bup and fix for bug 520352 CVE-2014-5356

Package-Manager: portage-2.2.8-r1/cvs/Linux x86_64 Manifest-Sign-Key: 0x2471EB3E40AC5AC3
author: Matt Thode <prometheanfire@gentoo.org> 2014-08-21 20:40:22 +0000
committer: Matt Thode <prometheanfire@gentoo.org> 2014-08-21 20:40:22 +0000
commit: 64008d56e56b3b54bfb1108db7822323307d146e (patch)
tree: 79dc4bcc46e1711a17d5ac23103f4e875be62f22 /app-admin
parent: bumped EAPI to 5; committed directly to stable as no other changes present an... (diff)
download: historical-64008d56e56b3b54bfb1108db7822323307d146e.tar.gz
historical-64008d56e56b3b54bfb1108db7822323307d146e.tar.bz2
historical-64008d56e56b3b54bfb1108db7822323307d146e.zip
5 files changed, 203 insertions, 243 deletions
diff --git a/app-admin/glance/ChangeLog b/app-admin/glance/ChangeLog
index 871547ce4296..b71c0864c065 100644
--- a/app-admin/glance/ChangeLog
+++ b/app-admin/glance/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-admin/glance
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/ChangeLog,v 1.47 2014/08/01 05:12:09 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/ChangeLog,v 1.48 2014/08/21 20:40:15 prometheanfire Exp $
+
+*glance-2014.1.2 (21 Aug 2014)
+
+  21 Aug 2014; Matthew Thode <prometheanfire@gentoo.org>
+  +files/2014.1.2-CVE-2014-5356.patch, +glance-2014.1.2.ebuild,
+  -files/CVE-2014-0162-2013.2.3.patch, -glance-2014.1.1.ebuild:
+  bup and fix for bug 520352 CVE-2014-5356
 
   01 Aug 2014; Matthew Thode <prometheanfire@gentoo.org> glance-9999.ebuild:
   updating git master glance
diff --git a/app-admin/glance/Manifest b/app-admin/glance/Manifest
index 8555f8ac0d85..6d9d908b805a 100644
--- a/app-admin/glance/Manifest
+++ b/app-admin/glance/Manifest
@@ -1,31 +1,31 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
-AUX CVE-2014-0162-2013.2.3.patch 8811 SHA256 408529c141db1a12fadf926e1a1cd2e56a1e53c174afc7eaeed16bcdb81bd9d4 SHA512 505c111aac28e2eac759ba58488cbef096c70f20f130654058cae619f8e49c51047240550f66fe303d463ccfc1cafb2a57dd1f3dfd54a5170db9534a8cd4eb03 WHIRLPOOL 4e45e27509a8770b9c9c897a6abd23f4648800168f41c632311bfa8a5cf17b5d695cf495e4c68885cdec05f0f80a1e66c1b2235333e4c79e2cc69898f1a03ef5
+AUX 2014.1.2-CVE-2014-5356.patch 7502 SHA256 9b1c5cb504c9dc6e5fa2cd0855740519f8ff8124b4f959b110fb1dc1cd059274 SHA512 ee9ee0c49fc1b2e6066eaba137fc2ae281bc8ccfa8af5edc094483c28aa5e201d20aee7465a0e6937bd9863c62100f5369f90d2bf1cc9227afd456030ae3e97d WHIRLPOOL 66b0c99e34e44137b200c08881cc5a579c5599916708fd8a8e6fb2836db7abcb4eecbcf5e05a51d65290a02060cbe38c3124d5a79af17977c1e47415731caf5d
 AUX glance-2013.2-sphinx_mapping.patch 582 SHA256 043c3f7ef413cf3675920880af57943b909ec9f3376f6e86a1ae1d5948d9ad98 SHA512 d012ce5eaed00c3ba7b6219813cee503f68cdb14b8e50eedc731afc63767e1867749d6e4824611e0d024b2fdebfe5a2b3ad53b0ad7b18a39defcc17094da4a0f WHIRLPOOL 659bf94e7740be3ea0d2f130b332e694ebdcca8b90acfb479b8502eec4b867eda999ec2c6cdecc1f3dcbe3e3ddf72798c76bdf16ab4ab561ce61975a451c4585
 AUX glance-gbug-474064-grizzly.patch 2377 SHA256 df92ba14455d4379f0c2297f1f087d7f3f08118e6129e45b0e5bf5fd26c7aba1 SHA512 a284b6002c3b4ae39678eb0c492b3adb6311b115761ef43f38427dc08670c0ebfb4011a3879291ee6acdf9480ca135b4cff77f41b7af9fe7a837effafba2c6f0 WHIRLPOOL 8adfcc80adf72b501a7123c29454c446b86c05917cc8a910f799db5c223fc0efb02240f36b842c05c08e8347ae6d6273ddfa088a03f0f65eee0cbfc40176c9c2
