Ubuntu
glance package

Merge lp:~yolanda.robla/ubuntu/precise/glance/essex-sru into lp:ubuntu/precise-updates/glance

Precise (12.04)
essex-sru
Merge into precise-updates

Proposed by Yolanda Robla on 2012-12-18

Status:

Superseded

Proposed branch:

lp:~yolanda.robla/ubuntu/precise/glance/essex-sru

Merge into:

lp:ubuntu/precise-updates/glance

Diff against target:

1573 lines (+309/-1085)

21 files modified

.gitignore (+0/-11)
.gitreview (+0/-5)
.mailmap (+0/-19)
.pc/CVE-2012-4573.patch/glance/api/v1/images.py (+0/-973)
.pc/applied-patches (+0/-1)
.pc/fix_migration_012_foreign_keys.patch/Authors (+1/-0)
Authors (+1/-0)
PKG-INFO (+15/-0)
debian/changelog (+18/-0)
debian/glance-api.logrotate (+1/-1)
debian/glance-registry.logrotate (+1/-1)
debian/patches/CVE-2012-4573.patch (+0/-35)
debian/patches/fix_migration_012_foreign_keys.patch (+22/-26)
debian/patches/series (+0/-1)
glance.egg-info/PKG-INFO (+15/-0)
glance.egg-info/SOURCES.txt (+217/-0)
glance.egg-info/dependency_links.txt (+1/-0)
glance.egg-info/top_level.txt (+1/-0)
glance/vcsversion.py (+7/-0)
setup.cfg (+8/-11)
tools/pip-requires (+1/-1)

To merge this branch:

bzr merge lp:~yolanda.robla/ubuntu/precise/glance/essex-sru

Related bugs:

Bug #1049314: glance-registry package drops incorrect logrotate config	Undecided	Fix Released
Bug #1073569: Jenkins jobs fail because of incompatibility between sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1	Critical	Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
James Page		2012-12-18	Needs Information on 2012-12-18
Review via email: mp+140403@code.launchpad.net

This proposal has been superseded by a proposal from 2012-12-18.

Revision history for this message

James Page (james-page) wrote on 2012-12-18:

Yolanda

Specifically what was the pep8 issue that was causing the build to fail?

[ Yolanda Robla ]
* debian/rules: skipping pep8 tests to allow building

review: Needs Information

lp:~yolanda.robla/ubuntu/precise/glance/essex-sru updated on 2012-12-18

53. By Yolanda Robla on 2012-12-18: removed skipping pep8 tests
fix typos in changelog

Unmerged revisions

53. By Yolanda Robla on 2012-12-18

removed skipping pep8 tests
fix typos in changelog

52. By Yolanda Robla on 2012-12-17

[ Adam Gandelman ]
* debian/glance-{registry, api}.logrotate: Fix incorrect logfile
locations. (LP: #1049314)

[ Yolanda Robla ]
* debian/rules: skipping pep8 tests to allow building

[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (efd7e75b):
  - [efd7e75] Non-admin users can cause public glance images to be deleted
    from the backend storage repository (CVE-2012-4573)
  - [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
    migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)

* Dropped patches, superseeded by snapshot:
- debian/patches/CVE-2012-4573.patch: [efd7e75]

51. By Jamie Strandboge on 2012-11-08

* SECURITY UPDATE: deletion of arbitrary public and shared images via
  authenticated user
  - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
    ensure image is owned by user before delayed_deletion
  - CVE-2012-4573

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Ubuntu branches

Yolanda Robla

Ubuntu
glance package

Merge lp:~yolanda.robla/ubuntu/precise/glance/essex-sru into lp:ubuntu/precise-updates/glance

Commit message

Description of the change

Unmerged revisions

Preview Diff

Subscribers

 === removed file '.gitignore'
 --- .gitignore	2012-06-24 03:14:33 +0000
 +++ .gitignore	1970-01-01 00:00:00 +0000
@@ -1,11 +0,0 @@
--*.pyc
--*.swp
--*.log
--.glance-venv
--.venv
--.tox
--build
--dist
--glance.egg-info
--glance/vcsversion.py
--tests.sqlite
 === removed file '.gitreview'
 --- .gitreview	2012-06-24 03:14:33 +0000
 +++ .gitreview	1970-01-01 00:00:00 +0000
@@ -1,5 +0,0 @@
--[gerrit]
--host=review.openstack.org
--port=29418
--project=openstack/glance.git
--defaultbranch=stable/essex
 === removed file '.mailmap'
 --- .mailmap	2012-06-24 03:14:33 +0000
 +++ .mailmap	1970-01-01 00:00:00 +0000
@@ -1,19 +0,0 @@
--# Format is:
--# <preferred e-mail> <other e-mail 1>
--# <preferred e-mail> <other e-mail 2>
--<adam.gandelman@canonical.com> <adamg@canonical.com>
--<brian.waldon@rackspace.com> <bcwaldon@gmail.com>
--<corywright@gmail.com> <cory.wright@rackspace.com>
--<dprince@redhat.com> <dan.prince@rackspace.com>
--<jsuh@isi.edu> <jsuh@bespin>
--<josh@jk0.org> <josh.kearney@rackspace.com>
--<rconradharris@gmail.com> <rick.harris@rackspace.com>
--<rconradharris@gmail.com> <rick@quasar.racklabs.com>
--<rick@openstack.org> <rclark@chat-blanc>
--<soren.hansen@rackspace.com> <soren@linux2go.dk>
--<soren.hansen@rackspace.com> <soren@openstack.org>
--<jeblair@hp.com> <corvus@gnu.org>
--<jeblair@hp.com> <james.blair@rackspace.com>
--<chris@pistoncloud.com> <chris@slicehost.com>
--<ken.pepple@gmail.com> <ken.pepple@rabbityard.com>
--<P@draigBrady.com> <pbrady@redhat.com>
 === removed directory '.pc/CVE-2012-4573.patch'
 === removed directory '.pc/CVE-2012-4573.patch/glance'
 === removed directory '.pc/CVE-2012-4573.patch/glance/api'
 === removed directory '.pc/CVE-2012-4573.patch/glance/api/v1'
 === removed file '.pc/CVE-2012-4573.patch/glance/api/v1/images.py'
 --- .pc/CVE-2012-4573.patch/glance/api/v1/images.py	2012-11-08 07:19:39 +0000
 +++ .pc/CVE-2012-4573.patch/glance/api/v1/images.py	1970-01-01 00:00:00 +0000
@@ -1,973 +0,0 @@
--# vim: tabstop=4 shiftwidth=4 softtabstop=4
--
--# Copyright 2010 OpenStack LLC.
--# All Rights Reserved.
--#
--#    Licensed under the Apache License, Version 2.0 (the "License"); you may
--#    not use this file except in compliance with the License. You may obtain
--#    a copy of the License at
--#
--#         http://www.apache.org/licenses/LICENSE-2.0
--#
--#    Unless required by applicable law or agreed to in writing, software
--#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
--#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
--#    License for the specific language governing permissions and limitations
--#    under the License.
--
--"""
--/images endpoint for Glance v1 API
--"""
--
--import errno
--import logging
--import sys
--import traceback
--
--from webob.exc import (HTTPError,
--                       HTTPNotFound,
--                       HTTPConflict,
--                       HTTPBadRequest,
--                       HTTPForbidden,
--                       HTTPRequestEntityTooLarge,
--                       HTTPServiceUnavailable,
--                      )
--
--from glance.api import policy
--import glance.api.v1
--from glance.api.v1 import controller
--from glance.api.v1 import filters
--from glance.common import cfg
--from glance.common import exception
--from glance.common import wsgi
--from glance.common import utils
--import glance.store
--import glance.store.filesystem
--import glance.store.http
--import glance.store.rbd
--import glance.store.s3
--import glance.store.swift
--from glance.store import (get_from_backend,
--                          get_size_from_backend,
--                          schedule_delete_from_backend,
--                          get_store_from_location,
--                          get_store_from_scheme)
--from glance import registry
--from glance import notifier
--
--
--logger = logging.getLogger(__name__)
--SUPPORTED_PARAMS = glance.api.v1.SUPPORTED_PARAMS
--SUPPORTED_FILTERS = glance.api.v1.SUPPORTED_FILTERS
--
--
--# 1 PiB, which is a *huge* image by anyone's measure.  This is just to protect
--# against client programming errors (or DoS attacks) in the image metadata.
--# We have a known limit of 1 << 63 in the database -- images.size is declared
--# as a BigInteger.
--IMAGE_SIZE_CAP = 1 << 50
--
--
--class Controller(controller.BaseController):
--    """
--    WSGI controller for images resource in Glance v1 API
--
--    The images resource API is a RESTful web service for image data. The API
--    is as follows::
--
--        GET /images -- Returns a set of brief metadata about images
--        GET /images/detail -- Returns a set of detailed metadata about
--                              images
--        HEAD /images/<ID> -- Return metadata about an image with id <ID>
--        GET /images/<ID> -- Return image data for image with id <ID>
--        POST /images -- Store image data and return metadata about the
--                        newly-stored image
--        PUT /images/<ID> -- Update image metadata and/or upload image
--                            data for a previously-reserved image
--        DELETE /images/<ID> -- Delete the image with id <ID>
--    """
--
--    default_store_opt = cfg.StrOpt('default_store', default='file')
--
--    def __init__(self, conf):
--        self.conf = conf
--        self.conf.register_opt(self.default_store_opt)
--        glance.store.create_stores(conf)
--        self.verify_store_or_exit(self.conf.default_store)
--        self.notifier = notifier.Notifier(conf)
--        registry.configure_registry_client(conf)
--        self.policy = policy.Enforcer(conf)
--
--    def _enforce(self, req, action):
--        """Authorize an action against our policies"""
--        try:
--            self.policy.enforce(req.context, action, {})
--        except exception.Forbidden:
--            raise HTTPForbidden()
--
--    def index(self, req):
--        """
--        Returns the following information for all public, available images:
--
--            * id -- The opaque image identifier
--            * name -- The name of the image
--            * disk_format -- The disk image format
--            * container_format -- The "container" format of the image
--            * checksum -- MD5 checksum of the image data
--            * size -- Size of image data in bytes
--
--        :param req: The WSGI/Webob Request object
--        :retval The response body is a mapping of the following form::
--
--            {'images': [
--                {'id': <ID>,
--                 'name': <NAME>,
--                 'disk_format': <DISK_FORMAT>,
--                 'container_format': <DISK_FORMAT>,
--                 'checksum': <CHECKSUM>
--                 'size': <SIZE>}, ...
--            ]}
--        """
--        self._enforce(req, 'get_images')
--        params = self._get_query_params(req)
--        try:
--            images = registry.get_images_list(req.context, **params)
--        except exception.Invalid, e:
--            raise HTTPBadRequest(explanation="%s" % e)
--
--        return dict(images=images)
--
--    def detail(self, req):
--        """
--        Returns detailed information for all public, available images
--
--        :param req: The WSGI/Webob Request object
--        :retval The response body is a mapping of the following form::
--
--            {'images': [
--                {'id': <ID>,
--                 'name': <NAME>,
--                 'size': <SIZE>,
--                 'disk_format': <DISK_FORMAT>,
--                 'container_format': <CONTAINER_FORMAT>,
--                 'checksum': <CHECKSUM>,
--                 'min_disk': <MIN_DISK>,
--                 'min_ram': <MIN_RAM>,
--                 'store': <STORE>,
--                 'status': <STATUS>,
--                 'created_at': <TIMESTAMP>,
--                 'updated_at': <TIMESTAMP>,
--                 'deleted_at': <TIMESTAMP>|<NONE>,
--                 'properties': {'distro': 'Ubuntu 10.04 LTS', ...}}, ...
--            ]}
--        """
--        self._enforce(req, 'get_images')
--        params = self._get_query_params(req)
--        try:
--            images = registry.get_images_detail(req.context, **params)
--            # Strip out the Location attribute. Temporary fix for
--            # LP Bug #755916. This information is still coming back
--            # from the registry, since the API server still needs access
--            # to it, however we do not return this potential security
--            # information to the API end user...
--            for image in images:
--                del image['location']
--        except exception.Invalid, e:
--            raise HTTPBadRequest(explanation="%s" % e)
--        return dict(images=images)
--
--    def _get_query_params(self, req):
--        """
--        Extracts necessary query params from request.
--
--        :param req: the WSGI Request object
--        :retval dict of parameters that can be used by registry client
--        """
--        params = {'filters': self._get_filters(req)}
--
--        for PARAM in SUPPORTED_PARAMS:
--            if PARAM in req.params:
--                params[PARAM] = req.params.get(PARAM)
--        return params
--
--    def _get_filters(self, req):
--        """
--        Return a dictionary of query param filters from the request
--
--        :param req: the Request object coming from the wsgi layer
--        :retval a dict of key/value filters
--        """
--        query_filters = {}
--        for param in req.params:
--            if param in SUPPORTED_FILTERS or param.startswith('property-'):
--                query_filters[param] = req.params.get(param)
--                if not filters.validate(param, query_filters[param]):
--                    raise HTTPBadRequest('Bad value passed to filter %s '
--                                         'got %s' % (param,
--                                                     query_filters[param]))
--        return query_filters
--
--    def meta(self, req, id):
--        """
--        Returns metadata about an image in the HTTP headers of the
--        response object
--
--        :param req: The WSGI/Webob Request object
--        :param id: The opaque image identifier
--        :retval similar to 'show' method but without image_data
--
--        :raises HTTPNotFound if image metadata is not available to user
--        """
--        self._enforce(req, 'get_image')
--        image_meta = self.get_image_meta_or_404(req, id)
--        del image_meta['location']
--        return {
--            'image_meta': image_meta
--        }
--
--    @staticmethod
--    def _validate_source(source, req):
--        """
--        External sources (as specified via the location or copy-from headers)
--        are supported only over non-local store types, i.e. S3, Swift, HTTP.
--        Note the absence of file:// for security reasons, see LP bug #942118.
--        If the above constraint is violated, we reject with 400 "Bad Request".
--        """
--        if source:
--            for scheme in ['s3', 'swift', 'http']:
--                if source.lower().startswith(scheme):
--                    return source
--            msg = _("External sourcing not supported for store %s") % source
--            logger.error(msg)
--            raise HTTPBadRequest(msg, request=req, content_type="text/plain")
--
--    @staticmethod
--    def _copy_from(req):
--        return req.headers.get('x-glance-api-copy-from')
--
--    @staticmethod
--    def _external_source(image_meta, req):
--        source = image_meta.get('location', Controller._copy_from(req))
--        return Controller._validate_source(source, req)
--
--    @staticmethod
--    def _get_from_store(where):
--        try:
--            image_data, image_size = get_from_backend(where)
--        except exception.NotFound, e:
--            raise HTTPNotFound(explanation="%s" % e)
--        image_size = int(image_size) if image_size else None
--        return image_data, image_size
--
--    def show(self, req, id):
--        """
--        Returns an iterator that can be used to retrieve an image's
--        data along with the image metadata.
--
--        :param req: The WSGI/Webob Request object
--        :param id: The opaque image identifier
--
--        :raises HTTPNotFound if image is not available to user
--        """
--        self._enforce(req, 'get_image')
--        image_meta = self.get_active_image_meta_or_404(req, id)
--
--        if image_meta.get('size') == 0:
--            image_iterator = iter([])
--        else:
--            image_iterator, size = self._get_from_store(image_meta['location'])
--            image_meta['size'] = size or image_meta['size']
--
--        del image_meta['location']
--        return {
--            'image_iterator': image_iterator,
--            'image_meta': image_meta,
--        }
--
--    def _reserve(self, req, image_meta):
--        """
--        Adds the image metadata to the registry and assigns
--        an image identifier if one is not supplied in the request
--        headers. Sets the image's status to `queued`.
--
--        :param req: The WSGI/Webob Request object
--        :param id: The opaque image identifier
--        :param image_meta: The image metadata
--
--        :raises HTTPConflict if image already exists
--        :raises HTTPBadRequest if image metadata is not valid
--        """
--        location = self._external_source(image_meta, req)
--
--        image_meta['status'] = ('active' if image_meta.get('size') == 0
--                                else 'queued')
--
--        if location:
--            store = get_store_from_location(location)
--            # check the store exists before we hit the registry, but we
--            # don't actually care what it is at this point
--            self.get_store_or_400(req, store)
--
--            # retrieve the image size from remote store (if not provided)
--            image_meta['size'] = self._get_size(image_meta, location)
--        else:
--            # Ensure that the size attribute is set to zero for directly
--            # uploadable images (if not provided). The size will be set
--            # to a non-zero value during upload
--            image_meta['size'] = image_meta.get('size', 0)
--
--        try:
--            image_meta = registry.add_image_metadata(req.context, image_meta)
--            return image_meta
--        except exception.Duplicate:
--            msg = (_("An image with identifier %s already exists")
--                  % image_meta['id'])
--            logger.error(msg)
--            raise HTTPConflict(msg, request=req, content_type="text/plain")
--        except exception.Invalid, e:
--            msg = (_("Failed to reserve image. Got error: %(e)s") % locals())
--            for line in msg.split('\n'):
--                logger.error(line)
--            raise HTTPBadRequest(msg, request=req, content_type="text/plain")
--        except exception.Forbidden:
--            msg = _("Forbidden to reserve image.")
--            logger.error(msg)
--            raise HTTPForbidden(msg, request=req, content_type="text/plain")
--
--    def _upload(self, req, image_meta):
--        """
--        Uploads the payload of the request to a backend store in
--        Glance. If the `x-image-meta-store` header is set, Glance
--        will attempt to use that store, if not, Glance will use the
--        store set by the flag `default_store`.
--
--        :param req: The WSGI/Webob Request object
--        :param image_meta: Mapping of metadata about image
--
--        :raises HTTPConflict if image already exists
--        :retval The location where the image was stored
--        """
--
--        copy_from = self._copy_from(req)
--        if copy_from:
--            image_data, image_size = self._get_from_store(copy_from)
--            image_meta['size'] = image_size or image_meta['size']
--        else:
--            try:
--                req.get_content_type('application/octet-stream')
--            except exception.InvalidContentType:
--                self._safe_kill(req, image_meta['id'])
--                msg = _("Content-Type must be application/octet-stream")
--                logger.error(msg)
--                raise HTTPBadRequest(explanation=msg)
--
--            image_data = req.body_file
--
--            if req.content_length:
--                image_size = int(req.content_length)
--            elif 'x-image-meta-size' in req.headers:
--                image_size = int(req.headers['x-image-meta-size'])
--            else:
--                logger.debug(_("Got request with no content-length and no "
--                               "x-image-meta-size header"))
--                image_size = 0
--
--        store_name = req.headers.get('x-image-meta-store',
--                                     self.conf.default_store)
--
--        store = self.get_store_or_400(req, store_name)
--
--        image_id = image_meta['id']
--        logger.debug(_("Setting image %s to status 'saving'"), image_id)
--        registry.update_image_metadata(req.context, image_id,
--                                       {'status': 'saving'})
--        try:
--            logger.debug(_("Uploading image data for image %(image_id)s "
--                         "to %(store_name)s store"), locals())
--
--            if image_size > IMAGE_SIZE_CAP:
--                max_image_size = IMAGE_SIZE_CAP
--                msg = _("Denying attempt to upload image larger than "
--                        "%(max_image_size)d. Supplied image size was "
--                        "%(image_size)d") % locals()
--                logger.warn(msg)
--                raise HTTPBadRequest(msg, request=req)
--
--            location, size, checksum = store.add(image_meta['id'],
--                                                 image_data,
--                                                 image_size)
--
--            # Verify any supplied checksum value matches checksum
--            # returned from store when adding image
--            supplied_checksum = image_meta.get('checksum')
--            if supplied_checksum and supplied_checksum != checksum:
--                msg = _("Supplied checksum (%(supplied_checksum)s) and "
--                       "checksum generated from uploaded image "
--                       "(%(checksum)s) did not match. Setting image "
--                       "status to 'killed'.") % locals()
--                logger.error(msg)
--                self._safe_kill(req, image_id)
--                raise HTTPBadRequest(msg, content_type="text/plain",
--                                     request=req)
--
--            # Update the database with the checksum returned
--            # from the backend store
--            logger.debug(_("Updating image %(image_id)s data. "
--                         "Checksum set to %(checksum)s, size set "
--                         "to %(size)d"), locals())
--            update_data = {'checksum': checksum,
--                           'size': size}
--            image_meta = registry.update_image_metadata(req.context,
--                                                        image_id,
--                                                        update_data)
--            self.notifier.info('image.upload', image_meta)
--
--            return location
--
--        except exception.Duplicate, e:
--            msg = _("Attempt to upload duplicate image: %s") % e
--            logger.error(msg)
--            self._safe_kill(req, image_id)
--            self.notifier.error('image.upload', msg)
--            raise HTTPConflict(msg, request=req)
--
--        except exception.Forbidden, e:
--            msg = _("Forbidden upload attempt: %s") % e
--            logger.error(msg)
--            self._safe_kill(req, image_id)
--            self.notifier.error('image.upload', msg)
--            raise HTTPForbidden(msg, request=req, content_type="text/plain")
--
--        except exception.StorageFull, e:
--            msg = _("Image storage media is full: %s") % e
--            logger.error(msg)
--            self._safe_kill(req, image_id)
--            self.notifier.error('image.upload', msg)
--            raise HTTPRequestEntityTooLarge(msg, request=req,
--                                            content_type='text/plain')
--
--        except exception.StorageWriteDenied, e:
--            msg = _("Insufficient permissions on image storage media: %s") % e
--            logger.error(msg)
--            self._safe_kill(req, image_id)
--            self.notifier.error('image.upload', msg)
--            raise HTTPServiceUnavailable(msg, request=req,
--                                         content_type='text/plain')
--
--        except HTTPError, e:
--            self._safe_kill(req, image_id)
--            self.notifier.error('image.upload', e.explanation)
--            raise
--
--        except Exception, e:
--            tb_info = traceback.format_exc()
--            logger.error(tb_info)
--
--            self._safe_kill(req, image_id)
--
--            msg = _("Error uploading image: (%(class_name)s): "
--                    "%(exc)s") % ({'class_name': e.__class__.__name__,
--                    'exc': str(e)})
--
--            self.notifier.error('image.upload', msg)
--            raise HTTPBadRequest(msg, request=req)
--
--    def _activate(self, req, image_id, location):
--        """
--        Sets the image status to `active` and the image's location
--        attribute.
--
--        :param req: The WSGI/Webob Request object
--        :param image_id: Opaque image identifier
--        :param location: Location of where Glance stored this image
--        """
--        image_meta = {}
--        image_meta['location'] = location
--        image_meta['status'] = 'active'
--
--        try:
--            return registry.update_image_metadata(req.context,
--                                                  image_id,
--                                                  image_meta)
--        except exception.Invalid, e:
--            msg = (_("Failed to activate image. Got error: %(e)s")
--                   % locals())
--            for line in msg.split('\n'):
--                logger.error(line)
--            self.notifier.error('image.update', msg)
--            raise HTTPBadRequest(msg, request=req, content_type="text/plain")
--
--    def _kill(self, req, image_id):
--        """
--        Marks the image status to `killed`.
--
--        :param req: The WSGI/Webob Request object
--        :param image_id: Opaque image identifier
--        """
--        registry.update_image_metadata(req.context, image_id,
--                                       {'status': 'killed'})
--
--    def _safe_kill(self, req, image_id):
--        """
--        Mark image killed without raising exceptions if it fails.
--
--        Since _kill is meant to be called from exceptions handlers, it should
--        not raise itself, rather it should just log its error.
--
--        :param req: The WSGI/Webob Request object
--        :param image_id: Opaque image identifier
--        """
--        try:
--            self._kill(req, image_id)
--        except Exception, e:
--            logger.error(_("Unable to kill image %(id)s: "
--                           "%(exc)s") % ({'id': image_id,
--                           'exc': repr(e)}))
--
--    def _upload_and_activate(self, req, image_meta):
--        """
--        Safely uploads the image data in the request payload
--        and activates the image in the registry after a successful
--        upload.
--
--        :param req: The WSGI/Webob Request object
--        :param image_meta: Mapping of metadata about image
--
--        :retval Mapping of updated image data
--        """
--        image_id = image_meta['id']
--        # This is necessary because of a bug in Webob 1.0.2 - 1.0.7
--        # See: https://bitbucket.org/ianb/webob/
--        # issue/12/fix-for-issue-6-broke-chunked-transfer
--        req.is_body_readable = True
--        location = self._upload(req, image_meta)
--        return self._activate(req, image_id, location)
--
--    def _get_size(self, image_meta, location):
--        # retrieve the image size from remote store (if not provided)
--        return image_meta.get('size', 0) or get_size_from_backend(location)
--
--    def _handle_source(self, req, image_id, image_meta, image_data):
--        if image_data or self._copy_from(req):
--            image_meta = self._upload_and_activate(req, image_meta)
--        else:
--            location = image_meta.get('location')
--            if location:
--                image_meta = self._activate(req, image_id, location)
--        return image_meta
--
--    def create(self, req, image_meta, image_data):
--        """
--        Adds a new image to Glance. Four scenarios exist when creating an
--        image:
--
--        1. If the image data is available directly for upload, create can be
--           passed the image data as the request body and the metadata as the
--           request headers. The image will initially be 'queued', during
--           upload it will be in the 'saving' status, and then 'killed' or
--           'active' depending on whether the upload completed successfully.
--
--        2. If the image data exists somewhere else, you can upload indirectly
--           from the external source using the x-glance-api-copy-from header.
--           Once the image is uploaded, the external store is not subsequently
--           consulted, i.e. the image content is served out from the configured
--           glance image store.  State transitions are as for option #1.
--
--        3. If the image data exists somewhere else, you can reference the
--           source using the x-image-meta-location header. The image content
--           will be served out from the external store, i.e. is never uploaded
--           to the configured glance image store.
--
--        4. If the image data is not available yet, but you'd like reserve a
--           spot for it, you can omit the data and a record will be created in
--           the 'queued' state. This exists primarily to maintain backwards
--           compatibility with OpenStack/Rackspace API semantics.
--
--        The request body *must* be encoded as application/octet-stream,
--        otherwise an HTTPBadRequest is returned.
--
--        Upon a successful save of the image data and metadata, a response
--        containing metadata about the image is returned, including its
--        opaque identifier.
--
--        :param req: The WSGI/Webob Request object
--        :param image_meta: Mapping of metadata about image
--        :param image_data: Actual image data that is to be stored
--
--        :raises HTTPBadRequest if x-image-meta-location is missing
--                and the request body is not application/octet-stream
--                image data.
--        """
--        self._enforce(req, 'add_image')
--        if image_meta.get('is_public'):
--            self._enforce(req, 'publicize_image')
--        if req.context.read_only:
--            msg = _("Read-only access")
--            logger.debug(msg)
--            raise HTTPForbidden(msg, request=req,
--                                content_type="text/plain")
--
--        image_meta = self._reserve(req, image_meta)
--        id = image_meta['id']
--
--        image_meta = self._handle_source(req, id, image_meta, image_data)
--
--        # Prevent client from learning the location, as it
--        # could contain security credentials
--        image_meta.pop('location', None)
--
--        return {'image_meta': image_meta}
--
--    def update(self, req, id, image_meta, image_data):
--        """
--        Updates an existing image with the registry.
--
--        :param request: The WSGI/Webob Request object
--        :param id: The opaque image identifier
--
--        :retval Returns the updated image information as a mapping
--        """
--        self._enforce(req, 'modify_image')
--        if image_meta.get('is_public'):
--            self._enforce(req, 'publicize_image')
--        if req.context.read_only:
--            msg = _("Read-only access")
--            logger.debug(msg)
--            raise HTTPForbidden(msg, request=req,
--                                content_type="text/plain")
--
--        orig_image_meta = self.get_image_meta_or_404(req, id)
--        orig_status = orig_image_meta['status']
--
--        # The default behaviour for a PUT /images/<IMAGE_ID> is to
--        # override any properties that were previously set. This, however,
--        # leads to a number of issues for the common use case where a caller
--        # registers an image with some properties and then almost immediately
--        # uploads an image file along with some more properties. Here, we
--        # check for a special header value to be false in order to force
--        # properties NOT to be purged. However we also disable purging of
--        # properties if an image file is being uploaded...
--        purge_props = req.headers.get('x-glance-registry-purge-props', True)
--        purge_props = (utils.bool_from_string(purge_props) and
--                       image_data is None)
--
--        if image_data is not None and orig_status != 'queued':
--            raise HTTPConflict(_("Cannot upload to an unqueued image"))
--
--        # Only allow the Location|Copy-From fields to be modified if the
--        # image is in queued status, which indicates that the user called
--        # POST /images but originally supply neither a Location|Copy-From
--        # field NOR image data
--        location = self._external_source(image_meta, req)
--        reactivating = orig_status != 'queued' and location
--        activating = orig_status == 'queued' and (location or image_data)
--
--        if reactivating:
--            msg = _("Attempted to update Location field for an image "
--                    "not in queued status.")
--            raise HTTPBadRequest(msg, request=req, content_type="text/plain")
--
--        try:
--            if location:
--                image_meta['size'] = self._get_size(image_meta, location)
--
--            image_meta = registry.update_image_metadata(req.context,
--                                                        id,
--                                                        image_meta,
--                                                        purge_props)
--
--            if activating:
--                image_meta = self._handle_source(req, id, image_meta,
--                                                 image_data)
--        except exception.Invalid, e:
--            msg = (_("Failed to update image metadata. Got error: %(e)s")
--                   % locals())
--            for line in msg.split('\n'):
--                logger.error(line)
--            self.notifier.error('image.update', msg)
--            raise HTTPBadRequest(msg, request=req, content_type="text/plain")
--        except exception.NotFound, e:
--            msg = ("Failed to find image to update: %(e)s" % locals())
--            for line in msg.split('\n'):
--                logger.info(line)
--            self.notifier.info('image.update', msg)
--            raise HTTPNotFound(msg, request=req, content_type="text/plain")
--        except exception.Forbidden, e:
--            msg = ("Forbidden to update image: %(e)s" % locals())
--            for line in msg.split('\n'):
--                logger.info(line)
--            self.notifier.info('image.update', msg)
--            raise HTTPForbidden(msg, request=req, content_type="text/plain")
--        else:
--            self.notifier.info('image.update', image_meta)
--
--        # Prevent client from learning the location, as it
--        # could contain security credentials
--        image_meta.pop('location', None)
--
--        return {'image_meta': image_meta}
--
--    def delete(self, req, id):
--        """
--        Deletes the image and all its chunks from the Glance
--
--        :param req: The WSGI/Webob Request object
--        :param id: The opaque image identifier
--
--        :raises HttpBadRequest if image registry is invalid
--        :raises HttpNotFound if image or any chunk is not available
--        :raises HttpUnauthorized if image or any chunk is not
--                deleteable by the requesting user
--        """
--        self._enforce(req, 'delete_image')
--        if req.context.read_only:
--            msg = _("Read-only access")
--            logger.debug(msg)
--            raise HTTPForbidden(msg, request=req,
--                                content_type="text/plain")
--
--        image = self.get_image_meta_or_404(req, id)
--        if image['protected']:
--            msg = _("Image is protected")
--            logger.debug(msg)
--            raise HTTPForbidden(msg, request=req,
--                                content_type="text/plain")
--
--        # The image's location field may be None in the case
--        # of a saving or queued image, therefore don't ask a backend
--        # to delete the image if the backend doesn't yet store it.
--        # See https://bugs.launchpad.net/glance/+bug/747799
--        try:
--            if image['location']:
--                schedule_delete_from_backend(image['location'], self.conf,
--                                             req.context, id)
--            registry.delete_image_metadata(req.context, id)
--        except exception.NotFound, e:
--            msg = ("Failed to find image to delete: %(e)s" % locals())
--            for line in msg.split('\n'):
--                logger.info(line)
--            self.notifier.info('image.delete', msg)
--            raise HTTPNotFound(msg, request=req, content_type="text/plain")
--        except exception.Forbidden, e:
--            msg = ("Forbidden to delete image: %(e)s" % locals())
--            for line in msg.split('\n'):
--                logger.info(line)
--            self.notifier.info('image.delete', msg)
--            raise HTTPForbidden(msg, request=req, content_type="text/plain")
--        else:
--            self.notifier.info('image.delete', id)
--
--    def get_store_or_400(self, request, store_name):
--        """
--        Grabs the storage backend for the supplied store name
--        or raises an HTTPBadRequest (400) response
--
--        :param request: The WSGI/Webob Request object
--        :param store_name: The backend store name
--
--        :raises HTTPNotFound if store does not exist
--        """
--        try:
--            return get_store_from_scheme(store_name)
--        except exception.UnknownScheme:
--            msg = (_("Requested store %s not available on this Glance server")
--                   % store_name)
--            logger.error(msg)
--            raise HTTPBadRequest(msg, request=request,
--                                 content_type='text/plain')
--
--    def verify_store_or_exit(self, store_name):
--        """
--        Verifies availability of the storage backend for the
--        given store name or exits
--
--        :param store_name: The backend store name
--        """
--        try:
--            get_store_from_scheme(store_name)
--        except exception.UnknownScheme:
--            msg = (_("Default store %s not available on this Glance server\n")
--                   % store_name)
--            logger.error(msg)
--            # message on stderr will only be visible if started directly via
--            # bin/glance-api, as opposed to being daemonized by glance-control
--            sys.stderr.write(msg)
--            sys.exit(255)
--
--
--class ImageDeserializer(wsgi.JSONRequestDeserializer):
--    """Handles deserialization of specific controller method requests."""
--
--    def _deserialize(self, request):
--        result = {}
--        try:
--            result['image_meta'] = utils.get_image_meta_from_headers(request)
--        except exception.Invalid:
--            image_size_str = request.headers['x-image-meta-size']
--            msg = _("Incoming image size of %s was not convertible to "
--                    "an integer.") % image_size_str
--            raise HTTPBadRequest(msg, request=request)
--
--        image_meta = result['image_meta']
--        if 'size' in image_meta:
--            incoming_image_size = image_meta['size']
--            if incoming_image_size > IMAGE_SIZE_CAP:
--                max_image_size = IMAGE_SIZE_CAP
--                msg = _("Denying attempt to upload image larger than "
--                        "%(max_image_size)d. Supplied image size was "
--                        "%(incoming_image_size)d") % locals()
--                logger.warn(msg)
--                raise HTTPBadRequest(msg, request=request)
--
--        data = request.body_file if self.has_body(request) else None
--        result['image_data'] = data
--        return result
--
--    def create(self, request):
--        return self._deserialize(request)
--
--    def update(self, request):
--        return self._deserialize(request)
--
--
--class ImageSerializer(wsgi.JSONResponseSerializer):
--    """Handles serialization of specific controller method responses."""
--
--    def __init__(self, conf):
--        self.conf = conf
--        self.notifier = notifier.Notifier(conf)
--
--    def _inject_location_header(self, response, image_meta):
--        location = self._get_image_location(image_meta)
--        response.headers['Location'] = location
--
--    def _inject_checksum_header(self, response, image_meta):
--        response.headers['ETag'] = image_meta['checksum']
--
--    def _inject_image_meta_headers(self, response, image_meta):
--        """
--        Given a response and mapping of image metadata, injects
--        the Response with a set of HTTP headers for the image
--        metadata. Each main image metadata field is injected
--        as a HTTP header with key 'x-image-meta-<FIELD>' except
--        for the properties field, which is further broken out
--        into a set of 'x-image-meta-property-<KEY>' headers
--
--        :param response: The Webob Response object
--        :param image_meta: Mapping of image metadata
--        """
--        headers = utils.image_meta_to_http_headers(image_meta)
--
--        for k, v in headers.items():
--            response.headers[k] = v
--
--    def _get_image_location(self, image_meta):
--        """Build a relative url to reach the image defined by image_meta."""
--        return "/v1/images/%s" % image_meta['id']
--
--    def meta(self, response, result):
--        image_meta = result['image_meta']
--        self._inject_image_meta_headers(response, image_meta)
--        self._inject_location_header(response, image_meta)
--        self._inject_checksum_header(response, image_meta)
--        return response
--
--    def image_send_notification(self, bytes_written, expected_size,
--                                image_meta, request):
--        """Send an image.send message to the notifier."""
--        try:
--            context = request.context
--            payload = {
--                'bytes_sent': bytes_written,
--                'image_id': image_meta['id'],
--                'owner_id': image_meta['owner'],
--                'receiver_tenant_id': context.tenant,
--                'receiver_user_id': context.user,
--                'destination_ip': request.remote_addr,
--            }
--            if bytes_written != expected_size:
--                self.notifier.error('image.send', payload)
--            else:
--                self.notifier.info('image.send', payload)
--        except Exception, err:
--            msg = _("An error occurred during image.send"
--                    " notification: %(err)s") % locals()
--            logger.error(msg)
--
--    def show(self, response, result):
--        image_meta = result['image_meta']
--        image_id = image_meta['id']
--
--        # We use a secondary iterator here to wrap the
--        # iterator coming back from the store driver in
--        # order to check for disconnections from the backend
--        # storage connections and log an error if the size of
--        # the transferred image is not the same as the expected
--        # size of the image file. See LP Bug #882585.
--        def checked_iter(image_id, expected_size, image_iter):
--            bytes_written = 0
--
--            def notify_image_sent_hook(env):
--                self.image_send_notification(bytes_written, expected_size,
--                                             image_meta, response.request)
--
--            # Add hook to process after response is fully sent
--            if 'eventlet.posthooks' in response.request.environ:
--                response.request.environ['eventlet.posthooks'].append(
--                    (notify_image_sent_hook, (), {}))
--
--            try:
--                for chunk in image_iter:
--                    yield chunk
--                    bytes_written += len(chunk)
--            except Exception, err:
--                msg = _("An error occurred reading from backend storage "
--                        "for image %(image_id): %(err)s") % locals()
--                logger.error(msg)
--                raise
--
--            if expected_size != bytes_written:
--                msg = _("Backend storage for image %(image_id)s "
--                        "disconnected after writing only %(bytes_written)d "
--                        "bytes") % locals()
--                logger.error(msg)
--                raise IOError(errno.EPIPE, _("Corrupt image download for "
--                                             "image %(image_id)s") % locals())
--
--        image_iter = result['image_iterator']
--        # image_meta['size'] is a str
--        expected_size = int(image_meta['size'])
--        response.app_iter = checked_iter(image_id, expected_size, image_iter)
--        # Using app_iter blanks content-length, so we set it here...
--        response.headers['Content-Length'] = image_meta['size']
--        response.headers['Content-Type'] = 'application/octet-stream'
--
--        self._inject_image_meta_headers(response, image_meta)
--        self._inject_location_header(response, image_meta)
--        self._inject_checksum_header(response, image_meta)
--
--        return response
--
--    def update(self, response, result):
--        image_meta = result['image_meta']
--        response.body = self.to_json(dict(image=image_meta))
--        response.headers['Content-Type'] = 'application/json'
--        self._inject_location_header(response, image_meta)
--        self._inject_checksum_header(response, image_meta)
--        return response
--
--    def create(self, response, result):
--        image_meta = result['image_meta']
--        response.status = 201
--        response.headers['Content-Type'] = 'application/json'
--        response.body = self.to_json(dict(image=image_meta))
--        self._inject_location_header(response, image_meta)
--        self._inject_checksum_header(response, image_meta)
--        return response
--
--
--def create_resource(conf):
--    """Images resource factory method"""
--    deserializer = ImageDeserializer()
--    serializer = ImageSerializer(conf)
--    return wsgi.Resource(Controller(conf), deserializer, serializer)
 === modified file '.pc/applied-patches'
 --- .pc/applied-patches	2012-11-08 07:19:39 +0000
 +++ .pc/applied-patches	2012-12-18 14:13:22 +0000
@@ -3,4 +3,3 @@
  disable-network-for-docs.patch
  disable_db_table_auto_create.patch
  fix_migration_012_foreign_keys.patch
--CVE-2012-4573.patch
 === modified file '.pc/fix_migration_012_foreign_keys.patch/Authors'
 --- .pc/fix_migration_012_foreign_keys.patch/Authors	2012-06-24 03:14:33 +0000
 +++ .pc/fix_migration_012_foreign_keys.patch/Authors	2012-12-18 14:13:22 +0000
@@ -54,6 +54,7 @@
  Rick Harris <rconradharris@gmail.com>
  Reynolds Chin <benzwt@gmail.com>
  Russell Bryant <rbryant@redhat.com>
++Sean Dague <sdague@linux.vnet.ibm.com>
  Soren Hansen <soren.hansen@rackspace.com>
  Stuart McLaren <stuart.mclaren@hp.com>
  Taku Fukushima <tfukushima@dcl.info.waseda.ac.jp>
 === modified file 'Authors'
 --- Authors	2012-06-24 03:14:33 +0000
 +++ Authors	2012-12-18 14:13:22 +0000
@@ -55,6 +55,7 @@
  Reynolds Chin <benzwt@gmail.com>
  Russell Bryant <rbryant@redhat.com>
  Sam Morrison <sorrison@gmail.com>
++Sean Dague <sdague@linux.vnet.ibm.com>
  Soren Hansen <soren.hansen@rackspace.com>
  Stuart McLaren <stuart.mclaren@hp.com>
  Taku Fukushima <tfukushima@dcl.info.waseda.ac.jp>
 === added file 'PKG-INFO'
 --- PKG-INFO	1970-01-01 00:00:00 +0000
 +++ PKG-INFO	2012-12-18 14:13:22 +0000
@@ -0,0 +1,15 @@
++Metadata-Version: 1.1
++Name: glance
++Version: 2012.1.3
++Summary: The Glance project provides services for discovering, registering, and retrieving virtual machine images
++Home-page: http://glance.openstack.org/
++Author: OpenStack
++Author-email: openstack@lists.launchpad.net
++License: Apache License (2.0)
++Description: UNKNOWN
++Platform: UNKNOWN
++Classifier: Development Status :: 4 - Beta
++Classifier: License :: OSI Approved :: Apache Software License
++Classifier: Operating System :: POSIX :: Linux
++Classifier: Programming Language :: Python :: 2.6
++Classifier: Environment :: No Input/Output (Daemon)
 === modified file 'debian/changelog'
 --- debian/changelog	2012-11-08 07:19:39 +0000
 +++ debian/changelog	2012-12-18 14:13:22 +0000
@@ -1,3 +1,21 @@
++glance (2012.1.4+stable-20121217-efd7e75b-0ubuntu1) precise-proposed; urgency=low
++
++  [ Adam Gandelman ]
++  * debian/glance-{registry, api}.logrotate: Fix incorrect logfile
++    locations. (LP: #1049314)
++
++  [ Yolanda Robla Mota ]
++  * Resynchronize with stable/essex (efd7e75b):
++    - [efd7e75] Non-admin users can cause public glance images to be deleted
++      from the backend storage repository (CVE-2012-4573)
++    - [e6be061] Jenkins jobs fail because of incompatibility between sqlalchemy-
++      migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
++
++  * Dropped patches, superseeded by snapshot:
++    - debian/patches/CVE-2012-4573.patch: [efd7e75]
++
++ -- Yolanda Robla Mota <yolanda.robla@canonical.com>  Mon, 17 Dec 2012 10:56:46 +0000
++
  glance (2012.1.3+stable~20120821-120fcf-0ubuntu1.2) precise-security; urgency=low
    * SECURITY UPDATE: deletion of arbitrary public and shared images via
 === modified file 'debian/glance-api.logrotate'
 --- debian/glance-api.logrotate	2012-01-13 10:50:40 +0000
 +++ debian/glance-api.logrotate	2012-12-18 14:13:22 +0000
@@ -1,4 +1,4 @@
--/var/log/glance/glance-api.log {
++/var/log/glance/api.log {
      daily
      missingok
      compress
 === modified file 'debian/glance-registry.logrotate'
 --- debian/glance-registry.logrotate	2012-01-13 10:50:40 +0000
 +++ debian/glance-registry.logrotate	2012-12-18 14:13:22 +0000
@@ -1,4 +1,4 @@
--/var/log/glance/glance-api.log {
++/var/log/glance/registry.log {
      daily
      missingok
      compress
 === removed file 'debian/patches/CVE-2012-4573.patch'
 --- debian/patches/CVE-2012-4573.patch	2012-11-08 07:19:39 +0000
 +++ debian/patches/CVE-2012-4573.patch	1970-01-01 00:00:00 +0000
@@ -1,35 +0,0 @@
--From efd7e75b1f419a52c7103c7840e24af8e5deb29d Mon Sep 17 00:00:00 2001
--From: Brian Waldon <bcwaldon@gmail.com>
--Date: Wed, 7 Nov 2012 10:06:43 -0500
--Subject: [PATCH] Ensure image owned by user before delayed_deletion
--
--Fixes bug 1065187.
--
--Change-Id: Icf2f117a094c712bad645ef5f297e9f7da994c84
-----
-- glance/api/v1/images.py |    9 +++++++++
-- 1 file changed, 9 insertions(+)
--
--diff --git a/glance/api/v1/images.py b/glance/api/v1/images.py
--index 9bedf20..1a8eac8 100644
----- a/glance/api/v1/images.py
--+++ b/glance/api/v1/images.py
--@@ -727,6 +727,15 @@ class Controller(controller.BaseController):
--                                 content_type="text/plain")
--
--         image = self.get_image_meta_or_404(req, id)
--+
--+        if not (req.context.is_admin
--+                or image['owner'] == None
--+                or image['owner'] == req.context.owner):
--+            msg = _("Unable to delete image you do not own")
--+            logger.debug(msg)
--+            raise HTTPForbidden(msg, request=req,
--+                                content_type="text/plain")
--+
--         if image['protected']:
--             msg = _("Image is protected")
--             logger.debug(msg)
----
--1.7.9.5
--
 === modified file 'debian/patches/fix_migration_012_foreign_keys.patch'
 --- debian/patches/fix_migration_012_foreign_keys.patch	2012-04-12 15:02:08 +0000
 +++ debian/patches/fix_migration_012_foreign_keys.patch	2012-12-18 14:13:22 +0000
@@ -1,5 +1,3 @@
--From: 4e35808f94db8c17a20608e137e2940195821fac
--Author: Sam Morrison <sorrison@gmail.com>
  Date:   Mon Apr 2 11:22:10 2012 +1000
  Bug: https://bugs.launchpad.net/glance/+bug/976908
  Origin, upstream: https://review.openstack.org/#change,6061
@@ -8,25 +6,21 @@
  * fix bug 976908
--Change-Id: I0248f825396d08688238e6d2ef37c8fcb49e8c9d
--
--
--diff --git a/Authors b/Authors
--index 8158c2a..d9c9302 100644
----- a/Authors
--+++ b/Authors
--@@ -52,6 +52,7 @@ Rick Clark <rick@openstack.org>
++Change-Id: I0248f825396d08688238e6d2ef37c8fcb49e8c9
++diff -Naurp glance-2012.1.3.orig/Authors glance-2012.1.3/Authors
++--- glance-2012.1.3.orig/Authors	2012-11-26 15:19:40.000000000 -0600
+++++ glance-2012.1.3/Authors	2012-11-26 15:42:42.691087411 -0600
++@@ -54,6 +54,7 @@ Rick Clark <rick@openstack.org>
   Rick Harris <rconradharris@gmail.com>
   Reynolds Chin <benzwt@gmail.com>
   Russell Bryant <rbryant@redhat.com>
  +Sam Morrison <sorrison@gmail.com>
++ Sean Dague <sdague@linux.vnet.ibm.com>
   Soren Hansen <soren.hansen@rackspace.com>
   Stuart McLaren <stuart.mclaren@hp.com>
-- Taku Fukushima <tfukushima@dcl.info.waseda.ac.jp>
--diff --git a/glance/registry/db/migrate_repo/versions/012_id_to_uuid.py b/glance/registry/db/migrate_repo/versions/012_id_to_uuid.py
--index fe6bf86..8db18c1 100644
----- a/glance/registry/db/migrate_repo/versions/012_id_to_uuid.py
--+++ b/glance/registry/db/migrate_repo/versions/012_id_to_uuid.py
++diff -Naurp glance-2012.1.3.orig/glance/registry/db/migrate_repo/versions/012_id_to_uuid.py glance-2012.1.3/glance/registry/db/migrate_repo/versions/012_id_to_uuid.py
++--- glance-2012.1.3.orig/glance/registry/db/migrate_repo/versions/012_id_to_uuid.py	2012-11-26 15:19:40.000000000 -0600
+++++ glance-2012.1.3/glance/registry/db/migrate_repo/versions/012_id_to_uuid.py	2012-11-26 15:41:59.231087390 -0600
@@ -225,18 +225,24 @@ def _get_table(table_name, metadata):
   def _get_foreign_keys(t_images, t_image_members, t_image_properties):
@@ -36,27 +30,29 @@
  +    foreign_keys = []
  +    if t_image_members.foreign_keys:
  +        img_members_fk_name = list(t_image_members.foreign_keys)[0].name
--
---    fk1 = migrate.ForeignKeyConstraint([t_image_members.c.image_id],
---                                       [t_images.c.id],
---                                       name=image_members_fk_name)
+++
  +        fk1 = migrate.ForeignKeyConstraint([t_image_members.c.image_id],
  +                                           [t_images.c.id],
  +                                           name=img_members_fk_name)
  +        foreign_keys.append(fk1)
--
---    fk2 = migrate.ForeignKeyConstraint([t_image_properties.c.image_id],
---                                       [t_images.c.id],
---                                       name=image_properties_fk_name)
+++
  +    if t_image_properties.foreign_keys:
  +        img_properties_fk_name = list(t_image_properties.foreign_keys)[0].name
--
---    return fk1, fk2
+++
  +        fk2 = migrate.ForeignKeyConstraint([t_image_properties.c.image_id],
  +                                           [t_images.c.id],
  +                                           name=img_properties_fk_name)
  +        foreign_keys.append(fk2)
--+
++
++-    fk1 = migrate.ForeignKeyConstraint([t_image_members.c.image_id],
++-                                       [t_images.c.id],
++-                                       name=image_members_fk_name)
++-
++-    fk2 = migrate.ForeignKeyConstraint([t_image_properties.c.image_id],
++-                                       [t_images.c.id],
++-                                       name=image_properties_fk_name)
++-
++-    return fk1, fk2
  +    return foreign_keys
 === modified file 'debian/patches/series'
 --- debian/patches/series	2012-11-08 07:19:39 +0000
 +++ debian/patches/series	2012-12-18 14:13:22 +0000
@@ -3,4 +3,3 @@
  disable-network-for-docs.patch
  disable_db_table_auto_create.patch
  fix_migration_012_foreign_keys.patch
--CVE-2012-4573.patch
 === added directory 'glance.egg-info'
 === added file 'glance.egg-info/PKG-INFO'
 --- glance.egg-info/PKG-INFO	1970-01-01 00:00:00 +0000
 +++ glance.egg-info/PKG-INFO	2012-12-18 14:13:22 +0000
@@ -0,0 +1,15 @@
++Metadata-Version: 1.1
++Name: glance
++Version: 2012.1.3
++Summary: The Glance project provides services for discovering, registering, and retrieving virtual machine images
++Home-page: http://glance.openstack.org/
++Author: OpenStack
++Author-email: openstack@lists.launchpad.net
++License: Apache License (2.0)
++Description: UNKNOWN
++Platform: UNKNOWN
++Classifier: Development Status :: 4 - Beta
++Classifier: License :: OSI Approved :: Apache Software License
++Classifier: Operating System :: POSIX :: Linux
++Classifier: Programming Language :: Python :: 2.6
++Classifier: Environment :: No Input/Output (Daemon)
 === added file 'glance.egg-info/SOURCES.txt'
 --- glance.egg-info/SOURCES.txt	1970-01-01 00:00:00 +0000
 +++ glance.egg-info/SOURCES.txt	2012-12-18 14:13:22 +0000
@@ -0,0 +1,217 @@
++Authors
++HACKING.rst
++LICENSE
++MANIFEST.in
++README.rst
++babel.cfg
++pylintrc
++run_tests.py
++run_tests.sh
++setup.cfg
++setup.py
++tox.ini
++bin/glance
++bin/glance-api
++bin/glance-cache-cleaner
++bin/glance-cache-manage
++bin/glance-cache-prefetcher
++bin/glance-cache-pruner
++bin/glance-control
++bin/glance-manage
++bin/glance-registry
++bin/glance-scrubber
++doc/source/architecture.rst
++doc/source/authentication.rst
++doc/source/cache.rst
++doc/source/client.rst
