diff options
author | Matthew Thode <prometheanfire@gentoo.org> | 2014-10-11 22:25:23 +0000 |
---|---|---|
committer | Matthew Thode <prometheanfire@gentoo.org> | 2014-10-11 22:25:23 +0000 |
commit | 7796db1e158e4aa6db79ada18869da54c8d221ac (patch) | |
tree | d012885c3ffb8ce030b619e47d97d6049f7db924 /app-admin | |
parent | add ebuild for doublex—dependence for fig (diff) | |
download | gentoo-2-7796db1e158e4aa6db79ada18869da54c8d221ac.tar.gz gentoo-2-7796db1e158e4aa6db79ada18869da54c8d221ac.tar.bz2 gentoo-2-7796db1e158e4aa6db79ada18869da54c8d221ac.zip |
bup
(Portage version: 2.2.8-r2/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
Diffstat (limited to 'app-admin')
-rw-r--r-- | app-admin/glance/ChangeLog | 9 | ||||
-rw-r--r-- | app-admin/glance/files/2014.1.2-CVE-2014-5356.patch | 175 | ||||
-rw-r--r-- | app-admin/glance/glance-2014.1.3.ebuild | 141 | ||||
-rw-r--r-- | app-admin/glance/glance-2014.1.9999.ebuild | 8 |
4 files changed, 154 insertions, 179 deletions
diff --git a/app-admin/glance/ChangeLog b/app-admin/glance/ChangeLog index b71c0864c065..2a69f914835c 100644 --- a/app-admin/glance/ChangeLog +++ b/app-admin/glance/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for app-admin/glance # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/ChangeLog,v 1.48 2014/08/21 20:40:15 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/ChangeLog,v 1.49 2014/10/11 22:25:23 prometheanfire Exp $ + +*glance-2014.1.3 (11 Oct 2014) + + 11 Oct 2014; Matthew Thode <prometheanfire@gentoo.org> + +glance-2014.1.3.ebuild, -files/2014.1.2-CVE-2014-5356.patch, + glance-2014.1.9999.ebuild: + bup *glance-2014.1.2 (21 Aug 2014) diff --git a/app-admin/glance/files/2014.1.2-CVE-2014-5356.patch b/app-admin/glance/files/2014.1.2-CVE-2014-5356.patch deleted file mode 100644 index 1d64ad882381..000000000000 --- a/app-admin/glance/files/2014.1.2-CVE-2014-5356.patch +++ /dev/null @@ -1,175 +0,0 @@ -From 31a4d1852a0c27bac5757c192f300f051229a312 Mon Sep 17 00:00:00 2001 -From: Tom Leaman <thomas.leaman@hp.com> -Date: Fri, 2 May 2014 10:09:20 +0000 -Subject: Enforce image_size_cap on v2 upload - -image_size_cap should be checked and enforced on upload - -Enforcement is in two places: -- on image metadata save -- during image save to backend store - -(cherry picked from commit 92ab00fca6926eaf3f7f92a955a5e07140063718) -Conflicts: - glance/location.py - glance/tests/functional/v2/test_images.py - -Closes-Bug: 1315321 -Change-Id: I45bfb360703617bc394e9e27fe17adf43b09c0e1 -Co-Author: Manuel Desbonnet <manuel.desbonnet@hp.com> - -diff --git a/glance/db/__init__.py b/glance/db/__init__.py -index a6e804c..a59447d 100644 ---- a/glance/db/__init__.py -+++ b/glance/db/__init__.py -@@ -27,6 +27,7 @@ from glance.openstack.common import importutils - - - CONF = cfg.CONF -+CONF.import_opt('image_size_cap', 'glance.common.config') - CONF.import_opt('metadata_encryption_key', 'glance.common.config') - - -@@ -150,6 +151,8 @@ class ImageRepo(object): - - def add(self, image): - image_values = self._format_image_to_db(image) -+ if image_values['size'] > CONF.image_size_cap: -+ raise exception.ImageSizeLimitExceeded - # the updated_at value is not set in the _format_image_to_db - # function since it is specific to image create - image_values['updated_at'] = image.updated_at -@@ -161,6 +164,8 @@ class ImageRepo(object): - - def save(self, image): - image_values = self._format_image_to_db(image) -+ if image_values['size'] > CONF.image_size_cap: -+ raise exception.ImageSizeLimitExceeded - try: - new_values = self.db_api.image_update(self.context, - image.image_id, -diff --git a/glance/store/__init__.py b/glance/store/__init__.py -index 33a67d6..273b7c7 100644 ---- a/glance/store/__init__.py -+++ b/glance/store/__init__.py -@@ -721,7 +721,10 @@ class ImageProxy(glance.domain.proxy.Image): - size = 0 # NOTE(markwash): zero -> unknown size - location, size, checksum, loc_meta = self.store_api.add_to_backend( - self.context, CONF.default_store, -- self.image.image_id, utils.CooperativeReader(data), size) -+ self.image.image_id, -+ utils.LimitingReader(utils.CooperativeReader(data), -+ CONF.image_size_cap), -+ size) - self.image.locations = [{'url': location, 'metadata': loc_meta}] - self.image.size = size - self.image.checksum = checksum -diff --git a/glance/tests/functional/__init__.py b/glance/tests/functional/__init__.py -index 537a42f..2f116f0 100644 ---- a/glance/tests/functional/__init__.py -+++ b/glance/tests/functional/__init__.py -@@ -280,6 +280,7 @@ class ApiServer(Server): - self.pid_file = pid_file or os.path.join(self.test_dir, "api.pid") - self.scrubber_datadir = os.path.join(self.test_dir, "scrubber") - self.log_file = os.path.join(self.test_dir, "api.log") -+ self.image_size_cap = 1099511627776 - self.s3_store_host = "s3.amazonaws.com" - self.s3_store_access_key = "" - self.s3_store_secret_key = "" -@@ -341,6 +342,7 @@ metadata_encryption_key = %(metadata_encryption_key)s - registry_host = 127.0.0.1 - registry_port = %(registry_port)s - log_file = %(log_file)s -+image_size_cap = %(image_size_cap)d - s3_store_host = %(s3_store_host)s - s3_store_access_key = %(s3_store_access_key)s - s3_store_secret_key = %(s3_store_secret_key)s -diff --git a/glance/tests/functional/v2/test_images.py b/glance/tests/functional/v2/test_images.py -index a309e64..4247434 100644 ---- a/glance/tests/functional/v2/test_images.py -+++ b/glance/tests/functional/v2/test_images.py -@@ -451,6 +451,48 @@ class TestImages(functional.FunctionalTest): - - self.stop_servers() - -+ def test_image_size_cap(self): -+ self.api_server.image_size_cap = 128 -+ self.start_servers(**self.__dict__.copy()) -+ # create an image -+ path = self._url('/v2/images') -+ headers = self._headers({'content-type': 'application/json'}) -+ data = jsonutils.dumps({'name': 'image-size-cap-test-image', -+ 'type': 'kernel', 'disk_format': 'aki', -+ 'container_format': 'aki'}) -+ response = requests.post(path, headers=headers, data=data) -+ self.assertEqual(201, response.status_code) -+ -+ image = jsonutils.loads(response.text) -+ image_id = image['id'] -+ -+ #try to populate it with oversized data -+ path = self._url('/v2/images/%s/file' % image_id) -+ headers = self._headers({'Content-Type': 'application/octet-stream'}) -+ -+ class StreamSim(object): -+ # Using a one-shot iterator to force chunked transfer in the PUT -+ # request -+ def __init__(self, size): -+ self.size = size -+ -+ def __iter__(self): -+ yield 'Z' * self.size -+ -+ response = requests.put(path, headers=headers, data=StreamSim( -+ self.api_server.image_size_cap + 1)) -+ self.assertEqual(413, response.status_code) -+ -+ # hashlib.md5('Z'*129).hexdigest() -+ # == '76522d28cb4418f12704dfa7acd6e7ee' -+ # If the image has this checksum, it means that the whole stream was -+ # accepted and written to the store, which should not be the case. -+ path = self._url('/v2/images/{0}'.format(image_id)) -+ headers = self._headers({'content-type': 'application/json'}) -+ response = requests.get(path, headers=headers) -+ image_checksum = jsonutils.loads(response.text).get('checksum') -+ self.assertNotEqual(image_checksum, '76522d28cb4418f12704dfa7acd6e7ee') -+ - def test_permissions(self): - # Create an image that belongs to TENANT1 - path = self._url('/v2/images') -diff --git a/glance/tests/unit/test_store_image.py b/glance/tests/unit/test_store_image.py -index eb8d333..424915b 100644 ---- a/glance/tests/unit/test_store_image.py -+++ b/glance/tests/unit/test_store_image.py -@@ -119,8 +119,10 @@ class TestStoreImage(utils.BaseTestCase): - - self.stubs.Set(unit_test_utils.FakeStoreAPI, 'get_from_backend', - fake_get_from_backend) -- -- self.assertEqual(image1.get_data().fd, 'ZZZ') -+ # This time, image1.get_data() returns the data wrapped in a -+ # LimitingReader|CooperativeReader pipeline, so peeking under -+ # the hood of those objects to get at the underlying string. -+ self.assertEqual(image1.get_data().data.fd, 