 AUX glance.confd 25 SHA256 5a53dcf1eece81a06a2dd0856b15f8abe20eb1072361b110f752e396e86a7843 SHA512 13e671d4544e58d7397c1a87eb1048ed4bb9561587fcd63783e377b2d25e810222ca3944e0c8cf13c524e64f94c435b456a0d6f7cacfb148e275377699a11ca9 WHIRLPOOL 862a310fbdd7b68f132c45797210011b607d9b5c8937d60c9f5933a4d625bc985ad0277fea26804681b7e0a674dc9da15fbef40502c4052d6742ef0a94e88f3d
 AUX glance.initd 651 SHA256 1b2fc0e11d572bfcc121cb995ea7b3cce63ee705a05d2fb34a9f99d655546553 SHA512 c0ed1cac2038dda8882d5ce013b948debf1e5e411a062d8c9cbfdb1e1683c94bfd78a3f3468de63e0cc28930c59c0ff323a3116ce6a74ccf5d8ad1d547805bad WHIRLPOOL b0b25f4e983bf9f46cb9dd5872d14b24dc90e3c383dc458c79d065e0855bbf838afc4a13f0c92db640cd64311e22985d0b92e1ca4d428ce8b1f08ff23b89cecf
-DIST glance-2014.1.1.tar.gz 2118829 SHA256 9a7aa31571aa5ba89c91f847c4bdf756b434a981075174fac75ef79691f3f45f SHA512 49610d3501105348ddbb659124f33c42ddd6206db0a97c4e9c9fb8867926caf0f4018d87364938e5260d025883d407ca16f33c82f4f95032719175f9ab03f60f WHIRLPOOL 1041e78026089e395325927bcd1c0aaa0f08f5b2a7af6daeb59e5db34fe94c86aa7f88a0dab6b10ed3410948dafdb27b825fded9e8756eb0726d052e787def89
-EBUILD glance-2014.1.1.ebuild 4864 SHA256 4644d78f6c37a9bd597f456d54fac57d1149e419a1e2fb4b95339617b7a3b8fd SHA512 ce51878289c614c0e46e2ccc278721ce044ecdc8cb11fcf4b8e56f05300698d6785f2827f2a34b84f66ea33cb77ac535a6dd3c7f73b2a85a3573e1352b84a248 WHIRLPOOL d93e16c3c0d20be85ca0669fcb979ef5f976363db47c09e69b4eb640674012756de9dd12128826d7f62640e248843880da616363c54a7ce2a027e4a5aee2e42e
+DIST glance-2014.1.2.tar.gz 2117649 SHA256 497ebaf2736cc1f243eba7b17104d7cde08517c7cf70c021fb59768cb710a3bb SHA512 180ebdf6f4bcde4ae4b342c31ea2854eda1c45ae237245162772cb8cf8d300ba860748ff6fdaa87c0d1da60538f077441baab9f084924e578e0da0359758d80e WHIRLPOOL dac7e02a747260d3027de7bd927209303bf24862511c594116ab4861cae30b08fc5a39d2b77ee5ca61249dd465761de56184b5b0da9bea989395d52ec7aa5c84
+EBUILD glance-2014.1.2.ebuild 4919 SHA256 f31b2d20bea14911985f43b5a5f0fe928f4bba8e876a44b59d116a100c116935 SHA512 11133e1522cdfd56fcd9f7af35a1270d6f31d07c9a2fc7b698c99ca71aabe551cd675e4247ae3a35d6c1a82f275be02f66d7caea04572338036192b031a5361a WHIRLPOOL 5fdab930a85042eb02b7311db3d01d199990aa5fe8762b9dfbea4390dd29d2f712e78a04aa212bc4afd16888071f8f97e98dee22bdb7f062c84e5b66bd0d8936
 EBUILD glance-2014.1.9999.ebuild 4879 SHA256 c64a9a614498116f3883e1be709321402edf14ac00ced1ccfe2637adb4cb5cfb SHA512 5dba5a90066050f29200ebf484f936ade6b237c539a119ab299d7f7f2c6bf7004ad1ab1a708c19a29809c189d30880fd16e38b4541f2f30f56ae7240a909a71d WHIRLPOOL fbfd8632529ba6c054011e76a52bc149a03237f46935a1acb6c3facdf488b9e9f013dfc7a9cf626c7dc8235946a618960a9ac28d37ecd01e23ca97597cae08fc
 EBUILD glance-9999.ebuild 4843 SHA256 cb262eac190bee1adb59ccc125809a3633adbd3448f5a15ee567b3c9a9e0b829 SHA512 e4aa1b6862ded7694eda77bf440ad71e6e6d413a7a7786f1dcd90f0084b8fdcf200486fe50cb49cb78936f0e2242e52b8122c84daa82c142836858e52d8137e7 WHIRLPOOL be80f071732df48b517f40015296c6a921afa665fece31c1efb3a12bb7bf89df20b9d113c10fa470c5ddf25da09d2e97377042ff295cdd7db2bb05e5fc04691f
-MISC ChangeLog 9652 SHA256 a77d826301406428e699eba7f0d6bff015841cca6f9dcab047accac4a730ef35 SHA512 e1ee84c36865b0b841d5ee2e5769a4c914f59a855a386be11e873cc847c92a63b029f9f1bb0a9c2d9183ea3780f3628641fffeefbd5e33388ffe2e489144bb7e WHIRLPOOL 64677ec397a906f8668a41639baf6ba8c930c27c9757c46472e4def8f4ba551e760cd36241e88c542fe0139696dd56a93dd399a4c04f612ee118cda7b3dc7275
+MISC ChangeLog 9913 SHA256 2e0d28dfc80096c45c19799022dc5b3d3b6270b8869f5de9f172ca90cab4b73f SHA512 ac820aa815e4afb6f3d500bbdc8473685a7edc49e8a5e42614a743194a42d14299589e5cd4a8d2b1958a8dbecbfdb0237f32e16e0136819f8da166050abc9d53 WHIRLPOOL af68076b8d50a1be30cb7cf8b3df656492ec10a3abdc07ec02bd02bf7cba68332ce8a0906931526bd9168256666e453f23d9635c9aa9bb6bc9f3059492987cba
 MISC metadata.xml 607 SHA256 b74d960c096528dbb7c9be6b0da777e10abe32928459f045e7c58b0156e22d95 SHA512 e38e4dd740fe55d73d6d97fd9ffa3aec5466fbb5f8e6484b125560313245ae697a0dcf612fb065125c6737a8254b6218c0703f7de79437bb2799c6c67f386e45 WHIRLPOOL 445bf712fd733fa90c395cc24fd02155bed15b092713d502b54331da9237f397877c2328adbf4049ee64ae163713ce031ebe5048c8826ed1a011d4ebcdbb681d
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQIcBAEBCAAGBQJT2yHJAAoJECRx6z5ArFrDqu8P/3XRehePrbhEGAo3LH4HSM4k
-zRaWyhfGnxfI6LzDQwkw45bxI/cDJiRxTIX0UOma4MltQiW9h/ikqlG7glyOAX1z
-Jm+rT1vjZu7bmRUvHomdU4kihorRQ068XKiMqAnzYza9aEC+EB37ug0bRKNpYYYu
-cuZLyBq4XAxEOzD4QzaDnqZxg3SC0Hy9zLrxonKZ8yTiYNpREPU64CDB9K6SwLkz
-hixz05OxFm3k734Qu2Z8uSUMY8g2n1kRrdiOVIrLPW54jk44VD5FsxA/ZALD0PNT
-AO2i19YezD+y6gTq8031tgXT/I+NRh6XqVB5KlzRcVGUx7lLtyA/XbiUHp7aYUbb
-0lSqdNoaBwz76wteDENnYJQ2+OVlZ4k1wxfJ/I6l1Sz1qNOJKfllb9kz6TBm+sXn
-J0Gv3LSDgMNN+AKsJWuOZRfGntdNkW3sOXQo7ZLgIPZe5SgclZw28YH41b6Ss1nO
-jchFTzqubTTJGjNOXparketLLMkghsnoCZjsukSZOlFAPTtu2c0UJoF2uldfHoH2
-BTSxpQcCLmFMFBVs8S085I4SmgCV/nHv9WmClTeFZ3EyZGFjmFe+pNXiNC26se9/
-JI5GB2NfJaoNbLC/N32AcaL3hp0Q6fbIrSR+j2aIC3Utb3f8pYx4I7dFP39BAYqT
-T1rY3lTKyXx20rdJ1raA
-=jfPp
+iQIcBAEBCAAGBQJT9lk3AAoJECRx6z5ArFrDhCkP/1dgTXpi4DdTRWPgfwPmuRqI
+4FfzFRUDT70LrxfVCCtJPbDXKTUlA0p1gqDaOG58HsZUJTQx+glc7+g7XZXjmzPp
+RrrwmgKF5lt0H+01BSsxjZsI7Fm7wX7xAnwLGiP/8Ls+2YcP/SE2Sm5Qi1s0Kfkk
+0UQEA/JE9RgI05iL2ZoO2IfeYj9uhISLBK9bwZ9aBJ9DKLl5PxOM+skcqYV4+lLR
+rX0pLJd9OSHyC2dJats9cTBG6prXds5JZ102pmZcI+p9Vsljh34Tf3SheS1YrBAI
+HtY75IjN2vPrUIw4RVwJx4tZKS8IZKuu4NrqO1yTN5fbq86qdlqytd3pWbDpqckc
+A0nE5UOQZ8SISZoRtpraVqJ1VpBKI63AHY0b3gq7wsWdvJNlwA9MPLZ6YvSnFR8y
+EloUo7w0l6QZkg2F4JVUfWd/NUJ98Zg6O+sWh1EqwM5boeTAt31mNJNlSIvPlnv6
+M/tsQER3U3fJhI2nRgRk8KaY4/gwg4LCsGcxyXaV0epKBqDfOjgYZv30qRvhohdw
+/4J8ynLjqseRAWent5v947G5Jy0XtpksRRTkafxDvxgeNV1Wf1p8pGLsF1yjznKL
+1vTRKRBJLbA2dwVP1b4OgOJrl4fsvpjU/fU3A8C2M4m7B6gtzS1plHUE/Eb7UsDP
+MGdyZvuNHowK3IrMpS+k
+=17P1
 -----END PGP SIGNATURE-----
diff --git a/app-admin/glance/files/2014.1.2-CVE-2014-5356.patch b/app-admin/glance/files/2014.1.2-CVE-2014-5356.patch
new file mode 100644
index 000000000000..1d64ad882381
--- /dev/null
+++ b/app-admin/glance/files/2014.1.2-CVE-2014-5356.patch
@@ -0,0 +1,175 @@
+From 31a4d1852a0c27bac5757c192f300f051229a312 Mon Sep 17 00:00:00 2001
+From: Tom Leaman <thomas.leaman@hp.com>
+Date: Fri, 2 May 2014 10:09:20 +0000
+Subject: Enforce image_size_cap on v2 upload
+
+image_size_cap should be checked and enforced on upload
+
+Enforcement is in two places:
+- on image metadata save
+- during image save to backend store
+
+(cherry picked from commit 92ab00fca6926eaf3f7f92a955a5e07140063718)
+Conflicts:
+	glance/location.py
+	glance/tests/functional/v2/test_images.py
+
+Closes-Bug: 1315321
+Change-Id: I45bfb360703617bc394e9e27fe17adf43b09c0e1
+Co-Author: Manuel Desbonnet <manuel.desbonnet@hp.com>
+
+diff --git a/glance/db/__init__.py b/glance/db/__init__.py
+index a6e804c..a59447d 100644
+--- a/glance/db/__init__.py
++++ b/glance/db/__init__.py
+@@ -27,6 +27,7 @@ from glance.openstack.common import importutils
+ 
+ 
+ CONF = cfg.CONF
++CONF.import_opt('image_size_cap', 'glance.common.config')
+ CONF.import_opt('metadata_encryption_key', 'glance.common.config')
+ 
+ 
+@@ -150,6 +151,8 @@ class ImageRepo(object):
+ 
+     def add(self, image):
+         image_values = self._format_image_to_db(image)
++        if image_values['size'] > CONF.image_size_cap:
++            raise exception.ImageSizeLimitExceeded
+         # the updated_at value is not set in the _format_image_to_db
+         # function since it is specific to image create
+         image_values['updated_at'] = image.updated_at
+@@ -161,6 +164,8 @@ class ImageRepo(object):
+ 
+     def save(self, image):
+         image_values = self._format_image_to_db(image)
++        if image_values['size'] > CONF.image_size_cap:
++            raise exception.ImageSizeLimitExceeded
+         try:
+             new_values = self.db_api.image_update(self.context,
+                                                   image.image_id,
+diff --git a/glance/store/__init__.py b/glance/store/__init__.py
+index 33a67d6..273b7c7 100644
+--- a/glance/store/__init__.py
++++ b/glance/store/__init__.py
+@@ -721,7 +721,10 @@ class ImageProxy(glance.domain.proxy.Image):
+             size = 0  # NOTE(markwash): zero -> unknown size
+         location, size, checksum, loc_meta = self.store_api.add_to_backend(
+             self.context, CONF.default_store,
+-            self.image.image_id, utils.CooperativeReader(data), size)
++            self.image.image_id,
++            utils.LimitingReader(utils.CooperativeReader(data),
++                                 CONF.image_size_cap),
++            size)
+         self.image.locations = [{'url': location, 'metadata': loc_meta}]
+         self.image.size = size
+         self.image.checksum = checksum
+diff --git a/glance/tests/functional/__init__.py b/glance/tests/functional/__init__.py
+index 537a42f..2f116f0 100644
+--- a/glance/tests/functional/__init__.py
++++ b/glance/tests/functional/__init__.py
+@@ -280,6 +280,7 @@ class ApiServer(Server):
+         self.pid_file = pid_file or os.path.join(self.test_dir, "api.pid")
+         self.scrubber_datadir = os.path.join(self.test_dir, "scrubber")
+         self.log_file = os.path.join(self.test_dir, "api.log")
++        self.image_size_cap = 1099511627776
+         self.s3_store_host = "s3.amazonaws.com"
+         self.s3_store_access_key = ""
+         self.s3_store_secret_key = ""
+@@ -341,6 +342,7 @@ metadata_encryption_key = %(metadata_encryption_key)s
+ registry_host = 127.0.0.1
+ registry_port = %(registry_port)s
+ log_file = %(log_file)s
++image_size_cap = %(image_size_cap)d
+ s3_store_host = %(s3_store_host)s
+ s3_store_access_key = %(s3_store_access_key)s
+ s3_store_secret_key = %(s3_store_secret_key)s
+diff --git a/glance/tests/functional/v2/test_images.py b/glance/tests/functional/v2/test_images.py
+index a309e64..4247434 100644
+--- a/glance/tests/functional/v2/test_images.py
++++ b/glance/tests/functional/v2/test_images.py
+@@ -451,6 +451,48 @@ class TestImages(functional.FunctionalTest):
+ 
+         self.stop_servers()
+ 
++    def test_image_size_cap(self):
++        self.api_server.image_size_cap = 128
++        self.start_servers(**self.__dict__.copy())
++        # create an image
++        path = self._url('/v2/images')
++        headers = self._headers({'content-type': 'application/json'})
++        data = jsonutils.dumps({'name': 'image-size-cap-test-image',
++                                'type': 'kernel', 'disk_format': 'aki',
++                                'container_format': 'aki'})
++        response = requests.post(path, headers=headers, data=data)
++        self.assertEqual(201, response.status_code)
++
++        image = jsonutils.loads(response.text)
++        image_id = image['id']
++
++        #try to populate it with oversized data
++        path = self._url('/v2/images/%s/file' % image_id)
++        headers = self._headers({'Content-Type': 'application/octet-stream'})
++
++        class StreamSim(object):
++            # Using a one-shot iterator to force chunked transfer in the PUT
++            # request
++            def __init__(self, size):
++                self.size = size
++
++            def __iter__(self):
++                yield 'Z' * self.size
++
++        response = requests.put(path, headers=headers, data=StreamSim(
++                                self.api_server.image_size_cap + 1))
++        self.assertEqual(413, response.status_code)
++
++        # hashlib.md5('Z'*129).hexdigest()
++        #     == '76522d28cb4418f12704dfa7acd6e7ee'
++        # If the image has this checksum, it means that the whole stream was
++        # accepted and written to the store, which should not be the case.
++        path = self._url('/v2/images/{0}'.format(image_id))
++        headers = self._headers({'content-type': 'application/json'})
++        response = requests.get(path, headers=headers)
++        image_checksum = jsonutils.loads(response.text).get('checksum')
++        self.assertNotEqual(image_checksum, '76522d28cb4418f12704dfa7acd6e7ee')
++
+     def test_permissions(self):
+         # Create an image that belongs to TENANT1
+         path = self._url('/v2/images')
+diff --git a/glance/tests/unit/test_store_image.py b/glance/tests/unit/test_store_image.py
+index eb8d333..424915b 100644
+--- a/glance/tests/unit/test_store_image.py
++++ b/glance/tests/unit/test_store_image.py
+@@ -119,8 +119,10 @@ class TestStoreImage(utils.BaseTestCase):
+ 
+         self.stubs.Set(unit_test_utils.FakeStoreAPI, 'get_from_backend',
+                        fake_get_from_backend)
+-
+-        self.assertEqual(image1.get_data().fd, 'ZZZ')
++        # This time, image1.get_data() returns the data wrapped in a
++        # LimitingReader|CooperativeReader pipeline, so peeking under
++        # the hood of those objects to get at the underlying string.
++        self.assertEqual(image1.get_data().data.fd, 'ZZZ')
+         image1.locations.pop(0)
+         self.assertEqual(len(image1.locations), 1)
+         image2.delete()
+diff --git a/glance/tests/unit/utils.py b/glance/tests/unit/utils.py
+index a43dea3..4186787 100644
+--- a/glance/tests/unit/utils.py
++++ b/glance/tests/unit/utils.py
+@@ -148,7 +148,10 @@ class FakeStoreAPI(object):
+             if image_id in location:
+                 raise exception.Duplicate()
+         if not size:
+-            size = len(data.fd)
++            # 'data' is a string wrapped in a LimitingReader|CooperativeReader
++            # pipeline, so peek under the hood of those objects to get at the
++            # string itself.
++            size = len(data.data.fd)
+         if (current_store_size + size) > store_max_size:
+             raise exception.StorageFull()
+         if context.user == USER2:
+-- 
+cgit v0.10.1
+
diff --git a/app-admin/glance/files/CVE-2014-0162-2013.2.3.patch b/app-admin/glance/files/CVE-2014-0162-2013.2.3.patch
deleted file mode 100644
index 782d54a37c4f..000000000000
--- a/app-admin/glance/files/CVE-2014-0162-2013.2.3.patch
+++ /dev/null
@@ -1,223 +0,0 @@
-From 13069a4017d36a549576a21ca3ec5b15c411effc Mon Sep 17 00:00:00 2001
-From: Zhi Yan Liu <zhiyanl@cn.ibm.com>
-Date: Sat, 29 Mar 2014 03:35:35 +0800
-Subject: [PATCH] To prevent remote code injection on Sheepdog store
-
-Change-Id: Iae92eaf9eb023f36a1bab7c20ea41c985f2bf51b
-Signed-off-by: Zhi Yan Liu <zhiyanl@cn.ibm.com>
----
- glance/store/sheepdog.py                 |   61 +++++++++++++++++-------------
- glance/tests/unit/test_sheepdog_store.py |    3 +-
- glance/tests/unit/test_store_location.py |   13 ++++---
- 3 files changed, 45 insertions(+), 32 deletions(-)
-
-diff --git a/glance/store/sheepdog.py b/glance/store/sheepdog.py
-index d10aea7..2f75441 100644
---- a/glance/store/sheepdog.py
-+++ b/glance/store/sheepdog.py
-@@ -25,6 +25,7 @@ from glance.common import exception
- from glance.openstack.common import excutils
- import glance.openstack.common.log as logging
- from glance.openstack.common import processutils
-+from glance.openstack.common import uuidutils
- import glance.store
- import glance.store.base
- import glance.store.location
-@@ -32,7 +33,7 @@ import glance.store.location
- 
- LOG = logging.getLogger(__name__)
- 
--DEFAULT_ADDR = 'localhost'
-+DEFAULT_ADDR = '127.0.0.1'
- DEFAULT_PORT = '7000'
- DEFAULT_CHUNKSIZE = 64  # in MiB
- 
-@@ -63,18 +64,14 @@ class SheepdogImage:
-         self.chunk_size = chunk_size
- 
-     def _run_command(self, command, data, *params):
--        cmd = ("collie vdi %(command)s -a %(addr)s -p %(port)s %(name)s "
--               "%(params)s" %
--               {"command": command,
--                "addr": self.addr,
--                "port": self.port,
--                "name": self.name,
--                "params": " ".join(map(str, params))})
-+        cmd = ["collie", "vdi"]
-+        cmd.extend(command)
-+        cmd.extend(["-a", self.addr, "-p", self.port, self.name])
-+        cmd.extend(params)
- 
-         try:
--            return processutils.execute(
--                cmd, process_input=data, shell=True)[0]
--        except processutils.ProcessExecutionError as exc:
-+            return processutils.execute(*cmd, process_input=data)[0]
-+        except (processutils.ProcessExecutionError, OSError) as exc:
-             LOG.error(exc)
-             raise glance.store.BackendException(exc)
- 
-@@ -84,7 +81,7 @@ class SheepdogImage:
- 
-         Sheepdog Usage: collie vdi list -r -a address -p port image
-         """
--        out = self._run_command("list -r", None)
-+        out = self._run_command(["list", "-r"], None)
-         return long(out.split(' ')[3])
- 
-     def read(self, offset, count):
-@@ -94,7 +91,7 @@ class SheepdogImage:
- 
-         Sheepdog Usage: collie vdi read -a address -p port image offset len
-         """
--        return self._run_command("read", None, str(offset), str(count))
-+        return self._run_command(["read"], None, str(offset), str(count))
- 
-     def write(self, data, offset, count):
-         """
-@@ -103,7 +100,7 @@ class SheepdogImage:
- 
-         Sheepdog Usage: collie vdi write -a address -p port image offset len
-         """
--        self._run_command("write", data, str(offset), str(count))
-+        self._run_command(["write"], data, str(offset), str(count))
- 
-     def create(self, size):
-         """
-@@ -111,7 +108,7 @@ class SheepdogImage:
- 
-         Sheepdog Usage: collie vdi create -a address -p port image size
-         """
--        self._run_command("create", None, str(size))
-+        self._run_command(["create"], None, str(size))
- 
-     def delete(self):
-         """
-@@ -119,7 +116,7 @@ class SheepdogImage:
- 
-         Sheepdog Usage: collie vdi delete -a address -p port image
-         """
--        self._run_command("delete", None)
-+        self._run_command(["delete"], None)
- 
-     def exist(self):
-         """
-@@ -127,7 +124,7 @@ class SheepdogImage:
- 
-         Sheepdog Usage: collie vdi list -r -a address -p port image
-         """
--        out = self._run_command("list -r", None)
-+        out = self._run_command(["list", "-r"], None)
-         if not out:
-             return False
-         else:
-@@ -138,7 +135,7 @@ class StoreLocation(glance.store.location.StoreLocation):
-     """
-     Class describing a Sheepdog URI. This is of the form:
- 
--        sheepdog://image
-+        sheepdog://image-id
- 
-     """
- 
-@@ -149,10 +146,14 @@ class StoreLocation(glance.store.location.StoreLocation):
-         return "sheepdog://%s" % self.image
- 
-     def parse_uri(self, uri):
--        if not uri.startswith('sheepdog://'):
--            raise exception.BadStoreUri(uri, "URI must start with %s://" %
--                                        'sheepdog')
--        self.image = uri[11:]
-+        valid_schema = 'sheepdog://'
-+        if not uri.startswith(valid_schema):
-+            raise exception.BadStoreUri(_("URI must start with %s://") %
-+                                        valid_schema)
-+        self.image = uri[len(valid_schema):]
-+        if not uuidutils.is_uuid_like(self.image):
-+            raise exception.BadStoreUri(_("URI must contains well-formated "
-+                                          "image id"))
- 
- 
- class ImageIterator(object):
-@@ -192,7 +193,7 @@ class Store(glance.store.base.Store):
- 
-         try:
-             self.chunk_size = CONF.sheepdog_store_chunk_size * 1024 * 1024
--            self.addr = CONF.sheepdog_store_address
-+            self.addr = CONF.sheepdog_store_address.strip()
-             self.port = CONF.sheepdog_store_port
-         except cfg.ConfigFileValueError as e:
-             reason = _("Error in store configuration: %s") % e
-@@ -200,10 +201,18 @@ class Store(glance.store.base.Store):
-             raise exception.BadStoreConfiguration(store_name='sheepdog',
-                                                   reason=reason)
- 
-+        if ' ' in self.addr:
-+            reason = (_("Invalid address configuration of sheepdog store: %s")
-+                      % self.addr)
-+            LOG.error(reason)
-+            raise exception.BadStoreConfiguration(store_name='sheepdog',
-+                                                  reason=reason)
-+
-         try:
--            processutils.execute("collie", shell=True)
--        except processutils.ProcessExecutionError as exc:
--            reason = _("Error in store configuration: %s") % exc
-+            cmd = ["collie", "vdi", "list", "-a", self.addr, "-p", self.port]
-+            processutils.execute(*cmd)
-+        except Exception as e:
-+            reason = _("Error in store configuration: %s") % e
