Hello community,
here is the log from the commit of package openstack-glance for openSUSE:Factory checked in at 2013-03-25 20:39:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openstack-glance (Old)
and /work/SRC/openSUSE:Factory/.openstack-glance.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-glance", Maintainer is "radmanic@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openstack-glance/openstack-glance.changes 2013-03-08 09:28:49.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.openstack-glance.new/openstack-glance.changes 2013-03-25 20:41:36.000000000 +0100
@@ -1,0 +2,17 @@
+Thu Mar 14 20:23:37 UTC 2013 - vuntz@suse.com
+
+- Update to version 2012.2.4+git.1363292617.dd849a9:
+ + Do not return location in headers (CVE-2013-1840)
+- This fixes bnc#808626.
+
+--------------------------------------------------------------------
+Tue Mar 12 09:06:56 UTC 2013 - vuntz@suse.com
+
+- Update to version 2012.2.4+git.1363079216.04f88c8:
+ + Clean dangling image fragments in filesystem store
+ + Wait in TestBinGlance.test_update_copying_from until image is active
+ + Fixes deletion of invalid image member
+- Drop glance-test_bin_glance-fail-on-slow-machines.patch: fixed
+ upstream.
+
+--------------------------------------------------------------------
Old:
----
glance-test_bin_glance-fail-on-slow-machines.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openstack-glance-doc.spec ++++++
--- /var/tmp/diff_new_pack.McmIkZ/_old 2013-03-25 20:41:39.000000000 +0100
+++ /var/tmp/diff_new_pack.McmIkZ/_new 2013-03-25 20:41:39.000000000 +0100
@@ -19,7 +19,7 @@
%define component glance
Name: openstack-%{component}-doc
-Version: 2012.2.4+git.1362583521.1fb759d
+Version: 2012.2.4+git.1363292617.dd849a9
Release: 1
License: Apache-2.0
Summary: OpenStack Image Service (Glance) - Documentation
++++++ openstack-glance.spec ++++++
--- /var/tmp/diff_new_pack.McmIkZ/_old 2013-03-25 20:41:39.000000000 +0100
+++ /var/tmp/diff_new_pack.McmIkZ/_new 2013-03-25 20:41:39.000000000 +0100
@@ -22,7 +22,7 @@
%define username openstack-%{component}
Name: openstack-%{component}
-Version: 2012.2.4+git.1362583521.1fb759d
+Version: 2012.2.4+git.1363292617.dd849a9
Release: 1
License: Apache-2.0
Summary: OpenStack Image Service (Glance)
@@ -42,8 +42,6 @@
Patch3: glance-webob-requestbodyfileget.patch
# PATCH-FIX-UPSTREAM: saschpe@suse.de -- Backport of https://review.openstack.org/#/c/18036/
Patch4: glance-webob12b1-putrequest.patch
-# PATCH-FIX-UPSTREAM: saschpe@suse.de -- Backport of https://review.openstack.org/#/c/19195/
-Patch5: glance-test_bin_glance-fail-on-slow-machines.patch
# PATCH-FIX-UPSTREAM: saschpe@suse.de -- Backport of https://review.openstack.org/#/c/19380/
Patch6: glance-default-signing_dir.patch
BuildRequires: apache2
@@ -143,7 +141,6 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
-%patch5 -p1
%patch6 -p1
%openstack_cleanup_prep
sed -i "s|^#!.*||" tools/migrate_image_owners.py # Fix non-executable script warning
++++++ glance-stable-folsom.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/ChangeLog new/glance-2012.2.4/ChangeLog
--- old/glance-2012.2.4/ChangeLog 2013-03-06 04:20:59.000000000 +0100
+++ new/glance-2012.2.4/ChangeLog 2013-03-14 18:51:32.000000000 +0100
@@ -1,3 +1,49 @@
+commit dd849a9be540bedd4fd904cc0b86ccd9c3e34af2
+Author: Stuart McLaren
+Date: Thu Mar 14 13:43:36 2013 +0000
+
+ Do not return location in headers
+
+ In some cases credentials were being leaked when downloading a cached
+ v1 image.
+
+ Fixes bug 1135541, CVE-2013-1840
+
+ Change-Id: I3ec0a8f484fe1bdc32c3c56fce810fcef347a7f6
+
+ glance/api/middleware/cache.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+commit 04f88c8d563ef1330d19679e8305ac6e107228f6
+Author: Unmesh Gurjar
+Date: Tue Oct 9 03:06:00 2012 -0700
+
+ Fixes deletion of invalid image member
+
+ This fixes the 500 error on deleting an invalid/non-member tenant of an image.
