102d0b9b8be4e2c28bfc2276e85a5aad11af20b08979 SHA512 f89ee636922e33b5b2dcb5230763404fbeee148e28b8f61bf5b2f1f07000f960f9d38545dfb7bcbe9afb8253f77d66c94b39e9a159715b44a440a7cbe1fe1aeb +DIST cloud-init-19.4.tar.gz 1091893 BLAKE2B 2ab8fef70b420c066d6d8f83871568eeac24f00879ecf3d58c3768dd809cff6a3b79c7e72d9a10204002101049ab86ab64f0c524362e00497a9222960ef380df SHA512 e69ea47eab41d69d64fa44102fbde59319da5f71a68f28a0f6ac65cd6866542b4fe58a71b84c903cfa9b1d2f26eb648cdf4de633b8df61e4f89c9fa4c2a2b1d3 diff --git a/app-emulation/cloud-init/cloud-init-19.4.ebuild b/app-emulation/cloud-init/cloud-init-19.4.ebuild new file mode 100644 index 000000000000..67e494f94a86 --- /dev/null +++ b/app-emulation/cloud-init/cloud-init-19.4.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +PYTHON_COMPAT=( python3_6 python3_7 ) + +inherit distutils-r1 + +DESCRIPTION="Cloud instance initialisation magic" +HOMEPAGE="https://launchpad.net/cloud-init" +SRC_URI="https://launchpad.net/${PN}/trunk/${PV}/+download/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="test" +RESTRICT="!test? ( test )" + +CDEPEND=" + dev-python/jinja[${PYTHON_USEDEP}] + dev-python/oauthlib[${PYTHON_USEDEP}] + dev-python/pyserial[${PYTHON_USEDEP}] + >=dev-python/configobj-5.0.2[${PYTHON_USEDEP}] + dev-python/pyyaml[${PYTHON_USEDEP}] + dev-python/requests[${PYTHON_USEDEP}] + dev-python/jsonpatch[${PYTHON_USEDEP}] + dev-python/jsonschema[${PYTHON_USEDEP}] + dev-python/six[${PYTHON_USEDEP}] +" +DEPEND=" + dev-python/setuptools[${PYTHON_USEDEP}] + test? ( + ${CDEPEND} + >=dev-python/httpretty-0.7.1[${PYTHON_USEDEP}] + dev-python/mock[${PYTHON_USEDEP}] + dev-python/nose[${PYTHON_USEDEP}] + dev-python/unittest2[${PYTHON_USEDEP}] + dev-python/coverage[${PYTHON_USEDEP}] + dev-python/contextlib2[${PYTHON_USEDEP}] + ) +" +RDEPEND=" + ${CDEPEND} + net-analyzer/macchanger + sys-apps/iproute2 + sys-fs/growpart + virtual/logger +" + +PATCHES=( + # Fix Gentoo support + # https://code.launchpad.net/~gilles-dartiguelongue/cloud-init/+git/cloud-init/+merge/358777 + "${FILESDIR}/${PN}-18.4-fix-packages-module.patch" + "${FILESDIR}/${P}-gentoo-support-upstream-templates.patch" + "${FILESDIR}"/18.4-fix-filename-for-storing-locale.patch + "${FILESDIR}"/18.4-fix-update_package_sources-function.patch + "${FILESDIR}"/18.4-add-support-for-package_upgrade.patch + "${FILESDIR}/${P}_CVE-2020-8631.patch" +) + +src_prepare() { + # Fix location of documentation installation + sed -i "s:USR + '/share/doc/cloud-init:USR + '/share/doc/${PF}:" setup.py || die + distutils-r1_src_prepare +} + +python_test() { + # Do not use Makefile target as it does not setup environment correclty + esetup.py nosetests -v --where cloudinit --where tests/unittests || die +} + +python_install() { + distutils-r1_python_install --init-system=sysvinit_openrc,systemd --distro gentoo +} + +python_install_all() { + keepdir /etc/cloud + + distutils-r1_python_install_all + + # installs as non-executable + chmod +x "${D}"/etc/init.d/* +} + +pkg_postinst() { + elog "cloud-init-local needs to be run in the boot runlevel because it" + elog "modifies services in the default runlevel. When a runlevel is started" + elog "it is cached, so modifications that happen to the current runlevel" + elog "while you are in it are not acted upon." +} diff --git a/app-emulation/cloud-init/files/cloud-init-19.4-gentoo-support-upstream-templates.patch b/app-emulation/cloud-init/files/cloud-init-19.4-gentoo-support-upstream-templates.patch new file mode 100644 index 000000000000..210c29437361 --- /dev/null +++ b/app-emulation/cloud-init/files/cloud-init-19.4-gentoo-support-upstream-templates.patch @@ -0,0 +1,93 @@ +From 823454f1ea140ec47f5f9c5c3c5ad62eb458eb8a Mon Sep 17 00:00:00 2001 +From: Gilles Dartiguelongue +Date: Wed, 24 Oct 2018 10:52:46 +0200 +Subject: [PATCH 2/5] Add support for gentoo in cloud.cfg and templates + +--- + config/cloud.cfg.tmpl | 8 ++++++-- + templates/hosts.gentoo.tmpl | 24 ++++++++++++++++++++++++ + tools/render-cloudcfg | 2 +- + 3 files changed, 31 insertions(+), 3 deletions(-) + create mode 100644 templates/hosts.gentoo.tmpl + +diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl +index 1fef133a..3f5a41a2 100644 +--- a/config/cloud.cfg.tmpl ++++ b/config/cloud.cfg.tmpl +@@ -134,7 +134,7 @@ cloud_final_modules: + # (not accessible to handlers/transforms) + system_info: + # This will affect which distro class gets used +-{% if variant in ["arch", "centos", "debian", "fedora", "freebsd", "rhel", "suse", "ubuntu"] %} ++{% if variant in ["arch", "centos", "debian", "fedora", "freebsd", "gentoo", "rhel", "suse", "ubuntu"] %} + distro: {{ variant }} + {% else %} + # Unknown/fallback distro. +@@ -172,7 +172,7 @@ system_info: + primary: http://ports.ubuntu.com/ubuntu-ports + security: http://ports.ubuntu.com/ubuntu-ports + ssh_svcname: ssh +-{% elif variant in ["arch", "centos", "fedora", "rhel", "suse"] %} ++{% elif variant in ["arch", "centos", "fedora", "gentoo", "rhel", "suse"] %} + # Default user name + that default users groups (if added/used) + default_user: + name: {{ variant }} +@@ -180,6 +180,10 @@ system_info: + {% endif %} + {% if variant == "suse" %} + groups: [cdrom, users] ++{% elif variant == "gentoo" %} ++ groups: [users, wheel] ++ primary_group: users ++ no_user_group: true + {% elif variant == "arch" %} + groups: [wheel, users] + {% else %} +diff --git a/templates/hosts.gentoo.tmpl b/templates/hosts.gentoo.tmpl +new file mode 100644 +index 00000000..cd045fa6 +--- /dev/null ++++ b/templates/hosts.gentoo.tmpl +@@ -0,0 +1,24 @@ ++## template:jinja ++{# ++This file /etc/cloud/templates/hosts.gentoo.tmpl is only utilized ++if enabled in cloud-config. Specifically, in order to enable it ++you need to add the following to config: ++ manage_etc_hosts: True ++-#} ++# Your system has configured 'manage_etc_hosts' as True. ++# As a result, if you wish for changes to this file to persist ++# then you will need to either ++# a.) make changes to the master file in /etc/cloud/templates/hosts.gentoo.tmpl ++# b.) change or remove the value of 'manage_etc_hosts' in ++# /etc/cloud/cloud.cfg or cloud-config from user-data ++# ++# The following lines are desirable for IPv4 capable hosts ++127.0.0.1 {{fqdn}} {{hostname}} ++127.0.0.1 localhost.localdomain localhost ++127.0.0.1 localhost4.localdomain4 localhost4 ++ ++# The following lines are desirable for IPv6 capable hosts ++::1 {{fqdn}} {{hostname}} ++::1 localhost.localdomain localhost ++::1 localhost6.localdomain6 localhost6 ++ +diff --git a/tools/render-cloudcfg b/tools/render-cloudcfg +index 8b7cb875..d109044e 100755 +--- a/tools/render-cloudcfg ++++ b/tools/render-cloudcfg +@@ -4,7 +4,7 @@ import argparse + import os + import sys + +-VARIANTS = ["arch", "centos", "debian", "fedora", "freebsd", "rhel", "suse", +- "ubuntu", "unknown"] ++VARIANTS = ["arch", "centos", "debian", "fedora", "freebsd", "gentoo", "rhel", ++ "suse", "ubuntu", "unknown"] + + if "avoid-pep8-E402-import-not-top-of-file": + _tdir = os.path.abspath(os.path.join(os.path.dirname(__file__), "..")) +-- +2.19.1 + diff --git a/app-emulation/cloud-init/files/cloud-init-19.4_CVE-2020-8631.patch b/app-emulation/cloud-init/files/cloud-init-19.4_CVE-2020-8631.patch new file mode 100644 index 000000000000..625473c68f1d --- /dev/null +++ b/app-emulation/cloud-init/files/cloud-init-19.4_CVE-2020-8631.patch @@ -0,0 +1,25 @@ +From 42788bf24a1a0a5421a2d00a7f59b59e38ba1a14 Mon Sep 17 00:00:00 2001 +From: Ryan Harper +Date: Fri, 24 Jan 2020 21:33:12 +0200 +Subject: [PATCH] cc_set_password: increase random pwlength from 9 to 20 (#189) + +Increasing the bits of security from 52 to 115. + +LP: #1860795 +--- + cloudinit/config/cc_set_passwords.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py +index e3b39d8be..4943d5453 100755 +--- a/cloudinit/config/cc_set_passwords.py ++++ b/cloudinit/config/cc_set_passwords.py +@@ -236,7 +236,7 @@ def handle(_name, cfg, cloud, log, args): + raise errors[-1] + + +-def rand_user_password(pwlen=9): ++def rand_user_password(pwlen=20): + return util.rand_str(pwlen, select_from=PW_SET) + + diff --git a/app-emulation/cloud-init/metadata.xml b/app-emulation/cloud-init/metadata.xml index ac6c94ad0679..997452569a62 100644 --- a/app-emulation/cloud-init/metadata.xml +++ b/app-emulation/cloud-init/metadata.xml @@ -10,7 +10,7 @@ Gilles Dartiguelongue - Package provides configuration and customization of cloud instance. + Cloud-init is the industry standard multi-distribution method for cross-platform cloud instance initialization. It is supported across all major public cloud providers, provisioning systems for private cloud infrastructure, and bare-metal installations. cloud-init -- 2.26.2