commit python-apache-libcloud for openSUSE:Factory

h_root Fri, 03 Jan 2014 05:51:13 -0800

Hello community,

here is the log from the commit of package python-apache-libcloud for 
openSUSE:Factory checked in at 2014-01-03 14:50:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-apache-libcloud (Old)
 and      /work/SRC/openSUSE:Factory/.python-apache-libcloud.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python-apache-libcloud"

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/python-apache-libcloud/python-apache-libcloud.changes
    2013-10-24 19:09:26.000000000 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-apache-libcloud.new/python-apache-libcloud.changes
       2014-01-03 14:50:35.000000000 +0100
@@ -1,0 +2,7 @@
+Thu Jan  2 19:52:40 UTC 2014 - abo...@gmail.com
+
+- Updated to 0.13.3
+- Security fix release, for destroying nodes on digitalOcean
+  'data_scrub' method is always invoked
+
+-------------------------------------------------------------------

Old:
----
  apache-libcloud-0.13.2.tar.bz2

New:
----
  apache-libcloud-0.13.3.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-apache-libcloud.spec ++++++
--- /var/tmp/diff_new_pack.U23uTr/_old  2014-01-03 14:50:36.000000000 +0100
+++ /var/tmp/diff_new_pack.U23uTr/_new  2014-01-03 14:50:36.000000000 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           python-apache-libcloud
-Version:        0.13.2
+Version:        0.13.3
 Release:        0
 Summary:        Abstract away differences among multiple cloud provider APIs
 License:        Apache-2.0

++++++ apache-libcloud-0.13.2.tar.bz2 -> apache-libcloud-0.13.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/apache-libcloud-0.13.2/CHANGES 
new/apache-libcloud-0.13.3/CHANGES
--- old/apache-libcloud-0.13.2/CHANGES  2013-09-15 17:40:43.000000000 +0200
+++ new/apache-libcloud-0.13.3/CHANGES  2013-12-31 13:11:47.000000000 +0100
@@ -1,5 +1,18 @@
                                    -*- coding: utf-8 -*-
 
+Changes with Apache Libcloud 0.13.3
+
+  *) Compute
+
+    - Send "scrub_data" query parameter when destroying a DigitalOcean node.
+      This will cause disk to be scrubbed (overwritten with 0's) when 
destroying
+      a node. (LIBCLOUD-487)
+
+      Note: This fixes a security issue with a potential leak of data contained
+      on the destroyed node which only affects users of the DigitalOcean 
driver.
+      (CVE-2013-6480)
+      [Tomaz Muraus]
+
 Changes with Apache Libcloud 0.13.2
 
   *) General
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/apache-libcloud-0.13.2/PKG-INFO 
new/apache-libcloud-0.13.3/PKG-INFO
--- old/apache-libcloud-0.13.2/PKG-INFO 2013-09-15 17:44:36.000000000 +0200
+++ new/apache-libcloud-0.13.3/PKG-INFO 2013-12-31 13:17:42.000000000 +0100
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: apache-libcloud
-Version: 0.13.2
+Version: 0.13.3
 Summary: A standard Python library that abstracts away differences among 
multiple cloud provider APIs. For more information and documentation, please 
see http://libcloud.apache.org
 Home-page: http://libcloud.apache.org/
 Author: Apache Software Foundation
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/apache-libcloud-0.13.2/libcloud/__init__.py 
new/apache-libcloud-0.13.3/libcloud/__init__.py
--- old/apache-libcloud-0.13.2/libcloud/__init__.py     2013-09-15 
17:40:43.000000000 +0200
+++ new/apache-libcloud-0.13.3/libcloud/__init__.py     2013-12-31 
01:42:18.000000000 +0100
@@ -20,7 +20,7 @@
 """
 
