lp:~yolanda.robla/glance/precise-security
- Get this branch:
- bzr branch lp:~yolanda.robla/glance/precise-security
Branch merges
- James Page: Needs Fixing
-
Diff: 11700 lines (+296/-6476)32 files modified.gitignore (+0/-11)
.gitreview (+0/-5)
.mailmap (+0/-19)
.pc/CVE-2012-4573.patch/glance/api/v1/images.py (+0/-973)
.pc/CVE-2013-0212.patch/glance/store/swift.py (+0/-570)
.pc/CVE-2013-1840.patch/glance/api/middleware/cache.py (+0/-142)
.pc/applied-patches (+0/-8)
.pc/disable-network-for-docs.patch/doc/source/conf.py (+0/-262)
.pc/disable-swift-tests.patch/glance/tests/unit/test_clients.py (+0/-2123)
.pc/disable-swift-tests.patch/glance/tests/unit/test_swift_store.py (+0/-601)
.pc/disable_db_table_auto_create.patch/glance/registry/db/api.py (+0/-746)
.pc/disable_db_table_auto_create.patch/glance/registry/db/migration.py (+0/-138)
.pc/disable_db_table_auto_create.patch/run_tests.py (+0/-296)
.pc/fix_migration_012_foreign_keys.patch/Authors (+0/-68)
.pc/fix_migration_012_foreign_keys.patch/glance/registry/db/migrate_repo/versions/012_id_to_uuid.py (+0/-295)
.pc/sql_conn.patch/etc/glance-registry.conf (+0/-61)
Authors (+1/-0)
PKG-INFO (+15/-0)
debian/changelog (+17/-0)
debian/patches/CVE-2012-4573.patch (+0/-35)
debian/patches/CVE-2013-0212.patch (+0/-67)
debian/patches/CVE-2013-1840.patch (+0/-22)
debian/patches/disable_db_table_auto_create.patch (+11/-17)
debian/patches/fix_migration_012_foreign_keys.patch (+2/-2)
debian/patches/series (+0/-3)
glance.egg-info/PKG-INFO (+15/-0)
glance.egg-info/SOURCES.txt (+217/-0)
glance.egg-info/dependency_links.txt (+1/-0)
glance.egg-info/top_level.txt (+1/-0)
glance/vcsversion.py (+7/-0)
setup.cfg (+8/-11)
tools/pip-requires (+1/-1)
Branch information
Recent revisions
- 54. By Yolanda Robla
-
* Resynchronize with stable/essex (74b067df) (LP: #1089488):
- [74b067d] v1 api returns location as header for cached images LP: 1135541
- [37d4d96] glance image-download can display backend Swift password
LP: 1098962
- [efd7e75] Non-admin users can cause public glance images to be deleted
from the backend storage repository (LP: #1065187)
- [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
* Dropped patches, superseeded by snapshot:
- debian/patches/ CVE-2013- 1840.patch [74b067d]
- debian/patches/ CVE-2013- 0212.patch [37d4d96]
- debian/patches/ CVE-2012- 4573.patch [efd7e75, e6be061] - 53. By Jamie Strandboge
-
* SECURITY UPDATE: fix information disclosure via Glance v1 API
- debian/patches/ CVE-2013- 1840.patch: adjust api/middleware/ cache.py to
not show image_meta['location' ]
- CVE-2013-1840
- LP: #1135541 - 52. By Jamie Strandboge
-
* SECURITY UPDATE: information disclosure via swift error messages
- debian/patches/ CVE-2013- 0212.patch: adjust glance/ store/swift. py to
mot show URLs and credentials in error messages and log output
- CVE-2013-0212 - 51. By Jamie Strandboge
-
* SECURITY UPDATE: deletion of arbitrary public and shared images via
authenticated user
- debian/patches/ CVE-2012- 4573.patch: adjust glance/ api/v1/ images. py to
ensure image is owned by user before delayed_deletion
- CVE-2012-4573 - 50. By Adam Gandelman
-
[ Adam Gandelman ]
* debian/patches/ disable_ db_table_ auto_create. patch: Disable auto-creation
of database schema at service start, inspect for consistenty and advise
running manual migrations instead.
* debian/patches/ fix_migration_ 012_foreign_ keys.patch: Fix a migration issue
around missing FKs. Cherry-picked from upstream. Can be dropped with
first stable update.
* debian/patches/ convert_ properties_ to_uuid. patch: Fixes migration 012 to
also convert kernel_id and ramdisk_ids to UUID. Cherry picked from upstream.
Can be dropped with first stable update (LP: #975651)
* debian/glance- common. postinst: Clean up, fix purging issue due to poor
us of conditionals
* debian/glance- registry. postinst: Ensure new database is version_controlled
before first call of db_sync.[ Chuck Short ]
* debian/control: Fix upgrades from oneiric to precise. (LP: #974592) - 48. By Adam Gandelman
-
* New upstream release.
* debian/control: Add sqlite3 as a Build-Depends (for test suite) - 47. By Chuck Short
-
* New upstream release.
* debian/rules: Fail build if testsuite fails.
* debian/patches/ disable- swift-tests. patch: Disable swift tests that
require a swift server setup.
* debian/patches/ disable- network- for-docs. patch: Disable network for
building docs.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)