+
+ Fixes LP: #1060868
+
+ Change-Id: I5a2dc56690d7525127be1a8843004d075a3fe5bb
+
+ glance/registry/api/v1/members.py | 19 +++++++++++--------
+ glance/tests/unit/v1/test_api.py | 13 +++++++++++++
+ 2 files changed, 24 insertions(+), 8 deletions(-)
+
+commit 90ddf72d2d01967269f8673fcf170b511ebfb11a
+Merge: 9e88df1 5597697
+Author: Jenkins
+Date: Thu Mar 7 17:57:08 2013 +0000
+
+ Merge "Wait in TestBinGlance.test_update_copying_from until image is active" into stable/folsom
+
+commit 9e88df1c9209204c8417064655b3b89db50ccc27
+Merge: 1fb759d 5183360
+Author: Jenkins
+Date: Thu Mar 7 17:57:04 2013 +0000
+
+ Merge "Clean dangling image fragments in filesystem store" into stable/folsom
+
commit 1fb759d3d2b20b6c04bd3d2c76aa6c9547a1f360
Merge: f5c0222 03dc862
Author: Jenkins
@@ -46,6 +92,22 @@
glance/tests/unit/v2/test_images_resource.py | 2 --
1 file changed, 2 deletions(-)
+commit 55976974cc5e10ccc3ea736b869aaf2dbd390024
+Author: Sascha Peilicke
+Date: Tue Jan 8 13:47:31 2013 +0100
+
+ Wait in TestBinGlance.test_update_copying_from until image is active
+
+ Test randomly fails on slow machines, the updated image is still
+ in 'Status: saving' while 'Status: active' is expected. So loop around
+ the "glance show" command until the image leaves the 'saving' state
+ (bug 1107768).
+
+ Change-Id: I908069b35079dcc8ccd25acb3ebc74fe43f9d524
+
+ glance/tests/functional/test_bin_glance.py | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
commit 12d28c36983ee066a1b62fc66f9fc396a1405fa7
Author: Eoghan Glynn
Date: Tue Feb 19 11:36:38 2013 +0000
@@ -68,6 +130,24 @@
bin/glance-cache-manage | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
+commit 5183360f4c308131adde13535af0f11ccd3b1462
+Author: Eoghan Glynn
+Date: Fri Jan 25 13:18:58 2013 +0000
+
+ Clean dangling image fragments in filesystem store
+
+ Fixes bug LP 1104924
+
+ Previously when a PUT or POST of image content was terminated
+ prematurely by the client, the partially saved image file was
+ left behind in the data directory.
+
+ Change-Id: Id601816735e4138cd7623dad4d90be67448292c8
+
+ glance/store/filesystem.py | 28 ++++++++-----
+ glance/tests/unit/test_filesystem_store.py | 63 +++++++++++++++++++++-------
+ 2 files changed, 66 insertions(+), 25 deletions(-)
+
commit 03dc862281feb2124368bcaa4fa766ba0ce99a14
Author: Eoghan Glynn
Date: Mon Feb 11 18:43:18 2013 +0000
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/api/middleware/cache.py new/glance-2012.2.4/glance/api/middleware/cache.py
--- old/glance-2012.2.4/glance/api/middleware/cache.py 2013-03-06 04:18:30.000000000 +0100
+++ new/glance-2012.2.4/glance/api/middleware/cache.py 2013-03-14 18:47:35.000000000 +0100
@@ -111,6 +111,9 @@
def _process_v1_request(self, request, image_id, image_iterator):
image_meta = registry.get_image_metadata(request.context, image_id)
+ # Don't display location
+ if 'location' in image_meta:
+ del image_meta['location']
if not image_meta['size']:
# override image size metadata with the actual cached
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/registry/api/v1/members.py new/glance-2012.2.4/glance/registry/api/v1/members.py
--- old/glance-2012.2.4/glance/registry/api/v1/members.py 2013-03-06 04:18:30.000000000 +0100
+++ new/glance-2012.2.4/glance/registry/api/v1/members.py 2013-03-14 18:47:35.000000000 +0100
@@ -274,17 +274,20 @@
raise webob.exc.HTTPForbidden(msg)
# Look up an existing membership
- try:
- session = self.db_api.get_session()
- members = self.db_api.image_member_find(req.context,
- image_id=image_id,
- member=id,
- session=session)
+ session = self.db_api.get_session()
+ members = self.db_api.image_member_find(req.context,
+ image_id=image_id,
+ member=id,
+ session=session)
+ if members:
self.db_api.image_member_delete(req.context,
members[0],
session=session)
- except exception.NotFound:
- pass
+ else:
+ msg = _("%(id)s is not a member of image %(image_id)s")
+ LOG.debug(msg % locals())
+ msg = _("Membership could not be found.")
+ raise webob.exc.HTTPNotFound(explanation=msg)
# Make an appropriate result
msg = _("Successfully deleted a membership from image %(id)s")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/store/filesystem.py new/glance-2012.2.4/glance/store/filesystem.py
--- old/glance-2012.2.4/glance/store/filesystem.py 2013-03-06 04:18:30.000000000 +0100
+++ new/glance-2012.2.4/glance/store/filesystem.py 2013-03-14 18:47:35.000000000 +0100
@@ -209,20 +209,26 @@
checksum.update(buf)
f.write(buf)
except IOError as e:
- if e.errno in [errno.EFBIG, errno.ENOSPC]:
- try:
- os.unlink(filepath)
- except Exception:
- msg = _('Unable to remove partial image data for image %s')
- LOG.error(msg % image_id)
- raise exception.StorageFull()
- elif e.errno == errno.EACCES:
- raise exception.StorageWriteDenied()
- else:
- raise
+ if e.errno != errno.EACCES:
+ self._delete_partial(filepath, image_id)
+ exceptions = {errno.EFBIG: exception.StorageFull(),
+ errno.ENOSPC: exception.StorageFull(),
+ errno.EACCES: exception.StorageWriteDenied()}
+ raise exceptions.get(e.errno, e)
+ except:
+ self._delete_partial(filepath, image_id)
+ raise
checksum_hex = checksum.hexdigest()
LOG.debug(_("Wrote %(bytes_written)d bytes to %(filepath)s with "
"checksum %(checksum_hex)s") % locals())
return ('file://%s' % filepath, bytes_written, checksum_hex)
+
+ @staticmethod
+ def _delete_partial(filepath, id):
+ try:
+ os.unlink(filepath)
+ except Exception as e:
+ msg = _('Unable to remove partial image data for image %s: %s')
+ LOG.error(msg % (id, e))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/tests/functional/test_bin_glance.py new/glance-2012.2.4/glance/tests/functional/test_bin_glance.py
--- old/glance-2012.2.4/glance/tests/functional/test_bin_glance.py 2013-03-06 04:18:30.000000000 +0100
+++ new/glance-2012.2.4/glance/tests/functional/test_bin_glance.py 2013-03-14 18:47:35.000000000 +0100
@@ -291,10 +291,6 @@
# 3. Verify image is now active and of the correct size
cmd = "bin/glance --port=%d show %s" % (api_port, image_id)
- exitcode, out, err = execute(cmd)
-
- self.assertEqual(0, exitcode)
-
expected_lines = [
'URI: http://0.0.0.0:%s/v1/images/%s' % (api_port, image_id),
'Id: %s' % image_id,
@@ -307,7 +303,19 @@
'Minimum Ram Required (MB): 0',
'Minimum Disk Required (GB): 0',
]
- lines = out.split("\n")
+
+ for _ in range(0, 9):
+ exitcode, out, err = execute(cmd)
+ self.assertEqual(0, exitcode)
+ lines = out.split("\n")
+
+ if "Status: active" in lines:
+ break
+
+ # Yeah. This totally isn't a race condition. Randomly fails
+ # with 'Status: saving' if we didn't wait long enough
+ time.sleep(0.10)
+
self.assertTrue(set(lines) >= set(expected_lines))
self.stop_servers()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/tests/unit/test_filesystem_store.py new/glance-2012.2.4/glance/tests/unit/test_filesystem_store.py
--- old/glance-2012.2.4/glance/tests/unit/test_filesystem_store.py 2013-03-06 04:18:30.000000000 +0100
+++ new/glance-2012.2.4/glance/tests/unit/test_filesystem_store.py 2013-03-14 18:47:35.000000000 +0100
@@ -17,10 +17,14 @@
"""Tests the filesystem backend store"""
+import __builtin__
import errno
import hashlib
+import os
import StringIO
+import mox
+
from glance.common import exception
from glance.common import utils
from glance.store.filesystem import Store, ChunkedFile
@@ -132,51 +136,82 @@
self.store.add,
image_id, image_file, 0)
- def _do_test_add_failure(self, errno, exception):
+ def _do_test_add_write_failure(self, errno, exception):
ChunkedFile.CHUNKSIZE = 1024
image_id = utils.generate_uuid()
file_size = 1024 * 5 # 5K
file_contents = "*" * file_size
+ path = os.path.join(self.test_dir, image_id)
location = "file://%s/%s" % (self.test_dir, image_id)
image_file = StringIO.StringIO(file_contents)
- def fake_IO_Error(size):
- e = IOError()
- e.errno = errno
- raise e
-
- self.stubs.Set(image_file, 'read', fake_IO_Error)
- self.assertRaises(exception,
- self.store.add,
- image_id, image_file, 0)
+ m = mox.Mox()
+ m.StubOutWithMock(__builtin__, 'open')
+ e = IOError()
+ e.errno = errno
+ open(path, 'wb').AndRaise(e)
+ m.ReplayAll()
+
+ try:
+ self.assertRaises(exception,
+ self.store.add,
+ image_id, image_file, 0)
+ self.assertFalse(os.path.exists(path))
+ finally:
+ m.VerifyAll()
+ m.UnsetStubs()
def test_add_storage_full(self):
"""
Tests that adding an image without enough space on disk
raises an appropriate exception
"""
- self._do_test_add_failure(errno.ENOSPC, exception.StorageFull)
+ self._do_test_add_write_failure(errno.ENOSPC, exception.StorageFull)
def test_add_file_too_big(self):
"""
Tests that adding an excessively large image file
raises an appropriate exception
"""
- self._do_test_add_failure(errno.EFBIG, exception.StorageFull)
+ self._do_test_add_write_failure(errno.EFBIG, exception.StorageFull)
def test_add_storage_write_denied(self):
"""
Tests that adding an image with insufficient filestore permissions
raises an appropriate exception
"""
- self._do_test_add_failure(errno.EACCES, exception.StorageWriteDenied)
+ self._do_test_add_write_failure(errno.EACCES,
+ exception.StorageWriteDenied)
def test_add_other_failure(self):
"""
Tests that a non-space-related IOError does not raise a
StorageFull exception.
"""
- self._do_test_add_failure(errno.ENOTDIR, IOError)
+ self._do_test_add_write_failure(errno.ENOTDIR, IOError)
+
+ def test_add_cleanup_on_read_failure(self):
+ """
+ Tests the partial image file is cleaned up after a read
+ failure.
+ """
+ ChunkedFile.CHUNKSIZE = 1024
+ image_id = utils.generate_uuid()
+ file_size = 1024 * 5 # 5K
+ file_contents = "*" * file_size
+ path = os.path.join(self.test_dir, image_id)
+ location = "file://%s/%s" % (self.test_dir, image_id)
+ image_file = StringIO.StringIO(file_contents)
+
+ def fake_Error(size):
+ raise AttributeError()
+
+ self.stubs.Set(image_file, 'read', fake_Error)
+
+ self.assertRaises(AttributeError,
+ self.store.add,
+ image_id, image_file, 0)
+ self.assertFalse(os.path.exists(path))
def test_delete(self):
"""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/tests/unit/v1/test_api.py new/glance-2012.2.4/glance/tests/unit/v1/test_api.py
--- old/glance-2012.2.4/glance/tests/unit/v1/test_api.py 2013-03-06 04:18:30.000000000 +0100
+++ new/glance-2012.2.4/glance/tests/unit/v1/test_api.py 2013-03-14 18:47:35.000000000 +0100
@@ -1905,6 +1905,19 @@
res = req.get_response(self.api)
self.assertEquals(res.status_int, webob.exc.HTTPUnauthorized.code)
+ def test_delete_member_invalid(self):
+ """
+ Tests deleting a invalid/non existing member raises right exception
+ """
+ self.api = test_utils.FakeAuthMiddleware(rserver.API(self.mapper),
+ is_admin=True)
+ req = webob.Request.blank('/images/%s/members/pattieblack' % UUID2)
+ req.method = 'DELETE'
+
+ res = req.get_response(self.api)
+ self.assertEquals(res.status_int, webob.exc.HTTPNotFound.code)
+ self.assertTrue('Membership could not be found' in res.body)
+
class TestGlanceAPI(base.IsolatedUnitTest):
def setUp(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glance-2012.2.4/glance/versioninfo new/glance-2012.2.4/glance/versioninfo
--- old/glance-2012.2.4/glance/versioninfo 2013-03-06 04:20:58.000000000 +0100
+++ new/glance-2012.2.4/glance/versioninfo 2013-03-14 18:51:30.000000000 +0100
@@ -1 +1 @@
-2012.2.4~20130306.7.g1fb759d
+2012.2.4~20130314.13.gdd849a9
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org