Branches for Quantal

Author: Adam Gandelman
Revision Date: 2013-04-25 17:39:57 UTC

[ Adam Gandelman ]
* Dropped patches, applied upstream:
  - debian/patches/CVE-2013-1840.patch: [dd849a9]
* Resynchronize with stable/folsom (dbd3d3d7) (LP: #1179707):
  - [cfaa2d8] repeated deletion on image member does not result in 404
    LP: 1157427
  - [5b4d21d] glance-cache-prefetcher explodes when no auth parameters were
    configured LP: 1157765
  - [dd849a9] v1 api returns location as header for cached images LP: 1135541
  - [04f88c8] 500 error returned when an Admin tries to delete membership of
    image from a non-existent /invalid tenant LP: 1060868
  - [5597697] Fragile Test:
    glance.tests.functional.test_bin_glance:TestBinGlance.test_update_copying_from
    LP: 1107768
  - [5183360] filesystem store does not clean up after premature termination
    of image upload LP: 1104924
  - [03dc862] mismatched image size or checksum leaves behind dangling image
    data LP: 1122299
  - [12d28c3] UserWarning on deprecation of legacy glance client inappropriate
    for internal usage LP: 1129445
  - [afe6166] 'glance-cache-manage list-cached' does not show 'last accessed'
    and 'last modified' fields in human-readable format' LP: 1102334
  - [ee13560] Fix broken JSON schemas in v2 tests

[ Chuck Short ]
* debian/patches/disable-swift-tests.patch: Refreshed.

Author: Jamie Strandboge
Revision Date: 2013-10-22 13:42:27 UTC

* SECURITY UPDATE: enforce 'download_image' policy in cache middleware
  - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
    download_image. Ie, return 403 rather than empty content (LP: #1235378)
  - CVE-2013-4428

Author: Jamie Strandboge
Revision Date: 2013-10-22 13:42:27 UTC

* SECURITY UPDATE: enforce 'download_image' policy in cache middleware
  - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
    download_image. Ie, return 403 rather than empty content (LP: #1235378)
  - CVE-2013-4428

Author: Adam Gandelman
Revision Date: 2012-11-30 23:27:31 UTC

* Dropped patches, applied upstream:
  - debian/patches/CVE-2012-4573.patch
  - debian/patches/CVE-2012-4573b.patch
* Resynchronize with stable/folsom (199783ce) (LP: #1085255):
  - [49408e9] Glance image-delete HTTPInternalServerError HTTP 500
    (LP: #1075580)
  - [91aaa48] Image fails to upload to swift: TypeError: object of type
    'CooperativeReader' has no len( (LP: #1057322)
  - [a296a5b] Return 403 when admin deletes a deleted image (LP: #1060944)
  - [3e58a6a] Disallow updating deleted images. (LP: #1060930)
  - [26c8085] admins can see deleted images in v2 api (LP: #1071446)
  - [8321ca6] No exclude option to skip tests in run_tests.sh (LP: #1065758)
  - [c3bea11] Badly named stable/folsom Glance tarballs (LP: #1059634)
  - [fc0ee76] Non-admin users can cause public glance images to be deleted
    from the backend storage repository in the v2 api (LP: #1076506)
  - [90bcdc5] Non-admin users can cause public glance images to be deleted
    from the backend storage repository (LP: #1065187)
  - [7841cc9] FakeAuth not always admin
  - [ddad275] Jenkins jobs fail because of incompatibility between sqlalchemy-
    migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  - [1d5c651] nosetest options cause no such option errors (LP: #1056420)
  - [ac223e2] Set defaultbranch in .gitreview to stable/folsom
* SECURITY UPDATE: deletion of arbitrary public and shared images via
  authenticated user
  - debian/patches/CVE-2012-4573b.patch: previous patch was incomplete.
    Make corresponding change to glance/api/v2/images.py
  - CVE-2012-4573
* debian/control: add Build-Depends-Indep on python-chardet. This is needed
  by python-requests to do encoding detection which otherwise fails in the
  new tests introduced in CVE-2012-4573b.patch.
* SECURITY UPDATE: deletion of arbitrary public and shared images via
  authenticated user
  - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
    ensure image is owned by user before delayed_deletion
  - CVE-2012-4573
* debian/patches/fakeauth-not-always-admin.patch: add required testsuite
  patch in support of the testsuite changes in CVE-2012-4573.patch

Author: Adam Gandelman
Revision Date: 2013-02-05 22:04:53 UTC

Fix non-Ubuntu bug references.

Author: Adam Gandelman
Revision Date: 2013-04-26 01:02:08 UTC

* Dropped patches, applied upstream:
  - debian/patches/CVE-2013-1840.patch: [dd849a9]
* Resynchronize with stable/folsom (dbd3d3d7):
  - [cfaa2d8] repeated deletion on image member does not result in 404
    LP: 1157427
  - [5b4d21d] glance-cache-prefetcher explodes when no auth parameters were
    configured LP: 1157765
  - [dd849a9] v1 api returns location as header for cached images LP: 1135541
  - [04f88c8] 500 error returned when an Admin tries to delete membership of
    image from a non-existent /invalid tenant LP: 1060868
  - [5597697] Fragile Test:
    glance.tests.functional.test_bin_glance:TestBinGlance.test_update_copying_from
    LP: 1107768
  - [5183360] filesystem store does not clean up after premature termination
    of image upload LP: 1104924
  - [03dc862] mismatched image size or checksum leaves behind dangling image
    data LP: 1122299
  - [12d28c3] UserWarning on deprecation of legacy glance client inappropriate
    for internal usage LP: 1129445
  - [afe6166] 'glance-cache-manage list-cached' does not show 'last accessed'
    and 'last modified' fields in human-readable format' LP: 1102334
  - [ee13560] Fix broken JSON schemas in v2 tests

Author: James Page
Revision Date: 2012-10-12 15:43:54 UTC

* Glance should suggest python-ceph, not ceph-common (LP: #1065903):
  - debian/control: glance Suggests: ceph-common -> python-ceph.