From issues-return-92591-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Wed May 9 12:01:09 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id A77E6180674 for ; Wed, 9 May 2018 12:01:08 +0200 (CEST) Received: (qmail 87104 invoked by uid 500); 9 May 2018 10:01:07 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 87095 invoked by uid 500); 9 May 2018 10:01:07 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 87092 invoked by uid 99); 9 May 2018 10:01:07 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 May 2018 10:01:07 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 409A9CC401 for ; Wed, 9 May 2018 10:01:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -109.25 X-Spam-Level: X-Spam-Status: No, score=-109.25 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_ASCII_DIVIDERS=0.8, KAM_LOTSOFHASH=0.25, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id VP3wDoV9sa6R for ; Wed, 9 May 2018 10:01:06 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 5AC1B5FE62 for ; Wed, 9 May 2018 10:01:04 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 5FCA2E12EE for ; Wed, 9 May 2018 10:01:03 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 4F4862154D for ; Wed, 9 May 2018 10:01:02 +0000 (UTC) Date: Wed, 9 May 2018 10:01:02 +0000 (UTC) From: "ASF subversion and git services (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: =?utf-8?Q?[jira]_[Commented]_(CLOUDSTACK-10230)_User_is_able_?= =?utf-8?Q?to_change_to_=E2=80=9CGuest_OS_ty?= =?utf-8?Q?pe=E2=80=9D_that_has_been_removed_?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-10230?page=3Dcom.atl= assian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId= =3D16468651#comment-16468651 ]=20 ASF subversion and git services commented on CLOUDSTACK-10230: -------------------------------------------------------------- Commit 4534cefa40cf9b4d11402bff86c4484292fa660d in cloudstack's branch refs= /heads/master from [~rohithsharma] [ https://gitbox.apache.org/repos/asf?p=3Dcloudstack.git;h=3D4534cef ] backports for 4.11.1 from master (#2621) * CLOUDSTACK-10147 Disabled Xenserver Cluster can still deploy VM's. Added = code to skip disabled clusters when selecting a host (#2442) (cherry picked from commit c3488a51db4bce4ec32c09e6fef78193d360cf3f) Signed-off-by: Rohit Yadav * CLOUDSTACK-10318: Bug on sorting ACL rules list in chrome (#2478) (cherry picked from commit 4412563f19ec8b808fe4c79e2baf658507a84873) Signed-off-by: Rohit Yadav * CLOUDSTACK-10284:Creating a snapshot from VM Snapshot generates error if = hypervisor is not KVM. Signed-off-by: Rohit Yadav * CLOUDSTACK-10221: Allow IPv6 when creating a Basic Network (#2397) Since CloudStack 4.10 Basic Networking supports IPv6 and thus should be allowed to be specified when creating a network. Signed-off-by: Wido den Hollander (cherry picked from commit 9733a10ecda5f1af0f2c0fa863fc976a3e710946) Signed-off-by: Rohit Yadav * CLOUDSTACK-10214: Unable to remove local primary storage (#2390) Allow admins to remove primary storage pool. Cherry-picked from eba2e1d8a1ce4e86b4df144db03e96739da455e5 Signed-off-by: Rohit Yadav * dateutil: constistency of tzdate input and output (#2392) Signed-off-by: Yoan Blanc Signed-off-by: Daan Hoogland (cherry picked from commit 2ad520282319da9a03061b8c744e51a4ffdf94a2) Signed-off-by: Rohit Yadav * CLOUDSTACK-10054:Volume download times out in 3600 seconds (#2244) (cherry picked from commit bb607d07a97476dc4fb934b3d75df6affba47086) Signed-off-by: Rohit Yadav * When creating a new account (via domain admin) it is possible to select = =E2=80=9Croot admin=E2=80=9D as the role for the new user (#2606) * create account with domain admin showing 'root admin' role Domain admins should not be able to assign the role of root admin to new us= ers. Therefore, the role =E2=80=98root admin=E2=80=99 (or any other of the = same type) should not be visible to domain admins. * License and formatting * Break long sentence into multiple lines * Fix wording of method 'getCurrentAccount' * fix typo in variable name * [CLOUDSTACK-10259] Missing float part of secondary storage data in listAc= counts * [CLOUDSTACK-9338] ACS not accounting resources of VMs with custom service= offering ACS is accounting the resources properly when deploying VMs with custom ser= vice offerings. However, there are other methods (such as updateResourceCou= nt) that do not execute the resource accounting properly, and these methods= update the resource count for an account in the database. Therefore, if a = user deploys VMs with custom service offerings, and later this user calls t= he =E2=80=9CupdateResourceCount=E2=80=9D method, it (the method) will only = account for VMs with normal service offerings, and update this as the numbe= r of resources used by the account. This will result in a smaller number of= resources to be accounted for the given account than the real used value. = The problem becomes worse because if the user starts to delete these VMs, i= t is possible to reach negative values of resources allocated (breaking all= of the resource limiting for accounts). This is a very serious attack vect= or for public cloud providers! * [CLOUDSTACK-10230] User should not be able to use removed =E2=80=9CGuest = OS type=E2=80=9D (#2404) * [CLOUDSTACK-10230] User is able to change to =E2=80=9CGuest OS type=E2=80= =9D that has been removed Users are able to change the OS type of VMs to =E2=80=9CGuest OS type=E2=80= =9D that has been removed. This becomes a security issue when we try to for= ce users to use HVM VMs (Meltdown/Spectre thing). A removed =E2=80=9Cguest = os type=E2=80=9D should not be usable by any users in the cloud. * Remove trailing lines that are breaking build due to checkstyle complianc= e * Remove unused imports * fix classes that were in the wrong folder structure * Updates to capacity management > User is able to change to =E2=80=9CGuest OS type=E2=80=9D that has been r= emoved=20 > ---------------------------------------------------------------- > > Key: CLOUDSTACK-10230 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-102= 30 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the defa= ult.)=20 > Reporter: Rafael Weing=C3=A4rtner > Assignee: Rafael Weing=C3=A4rtner > Priority: Critical > Fix For: 4.12 > > > Users are able to change the OS type of VMs to =E2=80=9CGuest OS type=E2= =80=9D that has been removed. This becomes a security issue when we try to = force users to use HVM VMs (Meltdown/Spectre thing). A removed =E2=80=9Cgue= st os type=E2=80=9D should not be usable by any users in the cloud. -- This message was sent by Atlassian JIRA (v7.6.3#76005)