stable/essex horizon installs unusable version of glance

Bug #1057125 reported by Brian Waldon
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Invalid
Undecided
Brian Waldon
Essex
Fix Released
Critical
Brian Waldon
horizon (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned

Bug Description

The pip-requires file installs the master version of glance, not the stable/essex version. Horizon needs the glance available in stable/essex glance which has been removed in master.

Related branches

CVE References

Brian Waldon (bcwaldon)
Changed in horizon:
assignee: nobody → Brian Waldon (bcwaldon)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (stable/essex)

Fix proposed to branch: stable/essex
Review: https://review.openstack.org/13727

Revision history for this message
Brian Waldon (bcwaldon) wrote :
Revision history for this message
Gabriel Hurley (gabriel-hurley) wrote :

Targeting to essex series

Revision history for this message
Gabriel Hurley (gabriel-hurley) wrote :

Closing this for master since it's an essex issue. It's correctly targeted now.

Changed in horizon:
status: In Progress → Invalid
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (stable/essex)

Reviewed: https://review.openstack.org/13727
Committed: http://github.com/openstack/horizon/commit/7e651d770e187d16393abce699a76a99f977f6f0
Submitter: Jenkins
Branch: stable/essex

commit 7e651d770e187d16393abce699a76a99f977f6f0
Author: Brian Waldon <email address hidden>
Date: Wed Sep 26 12:54:33 2012 -0700

    Use glance stable/essex rather than master

    The pip-requires file should explicitly install stable/essex
    glance rather than master. The dependency on glance's client is
    broken if horizon tries to use glance master.

    Fixes bug 1057125

    Change-Id: I770e5e5e854141200307ddd33b1998000fbe57b5

Changed in horizon (Ubuntu):
status: New → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

xception, but this bug is linked from the SRU changelog and would require direct verification. Please either complete the bug description with a test case for this bug, or re-upload without a reference in the changelog.

Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Brian, or anyone else affected,

Accepted horizon into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/horizon/2012.1.3+stable-20130423-5ce39422-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in horizon (Ubuntu Precise):
status: New → Fix Committed
tags: added: verification-needed
Revision history for this message
Yolanda Robla (yolanda.robla) wrote : Verification report.

Please find the attached test log from the Ubuntu Server Team's CI infrastructure. As part of the verification process for this bug, Horizon has been deployed and configured across multiple nodes using precise-proposed as an installation source. After successful bring-up and configuration of the cluster, a number of exercises and smoke tests have be invoked to ensure the updated package did not introduce any regressions. A number of test iterations were carried out to catch any possible transient errors.

Please Note the list of installed packages at the top and bottom of the report.

For records of upstream test coverage of this update, please see the Jenkins links in the comments of the relevant upstream code-review(s):

Stable review: https://review.openstack.org/13727

As per the provisional Micro Release Exception granted to this package by the Technical Board, we hope this contributes toward verification of this update.

Revision history for this message
Yolanda Robla (yolanda.robla) wrote :

Test coverage log.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Scott Kitterman (kitterman) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 2012.1.3+stable-20130423-5ce39422-0ubuntu1

---------------
horizon (2012.1.3+stable-20130423-5ce39422-0ubuntu1) precise-proposed; urgency=low

  * Resynchronize with stable/essex (LP: #1089488)
    - [7e651d7] stable/essex horizon installs unusable version of glance
      (LP: #1057125)
    - [35eada8] open redirect / phishing attack via "next" parameter
      (LP: #1039077)
    - [8889311] TypeError when trying to delete an unnamed volume via dashboard
      (LP: #1031291)
    - [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
    - [9b22d68] When adding ICMP rule, the type/code is being validated as
      from/to ports (LP: #997669)
    - [52bbba1] Added --only-selenium option in run_tests.sh
  * Dropped patches, superseeded by new snapshot:
    - debian/patches/CVE-2012-3540.patch [35eada8]
 -- Yolanda <email address hidden> Wed, 24 Apr 2013 15:46:28 +0200

Changed in horizon (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.