lp:~yolanda.robla/horizon/precise-security
- Get this branch:
- bzr branch lp:~yolanda.robla/horizon/precise-security
Branch merges
- James Page: Approve
-
Diff: 4012 lines (+794/-1547)41 files modified.bzrignore (+0/-12)
.mailmap (+0/-8)
.pc/CVE-2012-3540.patch/horizon/views/auth_forms.py (+0/-190)
.pc/add_juju_settings_panel.patch/horizon/dashboards/settings/dashboard.py (+0/-31)
.pc/add_juju_settings_panel.patch/openstack_dashboard/local/local_settings.py.example (+0/-117)
.pc/allow_alternate_css.patch/horizon/templatetags/branding.py (+0/-62)
.pc/allow_alternate_css.patch/openstack_dashboard/templates/_stylesheets.html (+0/-6)
.pc/applied-patches (+0/-9)
.pc/fix-coverage-binary-name.patch/run_tests.sh (+0/-403)
.pc/fix-dashboard-django-wsgi.patch/openstack_dashboard/wsgi/django.wsgi (+0/-15)
.pc/fix-dashboard-manage.patch/manage.py (+0/-12)
.pc/juju_panel-handle_catalog_exception.patch/horizon/dashboards/settings/juju/forms.py (+0/-96)
.pc/turn-off-debug.patch/openstack_dashboard/local/local_settings.py.example (+0/-123)
.pc/use-memcache.patch/openstack_dashboard/local/local_settings.py.example (+0/-123)
.pylintrc (+0/-42)
AUTHORS (+2/-0)
PKG-INFO (+126/-0)
debian/changelog (+18/-0)
debian/patches/CVE-2012-3540.patch (+0/-33)
debian/patches/series (+0/-1)
horizon.egg-info/PKG-INFO (+126/-0)
horizon.egg-info/SOURCES.txt (+478/-0)
horizon.egg-info/dependency_links.txt (+3/-0)
horizon.egg-info/not-zip-safe (+1/-0)
horizon.egg-info/requires.txt (+18/-0)
horizon.egg-info/top_level.txt (+2/-0)
horizon/dashboards/nova/images_and_snapshots/images/tables.py (+3/-0)
horizon/dashboards/nova/instances_and_volumes/volumes/tables.py (+1/-1)
horizon/dashboards/settings/juju/__init__.py (+0/-1)
horizon/dashboards/settings/juju/forms.py (+0/-96)
horizon/dashboards/settings/juju/panel.py (+0/-28)
horizon/dashboards/settings/juju/urls.py (+0/-24)
horizon/dashboards/settings/juju/views.py (+0/-28)
horizon/dashboards/settings/templates/settings/juju/download_form.html (+0/-20)
horizon/dashboards/settings/templates/settings/juju/environments.yaml.template (+0/-21)
horizon/dashboards/settings/templates/settings/juju/index.html (+0/-11)
horizon/usage/base.py (+9/-6)
horizon/version.py (+1/-1)
setup.cfg (+5/-0)
tools/pip-requires (+1/-1)
tox.ini (+0/-26)
Branch information
Recent revisions
- 29. By Yolanda Robla
-
* Resynchronize with stable/essex (LP: #1089488)
- [7e651d7] stable/essex horizon installs unusable version of glance
(LP: #1057125)
- [35eada8] open redirect / phishing attack via "next" parameter
(LP: #1039077)
- [8889311] TypeError when trying to delete an unnamed volume via dashboard
(LP: #1031291)
- [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
- [9b22d68] When adding ICMP rule, the type/code is being validated as
from/to ports (LP: #997669)
- [52bbba1] Added --only-selenium option in run_tests.sh
* Dropped patches, superseeded by new snapshot:
- debian/patches/ CVE-2012- 3540.patch [35eada8] - 27. By Steve Beattie
-
* SECURITY UPDATE: open redirect / phishing attack via "next"
parameter (LP: #1039077)
- debian/patches/ CVE-2012- 3540.patch: disallow redirects to anywhere
other than the same origin
- CVE-2012-3540 - 26. By Jamie Strandboge
-
* SECURITY UPDATE: fix XSS when refreshing logs
- debian/patches/ CVE-2012- 2094.patch: interpret logs as text
- CVE-2012-2094
* SECURITY UPDATE: fix session fixation and reuse
- debian/patches/ CVE-2012- 2144.patch: properly verify existing session and
also log user out on error
- CVE-2012-2144 - 25. By Dave Walker
-
* debian/control: Added memcached as a Recommends of python-
django- horizon,
to ensure a memcached is running and can be used via default install.
- LP: #988435 - 24. By Dave Walker
-
debian/
patches/ use-memcache. patch: Use memcache for session engine by
default to avoid frequent logouts, as sessions are not shared across
workers. LP: #968850 - 23. By Adam Gandelman
-
[ Adam Gandelman ]
* debian/openstack- dashboard. links: Create symlink to horizon's static js
files. (LP: #987535)[ Jamie Strandboge ]
* debian/control: don't Build-Depends on python-cherrypy3. It is used by
only the dashboard tests and they are disabled in Ubuntu builds - 22. By Dave Walker
-
[ Adam Gandelman ]
* debian/patches/ turn-off- debug.patch: Enable again
* debian/openstack- dashboard. conf: Add an Alias mapping '/static'
to '/usr/share/opensack- dashboard/ openstack_ dashboard/ static/ '
(LP: #980787)
* debian/patches/ allow_alternate _css.patch: Allow loading of ubuntu.css
and favicon if they exists
* debian/control: Drop libjs-jquery dependencies[ Dave Walker (Daviey) ]
* debian/control: Drop duplicate depends python-cloudfiles. - 21. By Chuck Short
-
debian/
patches/ turn-off- debug.patch; Reverted, breaks CSS templates.
(LP: #980787)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)