Ubuntu
eucalyptus package

Merge lp:~ccheney/ubuntu/lucid/eucalyptus/lucid-sru into lp:ubuntu/lucid-proposed/eucalyptus

  1. Lucid (10.04)
  2. lucid-sru
  3. Merge into lucid-proposed
Proposed by Chris Cheney on 2010-06-04
Status: Superseded
Proposed branch: lp:~ccheney/ubuntu/lucid/eucalyptus/lucid-sru
Merge into: lp:ubuntu/lucid-proposed/eucalyptus
Diff against target: 113 lines (+29/-18)
4 files modified
clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/server/EucalyptusWebBackendImpl.java (+6/-3)
debian/changelog (+11/-0)
debian/eucalyptus-sc.upstart (+8/-0)
node/handlers_kvm.c (+4/-15)
To merge this branch: bzr merge lp:~ccheney/ubuntu/lucid/eucalyptus/lucid-sru
Reviewer Review Type Date Requested Status
Mathias Gug 2010-06-04 Approve on 2010-06-04
Dave Walker 2010-06-04 Pending
Review via email: mp+26839@code.launchpad.net

This proposal has been superseded by a proposal from 2010-06-07.

Description of the Change

SRU for lucid

  * Revert: node/handlers_kvm.c: fix console bug (was only showing first 64K)
  * clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/server/EucalyptusWebBackendImpl.java:
    - fix user enumeration and account brute force, LP: #579942
  * debian/eucalyptus-sc.upstart: Bump maximum number of loop devices for
    SC to 512, LP: #586134

To post a comment you must log in.
Mathias Gug (mathiaz) wrote :

I would add a reference to the LP bug number for the patch that is reverted. Otherwise the patch looks good to me.

Both bug 586134 and bug 579942 need to have a proper SRU report written up.

review: Approve
Chris Cheney (ccheney) wrote :

> I would add a reference to the LP bug number for the patch that is reverted.
> Otherwise the patch looks good to me.
>
> Both bug 586134 and bug 579942 need to have a proper SRU report written up.

I have written up the two SRUs.

lp:~ccheney/ubuntu/lucid/eucalyptus/lucid-sru updated on 2010-06-08
153. By Chris Cheney on 2010-06-07

Revert: node/handlers_kvm.c: fix console bug (was only showing first 64K),
LP: #566793

154. By Chris Cheney on 2010-06-08

Merged.

Unmerged revisions

154. By Chris Cheney on 2010-06-08

Merged.

153. By Chris Cheney on 2010-06-07

Revert: node/handlers_kvm.c: fix console bug (was only showing first 64K),
LP: #566793

152. By Chris Cheney on 2010-06-04

* Revert: node/handlers_kvm.c: fix console bug (was only showing first 64K)
* clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/server/EucalyptusWebBackendImpl.java:
  - fix user enumeration and account brute force, LP: #579942
* debian/eucalyptus-sc.upstart: Bump maximum number of loop devices for
  SC to 512, LP: #586134