 __all__ = ['__version__', 'enable_debug']
-__version__ = '0.13.2'
+__version__ = '0.13.3'
 
 import os
 import atexit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/apache-libcloud-0.13.2/libcloud/compute/drivers/digitalocean.py 
new/apache-libcloud-0.13.3/libcloud/compute/drivers/digitalocean.py
--- old/apache-libcloud-0.13.2/libcloud/compute/drivers/digitalocean.py 
2013-09-15 17:40:43.000000000 +0200
+++ new/apache-libcloud-0.13.3/libcloud/compute/drivers/digitalocean.py 
2013-12-31 01:42:18.000000000 +0100
@@ -123,7 +123,9 @@
         return res.status == httplib.OK
 
     def destroy_node(self, node):
-        res = self.connection.request('/droplets/%s/destroy/' % (node.id))
+        params = {'scrub_data': '1'}
+        res = self.connection.request('/droplets/%s/destroy/' % (node.id),
+                                      params=params)
         return res.status == httplib.OK
 
     def ex_list_ssh_keys(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/apache-libcloud-0.13.2/libcloud/test/__init__.py 
new/apache-libcloud-0.13.3/libcloud/test/__init__.py
--- old/apache-libcloud-0.13.2/libcloud/test/__init__.py        2013-09-15 
17:40:04.000000000 +0200
+++ new/apache-libcloud-0.13.3/libcloud/test/__init__.py        2013-12-31 
01:42:18.000000000 +0100
@@ -20,6 +20,7 @@
 from libcloud.utils.py3 import StringIO
 from libcloud.utils.py3 import urlparse
 from libcloud.utils.py3 import parse_qs
+from libcloud.utils.py3 import parse_qsl
 from libcloud.utils.py3 import u
 from libcloud.utils.py3 import unittest2_required
 
@@ -218,6 +219,34 @@
     def runTest(self):
         pass
 
+    def assertUrlContainsQueryParams(self, url, expected_params, strict=False):
+        """
+        Assert that provided url contains provided query parameters.
+
+        :param url: URL to assert.
+        :type url: ``str``
+
+        :param expected_params: Dictionary of expected query parameters.
+        :type expected_params: ``dict``
+
+        :param strict: Assert that provided url contains only expected_params.
+                       (defaults to ``False``)
+        :type strict: ``bool``
+        """
+        question_mark_index = url.find('?')
+
+        if question_mark_index != -1:
+            url = url[question_mark_index + 1:]
+
+        params = dict(parse_qsl(url))
+
+        if strict:
+            self.assertDictEqual(params, expected_params)
+        else:
+            for key, value in expected_params.items():
+                self.assertEqual(params[key], value)
+
+
 class StorageMockHttp(MockHttp):
     def putrequest(self, method, action):
         pass
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/apache-libcloud-0.13.2/libcloud/test/compute/test_digitalocean.py 
new/apache-libcloud-0.13.3/libcloud/test/compute/test_digitalocean.py
--- old/apache-libcloud-0.13.2/libcloud/test/compute/test_digitalocean.py       
2013-09-15 17:40:04.000000000 +0200
+++ new/apache-libcloud-0.13.3/libcloud/test/compute/test_digitalocean.py       
2013-12-31 01:42:18.000000000 +0100
@@ -29,7 +29,7 @@
 from libcloud.compute.drivers.digitalocean import DigitalOceanNodeDriver
 from libcloud.compute.types import NodeState
 
-from libcloud.test import MockHttp
+from libcloud.test import MockHttpTestCase
 from libcloud.test.compute import TestCaseMixin
 from libcloud.test.file_fixtures import ComputeFileFixtures
 from libcloud.test.secrets import DIGITAL_OCEAN_PARAMS
@@ -107,7 +107,7 @@
         self.assertTrue(result)
 
 
-class DigitalOceanMockHttp(MockHttp):
+class DigitalOceanMockHttp(MockHttpTestCase):
     fixtures = ComputeFileFixtures('digitalocean')
 
     def _regions(self, method, url, body, headers):
@@ -133,6 +133,7 @@
 
     def _droplets_119461_destroy(self, method, url, body, headers):
         # destroy_node
+        self.assertUrlContainsQueryParams(url, {'scrub_data': '1'})
         body = self.fixtures.load('destroy_node.json')
         return (httplib.OK, body, {}, httplib.responses[httplib.OK])
 

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit python-apache-libcloud for openSUSE:Factory

Reply via email to