'ZZZ') - image1.locations.pop(0) - self.assertEqual(len(image1.locations), 1) - image2.delete() -diff --git a/glance/tests/unit/utils.py b/glance/tests/unit/utils.py -index a43dea3..4186787 100644 ---- a/glance/tests/unit/utils.py -+++ b/glance/tests/unit/utils.py -@@ -148,7 +148,10 @@ class FakeStoreAPI(object): - if image_id in location: - raise exception.Duplicate() - if not size: -- size = len(data.fd) -+ # 'data' is a string wrapped in a LimitingReader|CooperativeReader -+ # pipeline, so peek under the hood of those objects to get at the -+ # string itself. -+ size = len(data.data.fd) - if (current_store_size + size) > store_max_size: - raise exception.StorageFull() - if context.user == USER2: --- -cgit v0.10.1 - diff --git a/app-admin/glance/glance-2014.1.3.ebuild b/app-admin/glance/glance-2014.1.3.ebuild new file mode 100644 index 000000000000..77c5d695d119 --- /dev/null +++ b/app-admin/glance/glance-2014.1.3.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/glance-2014.1.3.ebuild,v 1.1 2014/10/11 22:25:23 prometheanfire Exp $ + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit distutils-r1 user + +DESCRIPTION="Provides services for discovering, registering, and retrieving +virtual machine images with Openstack" +HOMEPAGE="https://launchpad.net/glance" +SRC_URI="http://launchpad.net/${PN}/icehouse/${PV}/+download/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="doc mysql postgres +sqlite +swift test" +REQUIRED_USE="|| ( mysql postgres sqlite )" + +DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] + >=dev-python/pbr-0.6.0[${PYTHON_USEDEP}] + <dev-python/pbr-1.0[${PYTHON_USEDEP}] + test? ( >=dev-python/hacking-0.8.0[${PYTHON_USEDEP}] + <dev-python/hacking-0.9[${PYTHON_USEDEP}] + >=dev-python/Babel-1.3[${PYTHON_USEDEP}] + >=dev-python/coverage-3.6[${PYTHON_USEDEP}] + >=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}] + >=dev-python/mock-1.0[${PYTHON_USEDEP}] + >=dev-python/mox-0.5.3[${PYTHON_USEDEP}] + >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] + <dev-python/sphinx-1.1.9999[${PYTHON_USEDEP}] + >=dev-python/requests-1.1[${PYTHON_USEDEP}] + >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}] + >=dev-python/testtools-0.9.34[${PYTHON_USEDEP}] + >=dev-python/psutil-1.1.1[${PYTHON_USEDEP}] + dev-python/mysql-python[${PYTHON_USEDEP}] + dev-python/psycopg[${PYTHON_USEDEP}] + ~dev-python/pysendfile-2.0.0[${PYTHON_USEDEP}] + dev-python/qpid-python[${PYTHON_USEDEP}] + >=dev-python/pyxattr-0.5.0[${PYTHON_USEDEP}] + dev-python/oslo-sphinx[${PYTHON_USEDEP}] )" + +#note to self, wsgiref is a python builtin, no need to package it +#>=dev-python/wsgiref-0.1.2[${PYTHON_USEDEP}] + +RDEPEND=">=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] + sqlite? ( + >=dev-python/sqlalchemy-0.8.0[sqlite,${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-0.9.5[sqlite,${PYTHON_USEDEP}] + <=dev-python/sqlalchemy-0.9.99[sqlite,${PYTHON_USEDEP}] + ) + mysql? ( + dev-python/mysql-python + >=dev-python/sqlalchemy-0.8.0[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-0.9.5[${PYTHON_USEDEP}] + <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}] + ) + postgres? ( + dev-python/psycopg:2 + >=dev-python/sqlalchemy-0.8.0[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-0.9.5[${PYTHON_USEDEP}] + <=dev-python/sqlalchemy-0.9.99[${PYTHON_USEDEP}] + ) + >=dev-python/anyjson-0.3.3[${PYTHON_USEDEP}] + >=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}] + >=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}] + >=dev-python/routes-1.12.3[${PYTHON_USEDEP}] + !~dev-python/routes-2.0[${PYTHON_USEDEP}] + >=dev-python/webob-1.2.3[${PYTHON_USEDEP}] + >=dev-python/boto-2.12.0[${PYTHON_USEDEP}] + !