++doc/source/conf.py
++doc/source/configuring.rst
++doc/source/controllingservers.rst
++doc/source/formats.rst
++doc/source/glance.rst
++doc/source/glanceapi.rst
++doc/source/identifiers.rst
++doc/source/index.rst
++doc/source/installing.rst
++doc/source/notifications.rst
++doc/source/policies.rst
++doc/source/statuses.rst
++doc/source/_static/basic.css
++doc/source/_static/default.css
++doc/source/_static/jquery.tweet.js
++doc/source/_static/tweaks.css
++doc/source/_templates/.placeholder
++doc/source/_theme/layout.html
++doc/source/_theme/theme.conf
++doc/source/man/glance.rst
++doc/source/man/glanceapi.rst
++doc/source/man/glancecachecleaner.rst
++doc/source/man/glancecachemanage.rst
++doc/source/man/glancecacheprefetcher.rst
++doc/source/man/glancecachepruner.rst
++doc/source/man/glancecontrol.rst
++doc/source/man/glancemanage.rst
++doc/source/man/glanceregistry.rst
++doc/source/man/glancescrubber.rst
++etc/glance-api-paste.ini
++etc/glance-api.conf
++etc/glance-cache-paste.ini
++etc/glance-cache.conf
++etc/glance-registry-paste.ini
++etc/glance-registry.conf
++etc/glance-scrubber-paste.ini
++etc/glance-scrubber.conf
++etc/logging.cnf.sample
++etc/policy.json
++glance/__init__.py
++glance/client.py
++glance/vcsversion.py
++glance/version.py
++glance.egg-info/PKG-INFO
++glance.egg-info/SOURCES.txt
++glance.egg-info/dependency_links.txt
++glance.egg-info/top_level.txt
++glance/api/__init__.py
++glance/api/cached_images.py
++glance/api/policy.py
++glance/api/versions.py
++glance/api/middleware/__init__.py
++glance/api/middleware/cache.py
++glance/api/middleware/cache_manage.py
++glance/api/middleware/version_negotiation.py
++glance/api/v1/__init__.py
++glance/api/v1/controller.py
++glance/api/v1/filters.py
++glance/api/v1/images.py
++glance/api/v1/members.py
++glance/api/v1/router.py
++glance/common/__init__.py
++glance/common/animation.py
++glance/common/auth.py
++glance/common/cfg.py
++glance/common/client.py
++glance/common/config.py
++glance/common/context.py
++glance/common/crypt.py
++glance/common/exception.py
++glance/common/policy.py
++glance/common/utils.py
++glance/common/wsgi.py
++glance/image_cache/__init__.py
++glance/image_cache/cleaner.py
++glance/image_cache/prefetcher.py
++glance/image_cache/pruner.py
++glance/image_cache/queue_image.py
++glance/image_cache/drivers/__init__.py
++glance/image_cache/drivers/base.py
++glance/image_cache/drivers/sqlite.py
++glance/image_cache/drivers/xattr.py
++glance/locale/__init__.py
++glance/locale/glance.pot
++glance/notifier/__init__.py
++glance/notifier/notify_kombu.py
++glance/notifier/notify_log.py
++glance/notifier/notify_noop.py
++glance/notifier/notify_qpid.py
++glance/notifier/strategy.py
++glance/registry/__init__.py
++glance/registry/client.py
++glance/registry/context.py
++glance/registry/api/__init__.py
++glance/registry/api/v1/__init__.py
++glance/registry/api/v1/images.py
++glance/registry/api/v1/members.py
++glance/registry/db/__init__.py
++glance/registry/db/api.py
++glance/registry/db/migration.py
++glance/registry/db/models.py
++glance/registry/db/migrate_repo/README
++glance/registry/db/migrate_repo/__init__.py
++glance/registry/db/migrate_repo/manage.py
++glance/registry/db/migrate_repo/migrate.cfg
++glance/registry/db/migrate_repo/schema.py
++glance/registry/db/migrate_repo/versions/001_add_images_table.py
++glance/registry/db/migrate_repo/versions/002_add_image_properties_table.py
++glance/registry/db/migrate_repo/versions/003_add_disk_format.py
++glance/registry/db/migrate_repo/versions/003_sqlite_downgrade.sql
++glance/registry/db/migrate_repo/versions/003_sqlite_upgrade.sql
++glance/registry/db/migrate_repo/versions/004_add_checksum.py
++glance/registry/db/migrate_repo/versions/005_size_big_integer.py
++glance/registry/db/migrate_repo/versions/006_key_to_name.py
++glance/registry/db/migrate_repo/versions/006_mysql_downgrade.sql
++glance/registry/db/migrate_repo/versions/006_mysql_upgrade.sql
++glance/registry/db/migrate_repo/versions/006_sqlite_downgrade.sql
++glance/registry/db/migrate_repo/versions/006_sqlite_upgrade.sql
++glance/registry/db/migrate_repo/versions/007_add_owner.py
++glance/registry/db/migrate_repo/versions/008_add_image_members_table.py
++glance/registry/db/migrate_repo/versions/009_add_mindisk_and_minram.py
++glance/registry/db/migrate_repo/versions/010_default_update_at.py
++glance/registry/db/migrate_repo/versions/011_make_mindisk_and_minram_notnull.py
++glance/registry/db/migrate_repo/versions/012_id_to_uuid.py
++glance/registry/db/migrate_repo/versions/013_add_protected.py
++glance/registry/db/migrate_repo/versions/013_sqlite_downgrade.sql
++glance/registry/db/migrate_repo/versions/__init__.py
++glance/store/__init__.py
++glance/store/base.py
++glance/store/filesystem.py
++glance/store/http.py
++glance/store/location.py
++glance/store/rbd.py
++glance/store/s3.py
++glance/store/scrubber.py
++glance/store/swift.py
++glance/tests/__init__.py
++glance/tests/logcapture.py
++glance/tests/stubs.py
++glance/tests/utils.py
++glance/tests/etc/policy.json
++glance/tests/functional/__init__.py
++glance/tests/functional/store_utils.py
++glance/tests/functional/test_api.py
++glance/tests/functional/test_bin_glance.py
++glance/tests/functional/test_bin_glance_cache_manage.py
++glance/tests/functional/test_cache_middleware.py
++glance/tests/functional/test_client_exceptions.py
++glance/tests/functional/test_client_redirects.py
++glance/tests/functional/test_copy_to_file.py
++glance/tests/functional/test_logging.py
++glance/tests/functional/test_misc.py
++glance/tests/functional/test_multiprocessing.py
++glance/tests/functional/test_rbd.py
++glance/tests/functional/test_respawn.py
++glance/tests/functional/test_s3.py
++glance/tests/functional/test_scrubber.py
++glance/tests/functional/test_sqlite.py
++glance/tests/functional/test_ssl.py
++glance/tests/functional/test_swift.py
++glance/tests/unit/__init__.py
++glance/tests/unit/base.py
++glance/tests/unit/test_api.py
++glance/tests/unit/test_auth.py
++glance/tests/unit/test_cfg.py
++glance/tests/unit/test_clients.py
++glance/tests/unit/test_config.py
++glance/tests/unit/test_context.py
++glance/tests/unit/test_db.py
++glance/tests/unit/test_filesystem_store.py
++glance/tests/unit/test_http_store.py
++glance/tests/unit/test_image_cache.py
++glance/tests/unit/test_migrations.conf
++glance/tests/unit/test_migrations.py
++glance/tests/unit/test_misc.py
++glance/tests/unit/test_notifier.py
++glance/tests/unit/test_s3_store.py
++glance/tests/unit/test_skip_examples.py
++glance/tests/unit/test_store_location.py
++glance/tests/unit/test_swift_store.py
++glance/tests/unit/test_utils.py
++glance/tests/unit/test_versions.py
++glance/tests/unit/test_wsgi.py
++glance/tests/var/ca.crt
++glance/tests/var/certificate.crt
++glance/tests/var/privatekey.key
++tools/install_venv.py
++tools/migrate_image_owners.py
++tools/pip-requires
++tools/test-requires
++tools/with_venv.sh
 \ No newline at end of file
 === added file 'glance.egg-info/dependency_links.txt'
 --- glance.egg-info/dependency_links.txt	1970-01-01 00:00:00 +0000
 +++ glance.egg-info/dependency_links.txt	2012-12-18 14:13:22 +0000
@@ -0,0 +1,1 @@
++
 === added file 'glance.egg-info/top_level.txt'
 --- glance.egg-info/top_level.txt	1970-01-01 00:00:00 +0000
 +++ glance.egg-info/top_level.txt	2012-12-18 14:13:22 +0000
@@ -0,0 +1,1 @@
++glance
 === added file 'glance/vcsversion.py'
 --- glance/vcsversion.py	1970-01-01 00:00:00 +0000
 +++ glance/vcsversion.py	2012-12-18 14:13:22 +0000
@@ -0,0 +1,7 @@
++
++# This file is automatically generated by setup.py, So don't edit it. :)
++version_info = {
++    'branch_nick': 'stable/essex',
++    'revision_id': 'efd7e75b1f419a52c7103c7840e24af8e5deb29d',
++    'revno': 1464
++}
 === modified file 'setup.cfg'
 --- setup.cfg	2012-06-24 03:14:33 +0000
 +++ setup.cfg	2012-12-18 14:13:22 +0000
@@ -23,14 +23,11 @@
  output_file = glance/locale/glance.pot
  [nosetests]
--# NOTE(jkoelker) To run the test suite under nose install the following
--#                coverage http://pypi.python.org/pypi/coverage
--#                tissue http://pypi.python.org/pypi/tissue (pep8 checker)
--#                openstack-nose https://github.com/jkoelker/openstack-nose
--verbosity=2
--detailed-errors=1
--with-openstack=1
--openstack-red=0.05
--openstack-yellow=0.025
--openstack-show-elapsed=1
--openstack-color=1
++verbosity = 2
++detailed-errors = 1
++with-openstack = 1
++openstack-red = 0.05
++openstack-yellow = 0.025
++openstack-show-elapsed = 1
++openstack-color = 1
++
 === modified file 'tools/pip-requires'
 --- tools/pip-requires	2012-06-24 03:14:33 +0000
 +++ tools/pip-requires	2012-12-18 14:13:22 +0000
@@ -3,7 +3,7 @@
  # package to get the right headers...
  greenlet>=0.3.1
--SQLAlchemy>=0.7
++SQLAlchemy>=0.7,<=0.7.9
  anyjson
  eventlet>=0.9.12
  PasteDeploy

Ubuntuglance package

Merge lp:~yolanda.robla/ubuntu/precise/glance/essex-sru into lp:ubuntu/precise-updates/glance

Commit message

Description of the change

Unmerged revisions

Preview Diff

Subscribers

Ubuntu
glance package