Hello community,
here is the log from the commit of package python-apache-libcloud for
openSUSE:Factory checked in at 2014-01-03 14:50:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-apache-libcloud (Old)
and /work/SRC/openSUSE:Factory/.python-apache-libcloud.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-apache-libcloud"
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-apache-libcloud/python-apache-libcloud.changes
2013-10-24 19:09:26.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.python-apache-libcloud.new/python-apache-libcloud.changes
2014-01-03 14:50:35.000000000 +0100
@@ -1,0 +2,7 @@
+Thu Jan 2 19:52:40 UTC 2014 - [email protected]
+
+- Updated to 0.13.3
+- Security fix release, for destroying nodes on digitalOcean
+ 'data_scrub' method is always invoked
+
+-------------------------------------------------------------------
Old:
----
apache-libcloud-0.13.2.tar.bz2
New:
----
apache-libcloud-0.13.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-apache-libcloud.spec ++++++
--- /var/tmp/diff_new_pack.U23uTr/_old 2014-01-03 14:50:36.000000000 +0100
+++ /var/tmp/diff_new_pack.U23uTr/_new 2014-01-03 14:50:36.000000000 +0100
@@ -17,7 +17,7 @@
Name: python-apache-libcloud
-Version: 0.13.2
+Version: 0.13.3
Release: 0
Summary: Abstract away differences among multiple cloud provider APIs
License: Apache-2.0
++++++ apache-libcloud-0.13.2.tar.bz2 -> apache-libcloud-0.13.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apache-libcloud-0.13.2/CHANGES
new/apache-libcloud-0.13.3/CHANGES
--- old/apache-libcloud-0.13.2/CHANGES 2013-09-15 17:40:43.000000000 +0200
+++ new/apache-libcloud-0.13.3/CHANGES 2013-12-31 13:11:47.000000000 +0100
@@ -1,5 +1,18 @@
-*- coding: utf-8 -*-
+Changes with Apache Libcloud 0.13.3
+
+ *) Compute
+
+ - Send "scrub_data" query parameter when destroying a DigitalOcean node.
+ This will cause disk to be scrubbed (overwritten with 0's) when
destroying
+ a node. (LIBCLOUD-487)
+
+ Note: This fixes a security issue with a potential leak of data contained
+ on the destroyed node which only affects users of the DigitalOcean
driver.
+ (CVE-2013-6480)
+ [Tomaz Muraus]
+
Changes with Apache Libcloud 0.13.2
*) General
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apache-libcloud-0.13.2/PKG-INFO
new/apache-libcloud-0.13.3/PKG-INFO
--- old/apache-libcloud-0.13.2/PKG-INFO 2013-09-15 17:44:36.000000000 +0200
+++ new/apache-libcloud-0.13.3/PKG-INFO 2013-12-31 13:17:42.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: apache-libcloud
-Version: 0.13.2
+Version: 0.13.3
Summary: A standard Python library that abstracts away differences among
multiple cloud provider APIs. For more information and documentation, please
see http://libcloud.apache.org
Home-page: http://libcloud.apache.org/
Author: Apache Software Foundation
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apache-libcloud-0.13.2/libcloud/__init__.py
new/apache-libcloud-0.13.3/libcloud/__init__.py
--- old/apache-libcloud-0.13.2/libcloud/__init__.py 2013-09-15
17:40:43.000000000 +0200
+++ new/apache-libcloud-0.13.3/libcloud/__init__.py 2013-12-31
01:42:18.000000000 +0100
@@ -20,7 +20,7 @@
"""
__all__ = ['__version__', 'enable_debug']
-__version__ = '0.13.2'
+__version__ = '0.13.3'
import os
import atexit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apache-libcloud-0.13.2/libcloud/compute/drivers/digitalocean.py
