lp://staging/ubuntu/raring-security/glance

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1235378: [OSSA 2013-027] 'image_download' role in v2 causes traceback

Undecided

Fix Committed

Link a bug report

Related blueprints

71. By Jamie Strandboge on 2013-10-22

* SECURITY UPDATE: enforce 'download_image' policy in cache middleware
  - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
    download_image. Ie, return 403 rather than empty content (LP: #1235378)
  - CVE-2013-4428

70. By Chuck Short on 2013-04-04

* New upstream release.
* debian/patches/fix-ubuntu-testing.patch: Dropped no longer needed.

69. By Chuck Short on 2013-03-22

debian/patches/fix-ubuntu-tests.patch: Add configuration change
to allow testsuite to finish on Ubuntu buildds. (LP: #1158247)

68. By Chuck Short on 2013-03-20

[ James Page ]
* d/watch: Update uversionmangle to deal with upstream versioning
  changes, remove tarballs.openstack.org.

[ Chuck Short ]
* New upstrem release
* debian/control: Clean up build-dependencies:
  - Drop python-argparse referenced in pydist-overrides
  - Drop python-swift no longer needed.
  - Drop python-dateutils no longer needed.
  - Drop python-glacneclient no longer needed.
  - Added python-anyjson to build-depends.
  - Use python-keystoneclient instead of python-keystone.
  - Added python-lxml to build-depends.
  - Added python-swiftclientto build-depends.
  - Added python-passlib to build-depends.
* debian/rules: Set the PYTHONPATH for the tests.

67. By Chuck Short on 2013-02-22

[ James Page ]
* d/control: Add python-fixtures and python-testtools to BD's.
* d/control: Drop Vcs-* fields as they are no longer relevant.

[ Chuck Short ]
* New usptream release
* debian/control: Add python-oslo-config.
* debian/rules: Use python setup.py tests to run the tests.
* debian/patches/fix-nosetests-path.patch: Specify the path to glance/tests
  so we dont get errors when trying to run the testsuite.

66. By Jamie Strandboge on 2013-01-30

* SECURITY UPDATE: information disclosure via swift error messages
  - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
    mot show URLs and credentials in error messages and log output
  - CVE-2013-0212

65. By Chuck Short on 2013-01-11

[ James Page ]
* New upstream release.
* Re-enable gating of package build based on unit test success:
  - d/rules: Enable build failure on unit testing failure, scope
    test execution to glance/tests.
* Switched upstart configurations to use start-stop-daemon instead of su.
* General package tidy:
  - d/control: Drop glance-client package.
  - d/control: Drop BD on python-dev-all.
  - Wrapped and sorted.

[ Adam Gandelman ]
* debian/*.manpages: Install Sphinx-generated manpages for binaries
  installed by glance-common, glance-registry, and glance-api.

[ Yolanda Robla Mota ]
* Updated package version

64. By Chuck Short on 2012-11-23

[ Adam Gandelman ]
* debian/patches/*: Refreshed for opening of Grizzly.

[ Chuck Short ]
* debian/glance-client.install: Dropped
* New upstream version
* debian/rules: FTBFS if there are missing binaries
* debian/glance-registry.install: Add glance-replicator
* debian/patches/disable-swift-tests.patch: Dropped.

63. By Jamie Strandboge on 2012-11-09

* SECURITY UPDATE: deletion of arbitrary public and shared images via
  authenticated user
  - debian/patches/CVE-2012-4573b.patch: previous patch was incomplete.
    Make corresponding change to glance/api/v2/images.py
  - CVE-2012-4573
* debian/control: add Build-Depends-Indep on python-chardet. This is needed
  by python-requests to do encoding detection which otherwise fails in the
  new tests introduced in CVE-2012-4573b.patch.

62. By Jamie Strandboge on 2012-11-08

* SECURITY UPDATE: deletion of arbitrary public and shared images via
  authenticated user
  - debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
    ensure image is owned by user before delayed_deletion
  - CVE-2012-4573
* debian/patches/fakeauth-not-always-admin.patch: add required testsuite
  patch in support of the testsuite changes in CVE-2012-4573.patch