-             LOG.error(reason)
-             raise exception.BadStoreConfiguration(store_name='sheepdog',
-                                                   reason=reason)
-diff --git a/glance/tests/unit/test_sheepdog_store.py b/glance/tests/unit/test_sheepdog_store.py
-index 8eef86b..bea7e29 100644
---- a/glance/tests/unit/test_sheepdog_store.py
-+++ b/glance/tests/unit/test_sheepdog_store.py
-@@ -57,4 +57,5 @@ class TestStore(base.StoreClearingUnitTest):
-                           'fake_image_id',
-                           utils.LimitingReader(StringIO.StringIO('xx'), 1),
-                           2)
--        self.assertEqual(called_commands, ['list -r', 'create', 'delete'])
-+        self.assertEqual([['list', '-r'], ['create'], ['delete']],
-+                         called_commands)
-diff --git a/glance/tests/unit/test_store_location.py b/glance/tests/unit/test_store_location.py
-index 7eec171..2464ebb 100644
---- a/glance/tests/unit/test_store_location.py
-+++ b/glance/tests/unit/test_store_location.py
-@@ -52,7 +52,7 @@ class TestStoreLocation(base.StoreClearingUnitTest):
-             'rbd://imagename',
-             'rbd://fsid/pool/image/snap',
-             'rbd://%2F/%2F/%2F/%2F',
--            'sheepdog://imagename',
-+            'sheepdog://244e75f1-9c69-4167-9db7-1aa7d1973f6c',
-             'cinder://12345678-9012-3455-6789-012345678901',
-         ]
- 
-@@ -367,15 +367,18 @@ class TestStoreLocation(base.StoreClearingUnitTest):
-         """
-         Test the specific StoreLocation for the Sheepdog store
-         """
--        uri = 'sheepdog://imagename'
-+        uri = 'sheepdog://244e75f1-9c69-4167-9db7-1aa7d1973f6c'
-         loc = glance.store.sheepdog.StoreLocation({})
-         loc.parse_uri(uri)
--        self.assertEqual('imagename', loc.image)
-+        self.assertEqual('244e75f1-9c69-4167-9db7-1aa7d1973f6c', loc.image)
- 
--        bad_uri = 'sheepdog:/image'
-+        bad_uri = 'sheepdog:/244e75f1-9c69-4167-9db7-1aa7d1973f6c'
-         self.assertRaises(exception.BadStoreUri, loc.parse_uri, bad_uri)
- 
--        bad_uri = 'http://image'
-+        bad_uri = 'http://244e75f1-9c69-4167-9db7-1aa7d1973f6c'
-+        self.assertRaises(exception.BadStoreUri, loc.parse_uri, bad_uri)
-+
-+        bad_uri = 'image; name'
-         self.assertRaises(exception.BadStoreUri, loc.parse_uri, bad_uri)
- 
-     def test_cinder_store_good_location(self):
--- 
-1.7.9.5
-
-
diff --git a/app-admin/glance/glance-2014.1.1.ebuild b/app-admin/glance/glance-2014.1.2.ebuild
index 0c4736822bae..db48778b1624 100644
--- a/app-admin/glance/glance-2014.1.1.ebuild
+++ b/app-admin/glance/glance-2014.1.2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/glance-2014.1.1.ebuild,v 1.3 2014/07/26 23:15:35 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/glance-2014.1.2.ebuild,v 1.1 2014/08/21 20:40:15 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -89,7 +89,8 @@ RDEPEND=">=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
 		>=dev-python/oslo-messaging-1.3.0[${PYTHON_USEDEP}]
 		dev-python/oslo-vmware[${PYTHON_USEDEP}] "
 
-PATCHES=( "${FILESDIR}"/${PN}-2013.2-sphinx_mapping.patch )
+PATCHES=( "${FILESDIR}/${PN}-2013.2-sphinx_mapping.patch" )
+PATCHES=( "${FILESDIR}/2014.1.2-CVE-2014-5356.patch" )
 
 pkg_setup() {
 	enewgroup glance
author	Matt Thode <prometheanfire@gentoo.org>	2014-08-21 20:40:22 +0000
committer	Matt Thode <prometheanfire@gentoo.org>	2014-08-21 20:40:22 +0000
commit	64008d56e56b3b54bfb1108db7822323307d146e (patch)
tree	79dc4bcc46e1711a17d5ac23103f4e875be62f22 /app-admin
parent	bumped EAPI to 5; committed directly to stable as no other changes present an... (diff)
download	historical-64008d56e56b3b54bfb1108db7822323307d146e.tar.gz historical-64008d56e56b3b54bfb1108db7822323307d146e.tar.bz2 historical-64008d56e56b3b54bfb1108db7822323307d146e.zip