new/apache-libcloud-0.13.3/libcloud/compute/drivers/digitalocean.py
--- old/apache-libcloud-0.13.2/libcloud/compute/drivers/digitalocean.py
2013-09-15 17:40:43.000000000 +0200
+++ new/apache-libcloud-0.13.3/libcloud/compute/drivers/digitalocean.py
2013-12-31 01:42:18.000000000 +0100
@@ -123,7 +123,9 @@
return res.status == httplib.OK
def destroy_node(self, node):
- res = self.connection.request('/droplets/%s/destroy/' % (node.id))
+ params = {'scrub_data': '1'}
+ res = self.connection.request('/droplets/%s/destroy/' % (node.id),
+ params=params)
return res.status == httplib.OK
def ex_list_ssh_keys(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apache-libcloud-0.13.2/libcloud/test/__init__.py
new/apache-libcloud-0.13.3/libcloud/test/__init__.py
--- old/apache-libcloud-0.13.2/libcloud/test/__init__.py 2013-09-15
17:40:04.000000000 +0200
+++ new/apache-libcloud-0.13.3/libcloud/test/__init__.py 2013-12-31
01:42:18.000000000 +0100
@@ -20,6 +20,7 @@
from libcloud.utils.py3 import StringIO
from libcloud.utils.py3 import urlparse
from libcloud.utils.py3 import parse_qs
+from libcloud.utils.py3 import parse_qsl
from libcloud.utils.py3 import u
from libcloud.utils.py3 import unittest2_required
@@ -218,6 +219,34 @@
def runTest(self):
pass
+ def assertUrlContainsQueryParams(self, url, expected_params, strict=False):
+ """
+ Assert that provided url contains provided query parameters.
+
+ :param url: URL to assert.
+ :type url: ``str``
+
+ :param expected_params: Dictionary of expected query parameters.
+ :type expected_params: ``dict``
+
+ :param strict: Assert that provided url contains only expected_params.
+ (defaults to ``False``)
+ :type strict: ``bool``
+ """
+ question_mark_index = url.find('?')
+
+ if question_mark_index != -1:
+ url = url[question_mark_index + 1:]
+
+ params = dict(parse_qsl(url))
+
+ if strict:
+ self.assertDictEqual(params, expected_params)
+ else:
+ for key, value in expected_params.items():
+ self.assertEqual(params[key], value)
+
+
class StorageMockHttp(MockHttp):
def putrequest(self, method, action):
pass
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apache-libcloud-0.13.2/libcloud/test/compute/test_digitalocean.py
new/apache-libcloud-0.13.3/libcloud/test/compute/test_digitalocean.py
--- old/apache-libcloud-0.13.2/libcloud/test/compute/test_digitalocean.py
2013-09-15 17:40:04.000000000 +0200
+++ new/apache-libcloud-0.13.3/libcloud/test/compute/test_digitalocean.py
2013-12-31 01:42:18.000000000 +0100
@@ -29,7 +29,7 @@
from libcloud.compute.drivers.digitalocean import DigitalOceanNodeDriver
from libcloud.compute.types import NodeState
-from libcloud.test import MockHttp
+from libcloud.test import MockHttpTestCase
from libcloud.test.compute import TestCaseMixin
from libcloud.test.file_fixtures import ComputeFileFixtures
from libcloud.test.secrets import DIGITAL_OCEAN_PARAMS
@@ -107,7 +107,7 @@
self.assertTrue(result)
-class DigitalOceanMockHttp(MockHttp):
+class DigitalOceanMockHttp(MockHttpTestCase):
fixtures = ComputeFileFixtures('digitalocean')
def _regions(self, method, url, body, headers):
@@ -133,6 +133,7 @@
def _droplets_119461_destroy(self, method, url, body, headers):
# destroy_node
+ self.assertUrlContainsQueryParams(url, {'scrub_data': '1'})
body = self.fixtures.load('destroy_node.json')
return (httplib.OK, body, {}, httplib.responses[httplib.OK])
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