~dev-python/boto-2.13.0[${PYTHON_USEDEP}] + >=dev-python/sqlalchemy-migrate-0.9[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-migrate-0.9.2[${PYTHON_USEDEP}] + >=dev-python/httplib2-0.7.5[${PYTHON_USEDEP}] + >=dev-python/kombu-2.4.8[${PYTHON_USEDEP}] + >=dev-python/pycrypto-2.6[${PYTHON_USEDEP}] + >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}] + >=dev-python/oslo-config-1.2.1[${PYTHON_USEDEP}] + >=dev-python/stevedore-0.14[${PYTHON_USEDEP}] + swift? ( + >=dev-python/python-swiftclient-1.6[${PYTHON_USEDEP}] + ) + dev-python/paste[${PYTHON_USEDEP}] + >=dev-python/jsonschema-2.0.0[${PYTHON_USEDEP}] + <dev-python/jsonschema-3.0.0[${PYTHON_USEDEP}] + >=dev-python/python-cinderclient-1.0.6[${PYTHON_USEDEP}] + >=dev-python/python-keystoneclient-0.7.0[${PYTHON_USEDEP}] + >=dev-python/pyopenssl-0.11[${PYTHON_USEDEP}] + >=dev-python/six-1.6.0[${PYTHON_USEDEP}] + >=dev-python/oslo-messaging-1.3.0[${PYTHON_USEDEP}] + >=dev-python/oslo-vmware-0.2[${PYTHON_USEDEP}]" + +PATCHES=( "${FILESDIR}/${PN}-2013.2-sphinx_mapping.patch" ) + +pkg_setup() { + enewgroup glance + enewuser glance -1 -1 /var/lib/glance glance +} + +python_compile_all() { + use doc && "${PYTHON}" setup.py build_sphinx +} + +python_test() { + # https://bugs.launchpad.net/glance/+bug/1251105 + # https://bugs.launchpad.net/glance/+bug/1242501 + nosetests glance/ || die "tests failed under python2.7" +} + +python_install() { + distutils-r1_python_install + + for svc in api registry scrubber; do + newinitd "${FILESDIR}/glance.initd" glance-${svc} + done + + diropts -m 0750 -o glance -g glance + dodir /var/log/glance /var/lib/glance/images /var/lib/glance/scrubber + keepdir /etc/glance + keepdir /var/log/glance + keepdir /var/lib/glance/images + keepdir /var/lib/glance/scrubber + + insinto /etc/glance + insopts -m 0640 -o glance -g glance + doins "etc/glance-api-paste.ini" + doins "etc/glance-api.conf" + doins "etc/glance-cache.conf" + doins "etc/glance-registry-paste.ini" + doins "etc/glance-registry.conf" + doins "etc/glance-scrubber.conf" + doins "etc/logging.cnf.sample" + doins "etc/policy.json" + doins "etc/schema-image.json" +} + +python_install_all() { + use doc && local HTML_DOCS=( doc/build/html/. ) + distutils-r1_python_install_all +} diff --git a/app-admin/glance/glance-2014.1.9999.ebuild b/app-admin/glance/glance-2014.1.9999.ebuild index acfa5225cc29..801970a61487 100644 --- a/app-admin/glance/glance-2014.1.9999.ebuild +++ b/app-admin/glance/glance-2014.1.9999.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/glance-2014.1.9999.ebuild,v 1.4 2014/07/26 23:15:35 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/glance/glance-2014.1.9999.ebuild,v 1.5 2014/10/11 22:25:23 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -30,7 +30,7 @@ DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] >=dev-python/mock-1.0[${PYTHON_USEDEP}] >=dev-python/mox-0.5.3[${PYTHON_USEDEP}] >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] - <dev-python/sphinx-1.2[${PYTHON_USEDEP}] + <dev-python/sphinx-1.1.9999[${PYTHON_USEDEP}] >=dev-python/requests-1.1[${PYTHON_USEDEP}] >=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}] >=dev-python/testtools-0.9.34[${PYTHON_USEDEP}] @@ -67,10 +67,12 @@ RDEPEND=">=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] >=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}] >=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}] >=dev-python/routes-1.12.3[${PYTHON_USEDEP}] + !~dev-python/routes-2.0[${PYTHON_USEDEP}] >=dev-python/webob-1.2.3[${PYTHON_USEDEP}] >=dev-python/boto-2.12.0[${PYTHON_USEDEP}] !~dev-python/boto-2.13.0[${PYTHON_USEDEP}] >=dev-python/sqlalchemy-migrate-0.9[${PYTHON_USEDEP}] + !~dev-python/sqlalchemy-migrate-0.9.2[${PYTHON_USEDEP}] >=dev-python/httplib2-0.7.5[${PYTHON_USEDEP}] >=dev-python/kombu-2.4.8[${PYTHON_USEDEP}] >=dev-python/pycrypto-2.6[${PYTHON_USEDEP}] @@ -90,7 +92,7 @@ RDEPEND=">=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}] >=dev-python/oslo-messaging-1.3.0[${PYTHON_USEDEP}] >=dev-python/oslo-vmware-0.2[${PYTHON_USEDEP}]" -PATCHES=( "${FILESDIR}"/${PN}-2013.2-sphinx_mapping.patch ) +PATCHES=( "${FILESDIR}/${PN}-2013.2-sphinx_mapping.patch" ) pkg_setup() { enewgroup glance |