--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/neutron/patches/08-CVE-2014-7821.patch Mon Dec 08 15:47:54 2014 -0800
@@ -0,0 +1,51 @@
+This patch addresses CVE-2014-7821 and is tracked under Launchpad bug
+1378450. It is addressed in the stable/Juno and stable/Icehouse. There
+is no patch for Havana since it is EOL'ed by upstream. Therefore, this
+patch is derived from the patch for stable/Icehouse
+
+commit ab7ea069de5cecf1c26af50996a26e1a7f86def4
+Author: John Perkins <email address hidden>
+Date: Mon Oct 6 16:24:57 2014 -0500
+
+ Fix hostname regex pattern
+
+ Current hostname_pattern regex complexity grows exponentially
+ when given a string of just digits, which can be exploited to
+ cause neutron-server to freeze.
+
+ Change-Id: I886c6d883a9cb0acd9908495eec50bf0411d8ba8
+ Closes-bug: #1378450
+
+*** neutron-2013.2.3/neutron/api/v2/attributes.py 2014-04-03 11:49:01.000000000 -0700
+--- NEW/neutron/api/v2/attributes.py 2014-11-19 22:04:06.880132434 -0800
+***************
+*** 494,501 ****
+ return [data]
+
+
+! HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]"
+! "{1,63}(?<!-)\.?)+(?:[a-zA-Z]{2,})$)")
+
+ HEX_ELEM = '[0-9A-Fa-f]'
+ UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}',
+--- 494,501 ----
+ return [data]
+
+
+! HOSTNAME_PATTERN = ("(?=^.{1,254}$)(^(?:(?!\d+.|-)[a-zA-Z0-9_\-]{1,62}"
+! "[a-zA-Z0-9]\.?)+(?:[a-zA-Z]{2,})$)")
+
+ HEX_ELEM = '[0-9A-Fa-f]'
+ UUID_PATTERN = '-'.join([HEX_ELEM + '{8}', HEX_ELEM + '{4}',
+*** neutron-2013.2.3/neutron/tests/unit/test_attributes.py 2014-04-03 11:49:01.000000000 -0700
+--- NEW/neutron/tests/unit/test_attributes.py 2014-11-19 22:15:26.539566055 -0800
+***************
+*** 246,251 ****
+--- 246,252 ----
+ ['www.hostname.com', 'www.hostname.com'],
+ ['77.hostname.com'],
+ ['1000.0.0.1'],
++ ['111111111111111111111111111111111111111111111111111111111111'], # noqa
+ None]
+
+ for ns in ns_pools: