REGRESSION: AttributeError: 'functools.partial' object has no attribute '__module__'

Bug #1311433 reported by Julian Edwards
28
This bug affects 10 people
Affects Status Importance Assigned to Milestone
Django
Unknown
Unknown
MAAS
Fix Released
Critical
Jeroen T. Vermeulen
1.5
Fix Released
Critical
Jeroen T. Vermeulen
maas (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Won't Fix
Undecided
Unassigned
Saucy
Won't Fix
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned
python-django (Debian)
New
Undecided
Unassigned
python-django (Ubuntu)
Fix Released
Critical
Marc Deslauriers
Lucid
Fix Released
Critical
Marc Deslauriers
Precise
Fix Released
Critical
Marc Deslauriers
Quantal
Fix Released
Critical
Marc Deslauriers
Saucy
Fix Released
Critical
Marc Deslauriers
Trusty
Fix Released
Critical
Marc Deslauriers

Bug Description

[Test case]

Without the fix:
1. Install MAAS
2. Access the MAAS home page (http://localhost/MAAS) → the home page displays a 500 error. The log in /var/log/maas/maas.log contains the exception: http://paste.ubuntu.com/7417954/ (AttributeError: 'functools.partial' object has no attribute '__module__')

With the fix:
1. Install MAAS
2. Access the MAAS home page (http://localhost/MAAS) → see the login home page.

[Description of the problem]

This was caused by a regression in python-django introduced by a recent security update (see the bug's comment for details).

Related branches

CVE References

Revision history for this message
Julian Edwards (julian-edwards) wrote :

bug 1309779 is the reference to the recent security fix.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in python-django (Ubuntu):
status: New → Confirmed
Revision history for this message
Luke Faraone (lfaraone) wrote :

Attached is a patch (apparently) accepted upstream.

Changed in maas:
status: New → Triaged
importance: Undecided → Critical
Revision history for this message
Jeroen T. Vermeulen (jtv) wrote :
Changed in maas:
status: Triaged → Fix Committed
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I am preparing security regression fixes with the upstream patch and will release them shortly.

Changed in python-django (Ubuntu Lucid):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in python-django (Ubuntu Precise):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in python-django (Ubuntu Quantal):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in python-django (Ubuntu Saucy):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in python-django (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in python-django (Ubuntu Quantal):
importance: Undecided → High
Changed in python-django (Ubuntu Saucy):
importance: Undecided → High
Changed in python-django (Ubuntu Trusty):
importance: Undecided → Critical
Changed in python-django (Ubuntu Saucy):
status: New → In Progress
Changed in python-django (Ubuntu Quantal):
status: New → In Progress
Changed in python-django (Ubuntu Trusty):
status: Confirmed → In Progress
Changed in python-django (Ubuntu Lucid):
importance: High → Critical
Changed in python-django (Ubuntu Precise):
importance: High → Critical
Changed in python-django (Ubuntu Quantal):
importance: High → Critical
Changed in python-django (Ubuntu Saucy):
importance: High → Critical
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-django - 1.3.1-4ubuntu1.10

---------------
python-django (1.3.1-4ubuntu1.10) precise-security; urgency=medium

  * SECURITY REGRESSION: security fix regression when a view is a partial
    (LP: #1311433)
    - debian/patches/CVE-2014-0472-regression.patch: create the lookup_str
      from the original function whenever a partial is provided as an
      argument to a url pattern in django/core/urlresolvers.py,
      added tests to tests/regressiontests/urlpatterns_reverse/urls.py,
      tests/regressiontests/urlpatterns_reverse/views.py.
    - CVE-2014-0472
 -- Marc Deslauriers <email address hidden> Tue, 22 Apr 2014 23:17:22 -0400

Changed in python-django (Ubuntu Precise):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-django - 1.6.1-2ubuntu0.2

---------------
python-django (1.6.1-2ubuntu0.2) trusty-security; urgency=medium

  * SECURITY REGRESSION: security fix regression when a view is a partial
    (LP: #1311433)
    - debian/patches/CVE-2014-0472-regression.patch: create the lookup_str
      from the original function whenever a partial is provided as an
      argument to a url pattern in django/core/urlresolvers.py,
      added tests to tests/urlpatterns_reverse/urls.py,
      tests/urlpatterns_reverse/views.py.
    - CVE-2014-0472
 -- Marc Deslauriers <email address hidden> Tue, 22 Apr 2014 23:05:51 -0400

Changed in python-django (Ubuntu Trusty):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-django - 1.5.4-1ubuntu1.2

---------------
python-django (1.5.4-1ubuntu1.2) saucy-security; urgency=medium

  * SECURITY REGRESSION: security fix regression when a view is a partial
    (LP: #1311433)
    - debian/patches/CVE-2014-0472-regression.patch: create the lookup_str
      from the original function whenever a partial is provided as an
      argument to a url pattern in django/core/urlresolvers.py,
      added tests to tests/regressiontests/urlpatterns_reverse/urls.py,
      tests/regressiontests/urlpatterns_reverse/views.py.
    - CVE-2014-0472
 -- Marc Deslauriers <email address hidden> Tue, 22 Apr 2014 23:12:52 -0400

Changed in python-django (Ubuntu Saucy):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-django - 1.1.1-2ubuntu1.11