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/server/EucalyptusWebBackendImpl.java'
2--- clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/server/EucalyptusWebBackendImpl.java 2009-12-01 21:09:28 +0000
3+++ clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/server/EucalyptusWebBackendImpl.java 2010-06-07 14:59:25 +0000
4@@ -384,7 +384,8 @@
5 if (session!=null) {
6 sessions.remove(session.getSessionId());
7 }
8- throw new SerializableException("Username '" + userName + "' not found");
9+ /* Don't be descriptive */
10+ throw new SerializableException("Login incorrect");
11 }
12 if (!user.isApproved()) {
13 throw new SerializableException("User not approved yet");
14@@ -416,7 +417,8 @@
15 // you can get a sessionId with an expired password so you can change it => false
16 user = verifyUser (null, userId, false);
17 if (!user.getBCryptedPassword().equals( md5Password )) {
18- throw new SerializableException("Incorrect password");
19+ /* Don't be descriptive */
20+ throw new SerializableException("Login incorrect");
21 }
22
23 sessionId = ServletUtils.genGUID();
24@@ -669,7 +671,8 @@
25 try {
26 oldRecord = EucalyptusManagement.getWebUser(userName);
27 } catch (Exception e) {
28- throw new SerializableException("Username '" + userName + "' not found");
29+ /* Don't be descriptive */
30+ throw new SerializableException("Login incorrect");
31 }
32 if (! callerRecord.isAdministrator()
33 && ! callerRecord.getUserName().equals(userName)) {
34
35=== modified file 'debian/changelog'
36--- debian/changelog 2010-04-28 08:43:38 +0000
37+++ debian/changelog 2010-06-07 14:59:25 +0000
38@@ -1,3 +1,14 @@
39+eucalyptus (1.6.2-0ubuntu30.2) lucid-proposed; urgency=low
40+
41+ * Revert: node/handlers_kvm.c: fix console bug (was only showing first 64K),
42+ LP: #566793
43+ * clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/server/EucalyptusWebBackendImpl.java:
44+ - fix user enumeration and account brute force, LP: #579942
45+ * debian/eucalyptus-sc.upstart: Bump maximum number of loop devices for
46+ SC to 512, LP: #586134
47+
48+ -- Chris Cheney <ccheney@ubuntu.com> Fri, 04 Jun 2010 00:39:00 -0500
49+
50 eucalyptus (1.6.2-0ubuntu30.1) lucid-proposed; urgency=low
51
52 Address LP: #565101
53
54=== modified file 'debian/eucalyptus-sc.upstart'
55--- debian/eucalyptus-sc.upstart 2010-02-03 19:01:47 +0000
56+++ debian/eucalyptus-sc.upstart 2010-06-07 14:59:25 +0000
57@@ -6,6 +6,14 @@
58 start on started eucalyptus
59 stop on stopping eucalyptus
60
61+pre-start script
62+ # SC needs more loop devices than the
63+ # arbitrarily low Ubuntu default of 8
64+ for i in $(seq 0 511); do
65+ [ -b /dev/loop$i ] || (mknod -m 660 /dev/loop$i b 7 $i && chown root:disk /dev/loop$i)
66+ done
67+end script
68+
69 post-start script
70 timeout=60
71 while [ $timeout -gt 0 ]; do
72
73=== modified file 'node/handlers_kvm.c'
74--- node/handlers_kvm.c 2010-04-28 08:43:38 +0000
75+++ node/handlers_kvm.c 2010-06-07 14:59:25 +0000
76@@ -305,14 +305,13 @@
77 char **consoleOutput) {
78 char *console_output;
79 char console_file[1024];
80- int rc, fd, readsize;
81+ int rc, fd;
82 struct stat statbuf;
83
84 *consoleOutput = NULL;
85- readsize = 64 * 1024;
86
87 // for KVM, read the console output from a file, encode it, and return
88- console_output = malloc(readsize);
89+ console_output = malloc(64 * 1024);
90 if (console_output == NULL) {
91 return(1);
92 }
93@@ -333,18 +332,8 @@
94 return(1);
95 }
96
97- rc = lseek(fd, (off_t)(-1 * readsize), SEEK_END);
98- if (rc < 0) {
99- rc = lseek(fd, (off_t)0, SEEK_SET);
100- if (rc < 0) {
101- logprintfl(EUCAERROR, "cannot seek to beginning of file\n");
102- if (console_output) free(console_output);
103- return(1);
104- }
105- }
106-
107- bzero(console_output, readsize);
108- rc = read(fd, console_output, (readsize)-1);
109+ bzero(console_output, 64*1024);
110+ rc = read(fd, console_output, (64*1024)-1);
111 close(fd);
112
113 *consoleOutput = base64_enc((unsigned char *)console_output, strlen(console_output));

Subscribers

People subscribed via source and target branches