Merge lp:~gandelman-a/ubuntu/quantal/glance/2012.2.1 into lp:~openstack-ubuntu-testing/glance/folsom

Proposed by Adam Gandelman on 2012-11-30
Status: Merged
Merge reported by: Adam Gandelman
Merged at revision: not available
Proposed branch: lp:~gandelman-a/ubuntu/quantal/glance/2012.2.1
Merge into: lp:~openstack-ubuntu-testing/glance/folsom
Diff against target: 86 lines (+55/-2)
2 files modified
debian/changelog (+53/-1)
debian/control (+2/-1)
To merge this branch: bzr merge lp:~gandelman-a/ubuntu/quantal/glance/2012.2.1
Reviewer Review Type Date Requested Status
Openstack Ubuntu Testers 2012-11-30 Pending
Review via email: mp+137350@code.launchpad.net
To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2012-10-12 14:47:14 +0000
3+++ debian/changelog 2012-11-30 23:41:49 +0000
4@@ -1,3 +1,55 @@
5+glance (2012.2.1-0ubuntu1) UNRELEASED; urgency=low
6+
7+ * Dropped patches, applied upstream:
8+ - debian/patches/CVE-2012-4573.patch
9+ - debian/patches/CVE-2012-4573b.patch
10+ * Resynchronize with stable/folsom (199783ce) (LP: #1085255):
11+ - [49408e9] Glance image-delete HTTPInternalServerError HTTP 500
12+ (LP: #1075580)
13+ - [91aaa48] Image fails to upload to swift: TypeError: object of type
14+ 'CooperativeReader' has no len( (LP: #1057322)
15+ - [a296a5b] Return 403 when admin deletes a deleted image (LP: #1060944)
16+ - [3e58a6a] Disallow updating deleted images. (LP: #1060930)
17+ - [26c8085] admins can see deleted images in v2 api (LP: #1071446)
18+ - [8321ca6] No exclude option to skip tests in run_tests.sh (LP: #1065758)
19+ - [c3bea11] Badly named stable/folsom Glance tarballs (LP: #1059634)
20+ - [fc0ee76] Non-admin users can cause public glance images to be deleted
21+ from the backend storage repository in the v2 api (LP: #1076506)
22+ - [90bcdc5] Non-admin users can cause public glance images to be deleted
23+ from the backend storage repository (LP: #1065187)
24+ - [7841cc9] FakeAuth not always admin
25+ - [ddad275] Jenkins jobs fail because of incompatibility between sqlalchemy-
26+ migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
27+ - [1d5c651] nosetest options cause no such option errors (LP: #1056420)
28+ - [ac223e2] Set defaultbranch in .gitreview to stable/folsom
29+
30+ -- Adam Gandelman <adamg@canonical.com> Fri, 30 Nov 2012 12:22:50 -0400
31+
32+glance (2012.2-0ubuntu2.3) quantal-security; urgency=low
33+
34+ * SECURITY UPDATE: deletion of arbitrary public and shared images via
35+ authenticated user
36+ - debian/patches/CVE-2012-4573b.patch: previous patch was incomplete.
37+ Make corresponding change to glance/api/v2/images.py
38+ - CVE-2012-4573
39+ * debian/control: add Build-Depends-Indep on python-chardet. This is needed
40+ by python-requests to do encoding detection which otherwise fails in the
41+ new tests introduced in CVE-2012-4573b.patch.
42+
43+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 09 Nov 2012 06:53:44 -0600
44+
45+glance (2012.2-0ubuntu2.2) quantal-security; urgency=low
46+
47+ * SECURITY UPDATE: deletion of arbitrary public and shared images via
48+ authenticated user
49+ - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
50+ ensure image is owned by user before delayed_deletion
51+ - CVE-2012-4573
52+ * debian/patches/fakeauth-not-always-admin.patch: add required testsuite
53+ patch in support of the testsuite changes in CVE-2012-4573.patch
54+
55+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 08 Nov 2012 07:41:02 -0600
56+
57 glance (2012.2-0ubuntu2) quantal-proposed; urgency=low
58
59 * Glance should suggest python-ceph, not ceph-common (LP: #1065903):
60@@ -295,7 +347,6 @@
61
62 -- Matthias Klose <doko@ubuntu.com> Mon, 02 Jan 2012 13:02:24 +0100
63
64-
65 glance (2012.1~e2-0ubuntu2) precise; urgency=low
66
67 * debian/glance-registry.postinst: Fix typo in postinst.
68@@ -583,3 +634,4 @@
69 * Initial upload.
70
71 -- Soren Hansen <soren@ubuntu.com> Wed, 19 Jan 2011 12:01:32 +0100
72+
73
74=== modified file 'debian/control'
75--- debian/control 2012-10-12 10:09:43 +0000
76+++ debian/control 2012-11-30 23:41:49 +0000
77@@ -33,7 +33,8 @@
78 python-glanceclient,
79 python-xattr,
80 curl,
81- pep8
82+ pep8,
83+ python-chardet
84 Standards-Version: 3.9.3
85 XS-Python-Version: >= 2.6
86 Homepage: http://launchpad.net/glance

Subscribers

People subscribed via source and target branches