Hello community, here is the log from the commit of package openstack-glance for openSUSE:Factory checked in at 2013-03-25 20:39:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openstack-glance (Old) and /work/SRC/openSUSE:Factory/.openstack-glance.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-glance", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/openstack-glance/openstack-glance.changes 2013-03-08 09:28:49.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openstack-glance.new/openstack-glance.changes 2013-03-25 20:41:36.000000000 +0100 @@ -1,0 +2,17 @@ +Thu Mar 14 20:23:37 UTC 2013 - [email protected] + +- Update to version 2012.2.4+git.1363292617.dd849a9: + + Do not return location in headers (CVE-2013-1840) +- This fixes bnc#808626. + +-------------------------------------------------------------------- +Tue Mar 12 09:06:56 UTC 2013 - [email protected] + +- Update to version 2012.2.4+git.1363079216.04f88c8: + + Clean dangling image fragments in filesystem store + + Wait in TestBinGlance.test_update_copying_from until image is active + + Fixes deletion of invalid image member +- Drop glance-test_bin_glance-fail-on-slow-machines.patch: fixed + upstream. + +-------------------------------------------------------------------- Old: ---- glance-test_bin_glance-fail-on-slow-machines.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-glance-doc.spec ++++++ --- /var/tmp/diff_new_pack.McmIkZ/_old 2013-03-25 20:41:39.000000000 +0100 +++ /var/tmp/diff_new_pack.McmIkZ/_new 2013-03-25 20:41:39.000000000 +0100 @@ -19,7 +19,7 @@ %define component glance Name: openstack-%{component}-doc -Version: 2012.2.4+git.1362583521.1fb759d +Version: 2012.2.4+git.1363292617.dd849a9 Release: 1 License: Apache-2.0 Summary: OpenStack Image Service (Glance) - Documentation ++++++ openstack-glance.spec ++++++ --- /var/tmp/diff_new_pack.McmIkZ/_old 2013-03-25 20:41:39.000000000 +0100 +++ /var/tmp/diff_new_pack.McmIkZ/_new 2013-03-25 20:41:39.000000000 +0100 @@ -22,7 +22,7 @@ %define username openstack-%{component} Name: openstack-%{component} -Version: 2012.2.4+git.1362583521.1fb759d +Version: 2012.2.4+git.1363292617.dd849a9 Release: 1 License: Apache-2.0 Summary: OpenStack Image Service (Glance) @@ -42,8 +42,6 @@ Patch3: glance-webob-requestbodyfileget.patch # PATCH-FIX-UPSTREAM: [email protected] -- Backport of https://review.openstack.org/#/c/18036/ Patch4: glance-webob12b1-putrequest.patch -# PATCH-FIX-UPSTREAM: [email protected] -- Backport of https://review.openstack.org/#/c/19195/ -Patch5: glance-test_bin_glance-fail-on-slow-machines.patch # PATCH-FIX-UPSTREAM: [email protected] -- Backport of https://review.openstack.org/#/c/19380/ Patch6: glance-default-signing_dir.patch BuildRequires: apache2 @@ -143,7 +141,6 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 %patch6 -p1 %openstack_cleanup_prep sed -i "s|^#!.*||" tools/migrate_image_owners.py # Fix non-executable script warning ++++++ glance-stable-folsom.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/ChangeLog new/glance-2012.2.4/ChangeLog --- old/glance-2012.2.4/ChangeLog 2013-03-06 04:20:59.000000000 +0100 +++ new/glance-2012.2.4/ChangeLog 2013-03-14 18:51:32.000000000 +0100 @@ -1,3 +1,49 @@ +commit dd849a9be540bedd4fd904cc0b86ccd9c3e34af2 +Author: Stuart McLaren <[email protected]> +Date: Thu Mar 14 13:43:36 2013 +0000 + + Do not return location in headers + + In some cases credentials were being leaked when downloading a cached + v1 image. + + Fixes bug 1135541, CVE-2013-1840 + + Change-Id: I3ec0a8f484fe1bdc32c3c56fce810fcef347a7f6 + + glance/api/middleware/cache.py | 3 +++ + 1 file changed, 3 insertions(+) + +commit 04f88c8d563ef1330d19679e8305ac6e107228f6 +Author: Unmesh Gurjar <[email protected]> +Date: Tue Oct 9 03:06:00 2012 -0700 + + Fixes deletion of invalid image member + + This fixes the 500 error on deleting an invalid/non-member tenant of an image. + + Fixes LP: #1060868 + + Change-Id: I5a2dc56690d7525127be1a8843004d075a3fe5bb + + glance/registry/api/v1/members.py | 19 +++++++++++-------- + glance/tests/unit/v1/test_api.py | 13 +++++++++++++ + 2 files changed, 24 insertions(+), 8 deletions(-) + +commit 90ddf72d2d01967269f8673fcf170b511ebfb11a +Merge: 9e88df1 5597697 +Author: Jenkins <[email protected]> +Date: Thu Mar 7 17:57:08 2013 +0000 + + Merge "Wait in TestBinGlance.test_update_copying_from until image is active" into stable/folsom + +commit 9e88df1c9209204c8417064655b3b89db50ccc27 +Merge: 1fb759d 5183360 +Author: Jenkins <[email protected]> +Date: Thu Mar 7 17:57:04 2013 +0000 + + Merge "Clean dangling image fragments in filesystem store" into stable/folsom + commit 1fb759d3d2b20b6c04bd3d2c76aa6c9547a1f360 Merge: f5c0222 03dc862 Author: Jenkins <[email protected]> @@ -46,6 +92,22 @@ glance/tests/unit/v2/test_images_resource.py | 2 -- 1 file changed, 2 deletions(-) +commit 55976974cc5e10ccc3ea736b869aaf2dbd390024 +Author: Sascha Peilicke <[email protected]> +Date: Tue Jan 8 13:47:31 2013 +0100 + + Wait in TestBinGlance.test_update_copying_from until image is active + + Test randomly fails on slow machines, the updated image is still + in 'Status: saving' while 'Status: active' is expected. So loop around + the "glance show" command until the image leaves the 'saving' state + (bug 1107768). + + Change-Id: I908069b35079dcc8ccd25acb3ebc74fe43f9d524 + + glance/tests/functional/test_bin_glance.py | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + commit 12d28c36983ee066a1b62fc66f9fc396a1405fa7 Author: Eoghan Glynn <[email protected]> Date: Tue Feb 19 11:36:38 2013 +0000 @@ -68,6 +130,24 @@ bin/glance-cache-manage | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) +commit 5183360f4c308131adde13535af0f11ccd3b1462 +Author: Eoghan Glynn <[email protected]> +Date: Fri Jan 25 13:18:58 2013 +0000 + + Clean dangling image fragments in filesystem store + + Fixes bug LP 1104924 + + Previously when a PUT or POST of image content was terminated + prematurely by the client, the partially saved image file was + left behind in the data directory. + + Change-Id: Id601816735e4138cd7623dad4d90be67448292c8 + + glance/store/filesystem.py | 28 ++++++++----- + glance/tests/unit/test_filesystem_store.py | 63 +++++++++++++++++++++------- + 2 files changed, 66 insertions(+), 25 deletions(-) + commit 03dc862281feb2124368bcaa4fa766ba0ce99a14 Author: Eoghan Glynn <[email protected]> Date: Mon Feb 11 18:43:18 2013 +0000 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/api/middleware/cache.py new/glance-2012.2.4/glance/api/middleware/cache.py --- old/glance-2012.2.4/glance/api/middleware/cache.py 2013-03-06 04:18:30.000000000 +0100 +++ new/glance-2012.2.4/glance/api/middleware/cache.py 2013-03-14 18:47:35.000000000 +0100 @@ -111,6 +111,9 @@ def _process_v1_request(self, request, image_id, image_iterator): image_meta = registry.get_image_metadata(request.context, image_id) + # Don't display location + if 'location' in image_meta: + del image_meta['location'] if not image_meta['size']: # override image size metadata with the actual cached diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/registry/api/v1/members.py new/glance-2012.2.4/glance/registry/api/v1/members.py --- old/glance-2012.2.4/glance/registry/api/v1/members.py 2013-03-06 04:18:30.000000000 +0100 +++ new/glance-2012.2.4/glance/registry/api/v1/members.py 2013-03-14 18:47:35.000000000 +0100 @@ -274,17 +274,20 @@ raise webob.exc.HTTPForbidden(msg) # Look up an existing membership - try: - session = self.db_api.get_session() - members = self.db_api.image_member_find(req.context, - image_id=image_id, - member=id, - session=session) + session = self.db_api.get_session() + members = self.db_api.image_member_find(req.context, + image_id=image_id, + member=id, + session=session) + if members: self.db_api.image_member_delete(req.context, members[0], session=session) - except exception.NotFound: - pass + else: + msg = _("%(id)s is not a member of image %(image_id)s") + LOG.debug(msg % locals()) + msg = _("Membership could not be found.") + raise webob.exc.HTTPNotFound(explanation=msg) # Make an appropriate result msg = _("Successfully deleted a membership from image %(id)s") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/store/filesystem.py new/glance-2012.2.4/glance/store/filesystem.py --- old/glance-2012.2.4/glance/store/filesystem.py 2013-03-06 04:18:30.000000000 +0100 +++ new/glance-2012.2.4/glance/store/filesystem.py 2013-03-14 18:47:35.000000000 +0100 @@ -209,20 +209,26 @@ checksum.update(buf) f.write(buf) except IOError as e: - if e.errno in [errno.EFBIG, errno.ENOSPC]: - try: - os.unlink(filepath) - except Exception: - msg = _('Unable to remove partial image data for image %s') - LOG.error(msg % image_id) - raise exception.StorageFull() - elif e.errno == errno.EACCES: - raise exception.StorageWriteDenied() - else: - raise + if e.errno != errno.EACCES: + self._delete_partial(filepath, image_id) + exceptions = {errno.EFBIG: exception.StorageFull(), + errno.ENOSPC: exception.StorageFull(), + errno.EACCES: exception.StorageWriteDenied()} + raise exceptions.get(e.errno, e) + except: + self._delete_partial(filepath, image_id) + raise checksum_hex = checksum.hexdigest() LOG.debug(_("Wrote %(bytes_written)d bytes to %(filepath)s with " "checksum %(checksum_hex)s") % locals()) return ('file://%s' % filepath, bytes_written, checksum_hex) + + @staticmethod + def _delete_partial(filepath, id): + try: + os.unlink(filepath) + except Exception as e: + msg = _('Unable to remove partial image data for image %s: %s') + LOG.error(msg % (id, e)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/tests/functional/test_bin_glance.py new/glance-2012.2.4/glance/tests/functional/test_bin_glance.py --- old/glance-2012.2.4/glance/tests/functional/test_bin_glance.py 2013-03-06 04:18:30.000000000 +0100 +++ new/glance-2012.2.4/glance/tests/functional/test_bin_glance.py 2013-03-14 18:47:35.000000000 +0100 @@ -291,10 +291,6 @@ # 3. Verify image is now active and of the correct size cmd = "bin/glance --port=%d show %s" % (api_port, image_id) - exitcode, out, err = execute(cmd) - - self.assertEqual(0, exitcode) - expected_lines = [ 'URI: http://0.0.0.0:%s/v1/images/%s' % (api_port, image_id), 'Id: %s' % image_id, @@ -307,7 +303,19 @@ 'Minimum Ram Required (MB): 0', 'Minimum Disk Required (GB): 0', ] - lines = out.split("\n") + + for _ in range(0, 9): + exitcode, out, err = execute(cmd) + self.assertEqual(0, exitcode) + lines = out.split("\n") + + if "Status: active" in lines: + break + + # Yeah. This totally isn't a race condition. Randomly fails + # with 'Status: saving' if we didn't wait long enough + time.sleep(0.10) + self.assertTrue(set(lines) >= set(expected_lines)) self.stop_servers() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/tests/unit/test_filesystem_store.py new/glance-2012.2.4/glance/tests/unit/test_filesystem_store.py --- old/glance-2012.2.4/glance/tests/unit/test_filesystem_store.py 2013-03-06 04:18:30.000000000 +0100 +++ new/glance-2012.2.4/glance/tests/unit/test_filesystem_store.py 2013-03-14 18:47:35.000000000 +0100 @@ -17,10 +17,14 @@ """Tests the filesystem backend store""" +import __builtin__ import errno import hashlib +import os import StringIO +import mox + from glance.common import exception from glance.common import utils from glance.store.filesystem import Store, ChunkedFile @@ -132,51 +136,82 @@ self.store.add, image_id, image_file, 0) - def _do_test_add_failure(self, errno, exception): + def _do_test_add_write_failure(self, errno, exception): ChunkedFile.CHUNKSIZE = 1024 image_id = utils.generate_uuid() file_size = 1024 * 5 # 5K file_contents = "*" * file_size + path = os.path.join(self.test_dir, image_id) location = "file://%s/%s" % (self.test_dir, image_id) image_file = StringIO.StringIO(file_contents) - def fake_IO_Error(size): - e = IOError() - e.errno = errno - raise e - - self.stubs.Set(image_file, 'read', fake_IO_Error) - self.assertRaises(exception, - self.store.add, - image_id, image_file, 0) + m = mox.Mox() + m.StubOutWithMock(__builtin__, 'open') + e = IOError() + e.errno = errno + open(path, 'wb').AndRaise(e) + m.ReplayAll() + + try: + self.assertRaises(exception, + self.store.add, + image_id, image_file, 0) + self.assertFalse(os.path.exists(path)) + finally: + m.VerifyAll() + m.UnsetStubs() def test_add_storage_full(self): """ Tests that adding an image without enough space on disk raises an appropriate exception """ - self._do_test_add_failure(errno.ENOSPC, exception.StorageFull) + self._do_test_add_write_failure(errno.ENOSPC, exception.StorageFull) def test_add_file_too_big(self): """ Tests that adding an excessively large image file raises an appropriate exception """ - self._do_test_add_failure(errno.EFBIG, exception.StorageFull) + self._do_test_add_write_failure(errno.EFBIG, exception.StorageFull) def test_add_storage_write_denied(self): """ Tests that adding an image with insufficient filestore permissions raises an appropriate exception """ - self._do_test_add_failure(errno.EACCES, exception.StorageWriteDenied) + self._do_test_add_write_failure(errno.EACCES, + exception.StorageWriteDenied) def test_add_other_failure(self): """ Tests that a non-space-related IOError does not raise a StorageFull exception. """ - self._do_test_add_failure(errno.ENOTDIR, IOError) + self._do_test_add_write_failure(errno.ENOTDIR, IOError) + + def test_add_cleanup_on_read_failure(self): + """ + Tests the partial image file is cleaned up after a read + failure. + """ + ChunkedFile.CHUNKSIZE = 1024 + image_id = utils.generate_uuid() + file_size = 1024 * 5 # 5K + file_contents = "*" * file_size + path = os.path.join(self.test_dir, image_id) + location = "file://%s/%s" % (self.test_dir, image_id) + image_file = StringIO.StringIO(file_contents) + + def fake_Error(size): + raise AttributeError() + + self.stubs.Set(image_file, 'read', fake_Error) + + self.assertRaises(AttributeError, + self.store.add, + image_id, image_file, 0) + self.assertFalse(os.path.exists(path)) def test_delete(self): """ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/tests/unit/v1/test_api.py new/glance-2012.2.4/glance/tests/unit/v1/test_api.py --- old/glance-2012.2.4/glance/tests/unit/v1/test_api.py 2013-03-06 04:18:30.000000000 +0100 +++ new/glance-2012.2.4/glance/tests/unit/v1/test_api.py 2013-03-14 18:47:35.000000000 +0100 @@ -1905,6 +1905,19 @@ res = req.get_response(self.api) self.assertEquals(res.status_int, webob.exc.HTTPUnauthorized.code) + def test_delete_member_invalid(self): + """ + Tests deleting a invalid/non existing member raises right exception + """ + self.api = test_utils.FakeAuthMiddleware(rserver.API(self.mapper), + is_admin=True) + req = webob.Request.blank('/images/%s/members/pattieblack' % UUID2) + req.method = 'DELETE' + + res = req.get_response(self.api) + self.assertEquals(res.status_int, webob.exc.HTTPNotFound.code) + self.assertTrue('Membership could not be found' in res.body) + class TestGlanceAPI(base.IsolatedUnitTest): def setUp(self): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/versioninfo new/glance-2012.2.4/glance/versioninfo --- old/glance-2012.2.4/glance/versioninfo 2013-03-06 04:20:58.000000000 +0100 +++ new/glance-2012.2.4/glance/versioninfo 2013-03-14 18:51:30.000000000 +0100 @@ -1 +1 @@ -2012.2.4~20130306.7.g1fb759d +2012.2.4~20130314.13.gdd849a9 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