---------------
python-django (1.1.1-2ubuntu1.11) lucid-security; urgency=medium

  * SECURITY REGRESSION: security fix regression when a view is a partial
    (LP: #1311433)
    - debian/patches/CVE-2014-0472-regression.patch: create the lookup_str
      from the original function whenever a partial is provided as an
      argument to a url pattern in django/core/urlresolvers.py,
      added tests to tests/regressiontests/urlpatterns_reverse/urls.py,
      tests/regressiontests/urlpatterns_reverse/views.py.
    - CVE-2014-0472
 -- Marc Deslauriers <email address hidden> Tue, 22 Apr 2014 23:20:22 -0400

Changed in python-django (Ubuntu Lucid):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-django - 1.4.1-2ubuntu0.6

---------------
python-django (1.4.1-2ubuntu0.6) quantal-security; urgency=medium

  * SECURITY REGRESSION: security fix regression when a view is a partial
    (LP: #1311433)
    - debian/patches/CVE-2014-0472-regression.patch: create the lookup_str
      from the original function whenever a partial is provided as an
      argument to a url pattern in django/core/urlresolvers.py,
      added tests to tests/regressiontests/urlpatterns_reverse/urls.py,
      tests/regressiontests/urlpatterns_reverse/views.py.
    - CVE-2014-0472
 -- Marc Deslauriers <email address hidden> Tue, 22 Apr 2014 23:14:35 -0400

Changed in python-django (Ubuntu Quantal):
status: In Progress → Fix Released
Changed in maas:
assignee: nobody → Jeroen T. Vermeulen (jtv)
Raphaël Badin (rvb)
description: updated
tags: added: patch
Changed in maas:
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package maas - 1.5.1+bzr2269-0ubuntu2

---------------
maas (1.5.1+bzr2269-0ubuntu2) utopic; urgency=medium

  * debian/control: Really fix missing dep on python-crochet for
    python-maas-provisioningserver.
 -- Andres Rodriguez <email address hidden> Fri, 09 May 2014 22:41:19 -0500

Changed in maas (Ubuntu):
status: New → Fix Released
Revision history for this message
Greg Lutostanski (lutostag) wrote :

Remove workaround because django updated on supported releases, included in branch which fixes this and other 1.5.2 release bugs for SRU is linked to bug #1325038.

Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Julian, or anyone else affected,

Accepted maas into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/maas/1.5.2+bzr2282-0ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in maas (Ubuntu Trusty):
status: New → Fix Committed
tags: added: verification-needed
Revision history for this message
Greg Lutostanski (lutostag) wrote :

Verified fix for 1.5.2 SRU.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Stéphane Graber (stgraber) wrote :

Hello Julian, or anyone else affected,

Accepted maas into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/maas/1.5.2+bzr2282-0ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: removed: verification-done
tags: added: verification-needed
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package maas - 1.5.2+bzr2282-0ubuntu0.2

---------------
maas (1.5.2+bzr2282-0ubuntu0.2) trusty-proposed; urgency=medium

  * debian/control:
   - Add missing dependency in maas-cluster-controller for grub-common
     (LP: #1328231)
   - Move dependency from maas-cluster-controller to maas-provisioningserver
     for python-seamicroclient (LP: #1332532)

maas (1.5.2+bzr2282-0ubuntu0.1) trusty-proposed; urgency=medium

  * New upstream release:
    - Remove workaround for fixed Django bug 1311433 (LP: #1311433)
    - Ensure that validation errors are returned when adding a node over
      the API and its cluster controller is not contactable. (LP: #1305061)
    - Hardware enablement support for PowerKVM (LP: #1325038)
    - Shorten the time taken for a cluster to initially connect to the region
      via RPC to around 2 seconds (LP: #1317682)
    - Faster DHCP leases parser (LP: #1305102)
    - Documentation fixed explaining how to enable an ephemeral backdoor
      (LP: #1321696)
    - Use probe-and-enlist-hardware to enlist all virtual machine inside
      a libvirt machine, allow password qemu+ssh connections.
      (LP: #1315155, LP: #1315157)
    - Rename ppc64el boot loader to PowerKVM (LP: #1315154)
    - Fix NodeForm's is_valid() method so that it uses Django's way of setting
      errors on forms instead of putting text in self.errors['architecture']
      (LP: #1301465)
    - Change BootMethods to return their own IReader per-request, update method
      names to reflect new usage. (LP: #1315154)
    - Return early and stop the DHCP server when the list of managed interfaces
      of the nodegroup is empty. (LP: #1324944)
    - Fix invalid attribute references in the VirshSSH class. Added more test
      for the VirshSSH class. (LP: #1324966)
  * debian/control:
    - Add missing dependency in maas-cluster-controller for python-pexpect
      (LP: #1322151)
 -- Greg Lutostanski <email address hidden> Fri, 20 Jun 2014 10:10:47 -0500

Changed in maas (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Stéphane Graber (stgraber) wrote : Update Released

The verification of the Stable Release Update for maas has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Rolf Leggewie (r0lf) wrote :

quantal has seen the end of its life and is no longer receiving any updates. Marking the quantal task for this ticket as "Won't Fix".

Changed in maas (Ubuntu Quantal):
status: New → Won't Fix
Revision history for this message
Rolf Leggewie (r0lf) wrote :

saucy has seen the end of its life and is no longer receiving any updates. Marking the saucy task for this ticket as "Won't Fix".

Changed in maas (Ubuntu Saucy):
status: New → Won't Fix
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in maas (Ubuntu Lucid):
status: New → Won't Fix
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in maas (Ubuntu Precise):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.