Hello community, here is the log from the commit of package python-apache-libcloud for openSUSE:Factory checked in at 2014-01-03 14:50:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-apache-libcloud (Old) and /work/SRC/openSUSE:Factory/.python-apache-libcloud.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-apache-libcloud" Changes: -------- --- /work/SRC/openSUSE:Factory/python-apache-libcloud/python-apache-libcloud.changes 2013-10-24 19:09:26.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python-apache-libcloud.new/python-apache-libcloud.changes 2014-01-03 14:50:35.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Jan 2 19:52:40 UTC 2014 - abo...@gmail.com + +- Updated to 0.13.3 +- Security fix release, for destroying nodes on digitalOcean + 'data_scrub' method is always invoked + +------------------------------------------------------------------- Old: ---- apache-libcloud-0.13.2.tar.bz2 New: ---- apache-libcloud-0.13.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-apache-libcloud.spec ++++++ --- /var/tmp/diff_new_pack.U23uTr/_old 2014-01-03 14:50:36.000000000 +0100 +++ /var/tmp/diff_new_pack.U23uTr/_new 2014-01-03 14:50:36.000000000 +0100 @@ -17,7 +17,7 @@ Name: python-apache-libcloud -Version: 0.13.2 +Version: 0.13.3 Release: 0 Summary: Abstract away differences among multiple cloud provider APIs License: Apache-2.0 ++++++ apache-libcloud-0.13.2.tar.bz2 -> apache-libcloud-0.13.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-libcloud-0.13.2/CHANGES new/apache-libcloud-0.13.3/CHANGES --- old/apache-libcloud-0.13.2/CHANGES 2013-09-15 17:40:43.000000000 +0200 +++ new/apache-libcloud-0.13.3/CHANGES 2013-12-31 13:11:47.000000000 +0100 @@ -1,5 +1,18 @@ -*- coding: utf-8 -*- +Changes with Apache Libcloud 0.13.3 + + *) Compute + + - Send "scrub_data" query parameter when destroying a DigitalOcean node. + This will cause disk to be scrubbed (overwritten with 0's) when destroying + a node. (LIBCLOUD-487) + + Note: This fixes a security issue with a potential leak of data contained + on the destroyed node which only affects users of the DigitalOcean driver. + (CVE-2013-6480) + [Tomaz Muraus] + Changes with Apache Libcloud 0.13.2 *) General diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-libcloud-0.13.2/PKG-INFO new/apache-libcloud-0.13.3/PKG-INFO --- old/apache-libcloud-0.13.2/PKG-INFO 2013-09-15 17:44:36.000000000 +0200 +++ new/apache-libcloud-0.13.3/PKG-INFO 2013-12-31 13:17:42.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: apache-libcloud -Version: 0.13.2 +Version: 0.13.3 Summary: A standard Python library that abstracts away differences among multiple cloud provider APIs. For more information and documentation, please see http://libcloud.apache.org Home-page: http://libcloud.apache.org/ Author: Apache Software Foundation diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-libcloud-0.13.2/libcloud/__init__.py new/apache-libcloud-0.13.3/libcloud/__init__.py --- old/apache-libcloud-0.13.2/libcloud/__init__.py 2013-09-15 17:40:43.000000000 +0200 +++ new/apache-libcloud-0.13.3/libcloud/__init__.py 2013-12-31 01:42:18.000000000 +0100 @@ -20,7 +20,7 @@ """ __all__ = ['__version__', 'enable_debug'] -__version__ = '0.13.2' +__version__ = '0.13.3' import os import atexit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-libcloud-0.13.2/libcloud/compute/drivers/digitalocean.py new/apache-libcloud-0.13.3/libcloud/compute/drivers/digitalocean.py --- old/apache-libcloud-0.13.2/libcloud/compute/drivers/digitalocean.py 2013-09-15 17:40:43.000000000 +0200 +++ new/apache-libcloud-0.13.3/libcloud/compute/drivers/digitalocean.py 2013-12-31 01:42:18.000000000 +0100 @@ -123,7 +123,9 @@ return res.status == httplib.OK def destroy_node(self, node): - res = self.connection.request('/droplets/%s/destroy/' % (node.id)) + params = {'scrub_data': '1'} + res = self.connection.request('/droplets/%s/destroy/' % (node.id), + params=params) return res.status == httplib.OK def ex_list_ssh_keys(self): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-libcloud-0.13.2/libcloud/test/__init__.py new/apache-libcloud-0.13.3/libcloud/test/__init__.py --- old/apache-libcloud-0.13.2/libcloud/test/__init__.py 2013-09-15 17:40:04.000000000 +0200 +++ new/apache-libcloud-0.13.3/libcloud/test/__init__.py 2013-12-31 01:42:18.000000000 +0100 @@ -20,6 +20,7 @@ from libcloud.utils.py3 import StringIO from libcloud.utils.py3 import urlparse from libcloud.utils.py3 import parse_qs +from libcloud.utils.py3 import parse_qsl from libcloud.utils.py3 import u from libcloud.utils.py3 import unittest2_required @@ -218,6 +219,34 @@ def runTest(self): pass + def assertUrlContainsQueryParams(self, url, expected_params, strict=False): + """ + Assert that provided url contains provided query parameters. + + :param url: URL to assert. + :type url: ``str`` + + :param expected_params: Dictionary of expected query parameters. + :type expected_params: ``dict`` + + :param strict: Assert that provided url contains only expected_params. + (defaults to ``False``) + :type strict: ``bool`` + """ + question_mark_index = url.find('?') + + if question_mark_index != -1: + url = url[question_mark_index + 1:] + + params = dict(parse_qsl(url)) + + if strict: + self.assertDictEqual(params, expected_params) + else: + for key, value in expected_params.items(): + self.assertEqual(params[key], value) + + class StorageMockHttp(MockHttp): def putrequest(self, method, action): pass diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-libcloud-0.13.2/libcloud/test/compute/test_digitalocean.py new/apache-libcloud-0.13.3/libcloud/test/compute/test_digitalocean.py --- old/apache-libcloud-0.13.2/libcloud/test/compute/test_digitalocean.py 2013-09-15 17:40:04.000000000 +0200 +++ new/apache-libcloud-0.13.3/libcloud/test/compute/test_digitalocean.py 2013-12-31 01:42:18.000000000 +0100 @@ -29,7 +29,7 @@ from libcloud.compute.drivers.digitalocean import DigitalOceanNodeDriver from libcloud.compute.types import NodeState -from libcloud.test import MockHttp +from libcloud.test import MockHttpTestCase from libcloud.test.compute import TestCaseMixin from libcloud.test.file_fixtures import ComputeFileFixtures from libcloud.test.secrets import DIGITAL_OCEAN_PARAMS @@ -107,7 +107,7 @@ self.assertTrue(result) -class DigitalOceanMockHttp(MockHttp): +class DigitalOceanMockHttp(MockHttpTestCase): fixtures = ComputeFileFixtures('digitalocean') def _regions(self, method, url, body, headers): @@ -133,6 +133,7 @@ def _droplets_119461_destroy(self, method, url, body, headers): # destroy_node + self.assertUrlContainsQueryParams(url, {'scrub_data': '1'}) body = self.fixtures.load('destroy_node.json') return (httplib.OK, body, {}, httplib.responses[httplib.OK]) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org