--- a/components/openstack/neutron/patches/08-CVE-2014-7821.patch Fri Mar 20 03:13:26 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,51 +0,0 @@
-This patch addresses CVE-2014-7821 and is tracked under Launchpad bug
-1378450. It is addressed in the stable/Juno and stable/Icehouse. There
-is no patch for Havana since it is EOL'ed by upstream. Therefore, this
-patch is derived from the patch for stable/Icehouse
-
-commit ab7ea069de5cecf1c26af50996a26e1a7f86def4
-Author: John Perkins <email address hidden>
-Date: Mon Oct 6 16:24:57 2014 -0500
-
- Fix hostname regex pattern
-
- Current hostname_pattern regex complexity grows exponentially
- when given a string of just digits, which can be exploited to
- cause neutron-server to freeze.
-
- Change-Id: I886c6d883a9cb0acd9908495eec50bf0411d8ba8
- Closes-bug: #1378450
-
-*** neutron-2013.2.3/neutron/api/v2/attributes.py 2014-04-03 11:49:01.000000000 -0700
---- NEW/neutron/api/v2/attributes.py 2014-11-19 22:04:06.880132434 -0800
-***************
-*** 494,501 ****
- return [data]
-
-
-! HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]"
-! "{1,63}(?<!-)\.?)+(?:[a-zA-Z]{2,})$)")
-
- HEX_ELEM = '[0-9A-Fa-f]'
- UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}',
---- 494,501 ----
- return [data]
-
-
-! HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+.|-)[a-zA-Z0-9_\-]{1,62}"
-! "[a-zA-Z0-9]\.?)+(?:[a-zA-Z]{2,})$)")
-
- HEX_ELEM = '[0-9A-Fa-f]'
- UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}',
-*** neutron-2013.2.3/neutron/tests/unit/test_attributes.py 2014-04-03 11:49:01.000000000 -0700
---- NEW/neutron/tests/unit/test_attributes.py 2014-11-19 22:15:26.539566055 -0800
-***************
-*** 246,251 ****
---- 246,252 ----
- ['www.hostname.com', 'www.hostname.com'],
- ['77.hostname.com'],
- ['1000.0.0.1'],
-+ ['111111111111111111111111111111111111111111111111111111111111'], # noqa
- None]
-
- for ns in ns_pools: