-
glance (2012.2.4-0ubuntu1.1) quantal-security; urgency=low
* SECURITY UPDATE: enforce 'download_image' policy in cache middleware
- debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
download_image. Ie, return 403 rather than empty content (LP: #1235378)
- CVE-2013-4428
-- Jamie Strandboge <email address hidden> Tue, 22 Oct 2013 13:42:27 -0500
-
glance (2012.2.4-0ubuntu1) quantal-proposed; urgency=low
[ Adam Gandelman ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2013-1840.patch: [dd849a9]
* Resynchronize with stable/folsom (dbd3d3d7) (LP: #1179707):
- [cfaa2d8] repeated deletion on image member does not result in 404
LP: 1157427
- [5b4d21d] glance-cache-prefetcher explodes when no auth parameters were
configured LP: 1157765
- [dd849a9] v1 api returns location as header for cached images LP: 1135541
- [04f88c8] 500 error returned when an Admin tries to delete membership of
image from a non-existent /invalid tenant LP: 1060868
- [5597697] Fragile Test:
glance.tests.functional.test_bin_glance:TestBinGlance.test_update_copying_from
LP: 1107768
- [5183360] filesystem store does not clean up after premature termination
of image upload LP: 1104924
- [03dc862] mismatched image size or checksum leaves behind dangling image
data LP: 1122299
- [12d28c3] UserWarning on deprecation of legacy glance client inappropriate
for internal usage LP: 1129445
- [afe6166] 'glance-cache-manage list-cached' does not show 'last accessed'
and 'last modified' fields in human-readable format' LP: 1102334
- [ee13560] Fix broken JSON schemas in v2 tests
[ Chuck Short ]
* debian/patches/disable-swift-tests.patch: Refreshed.
-- Adam Gandelman <email address hidden> Thu, 25 Apr 2013 17:39:57 -0400
-
glance (2012.2.3-0ubuntu2) quantal-proposed; urgency=low
* Resync with latest security update.
* SECURITY UPDATE: fix information disclosure via Glance v1 API
- debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
not show image_meta['location']
- CVE-2013-1840
-- James Page <email address hidden> Fri, 22 Mar 2013 11:48:52 +0000
-
glance (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
* Dropped patches, applied upstream:
- debian/patches/CVE-2013-0212.patch: [96a470b]
* Resynchronize with stable/folsom (98d9928a) (LP: #1116671):
- [96a470b] glance image-download can display backend Swift password
- [4c96080] install throws errors about SADeprecationWarning LP: 925609
- [bca6e26] wsgi.Middleware forward-compatibility with webob 1.2b1 or later
- [5e5e722] Supplied image size should be verified against actual size
LP: 1092584
- [514b4b4] silent failure when loading the paste deploy app LP: 1091294
-- Adam Gandelman <email address hidden> Tue, 05 Feb 2013 14:02:33 -0400
-
glance (2012.2.1-0ubuntu1.2) quantal-security; urgency=low
* SECURITY UPDATE: fix information disclosure via Glance v1 API
- debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
not show image_meta['location']
- CVE-2013-1840
-- Jamie Strandboge <email address hidden> Wed, 13 Mar 2013 15:39:08 -0500
-
glance (2012.2.1-0ubuntu1.1) quantal-security; urgency=low
* SECURITY UPDATE: information disclosure via swift error messages
- debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
mot show URLs and credentials in error messages and log output
- CVE-2013-0212
-- Jamie Strandboge <email address hidden> Tue, 29 Jan 2013 09:13:09 -0600
-
glance (2012.2.1-0ubuntu1) quantal-proposed; urgency=low
* Dropped patches, applied upstream:
- debian/patches/CVE-2012-4573.patch
- debian/patches/CVE-2012-4573b.patch
* Resynchronize with stable/folsom (199783ce) (LP: #1085255):
- [49408e9] Glance image-delete HTTPInternalServerError HTTP 500
(LP: #1075580)
- [91aaa48] Image fails to upload to swift: TypeError: object of type
'CooperativeReader' has no len( (LP: #1057322)
- [a296a5b] Return 403 when admin deletes a deleted image (LP: #1060944)
- [3e58a6a] Disallow updating deleted images. (LP: #1060930)
- [26c8085] admins can see deleted images in v2 api (LP: #1071446)
- [8321ca6] No exclude option to skip tests in run_tests.sh (LP: #1065758)
- [c3bea11] Badly named stable/folsom Glance tarballs (LP: #1059634)
- [fc0ee76] Non-admin users can cause public glance images to be deleted
from the backend storage repository in the v2 api (LP: #1076506)
- [90bcdc5] Non-admin users can cause public glance images to be deleted
from the backend storage repository (LP: #1065187)
- [7841cc9] FakeAuth not always admin
- [ddad275] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [1d5c651] nosetest options cause no such option errors (LP: #1056420)
- [ac223e2] Set defaultbranch in .gitreview to stable/folsom
-- Adam Gandelman <email address hidden> Tue, 04 Dec 2012 09:19:35 -0800
-
glance (2012.2-0ubuntu2.3) quantal-security; urgency=low
* SECURITY UPDATE: deletion of arbitrary public and shared images via
authenticated user
- debian/patches/CVE-2012-4573b.patch: previous patch was incomplete.
Make corresponding change to glance/api/v2/images.py
- CVE-2012-4573
* debian/control: add Build-Depends-Indep on python-chardet. This is needed
by python-requests to do encoding detection which otherwise fails in the
new tests introduced in CVE-2012-4573b.patch.
-- Jamie Strandboge <email address hidden> Fri, 09 Nov 2012 06:53:44 -0600
-
glance (2012.2-0ubuntu2.2) quantal-security; urgency=low
* SECURITY UPDATE: deletion of arbitrary public and shared images via
authenticated user
- debian/patches/CVE-2012-4573.patch: adjust glance/api/v1/images.py to
ensure image is owned by user before delayed_deletion
- CVE-2012-4573
* debian/patches/fakeauth-not-always-admin.patch: add required testsuite
patch in support of the testsuite changes in CVE-2012-4573.patch
-- Jamie Strandboge <email address hidden> Thu, 08 Nov 2012 07:41:02 -0600
-
glance (2012.2-0ubuntu2) quantal-proposed; urgency=low
* Glance should suggest python-ceph, not ceph-common (LP: #1065903):
- debian/control: glance Suggests: ceph-common -> python-ceph.
-- James Page <email address hidden> Fri, 12 Oct 2012 15:43:54 +0100
-
glance (2012.2-0ubuntu1) quantal; urgency=low
* debian/control: Clean-up python depends. Thanks to Sam Morrison.
(LP: #1053790)
* New upstream release.
-- Chuck Short <email address hidden> Thu, 27 Sep 2012 13:05:21 -0500
-
glance (2012.2~rc3-0ubuntu1) quantal; urgency=low
* New usptream release.
-- Chuck Short <email address hidden> Wed, 26 Sep 2012 12:37:00 -0500
-
glance (2012.2~rc2-0ubuntu1) quantal; urgency=low
* debian/control: Suggest ceph-common.
* debian/control: Add python-glanceclient as a build depends.
* New upstream release.
* debian/patches/disable-swift-tests.patch: Refreshed.
-- Chuck Short <email address hidden> Wed, 26 Sep 2012 12:32:50 -0500
-
glance (2012.2~rc1-0ubuntu1) quantal; urgency=low
* New upstrem release.
* debian/glance.logrotate: compress right logfiles when rotating them.
(LP: #1049314)
-- Chuck Short <email address hidden> Mon, 17 Sep 2012 07:44:11 -0500
-
glance (2012.2~rc1~20120907.129.f0bd856-0ubuntu1) quantal; urgency=low
[ Chuck Short ]
* New upstream version.
* drop debian/patches/fix-docs-build.patch.
* debian/rules: Re-activate tests.
* debain/control: Add depends on python-swiftclient.
* debian/*.usptart: make glance start from runlevel 1 to runlevel
2. (LP: #820688)
[ Soren Hansen ]
* Update debian/watch to account for symbolically named tarballs and
use newer URL.
* New snapshot.
* Refresh disable-network-for-docs.patch
* Fix Launchpad URLs in debian/watch.
-- Chuck Short <email address hidden> Fri, 07 Sep 2012 12:17:46 -0500
-
glance (2012.2~f3-0ubuntu1) quantal; urgency=low
[ Adam Gandleman ]
* debian/patches/sql_conn.patch: Also set default sqlite path for
in glance-api.conf. (LP: #1028711)
* debian/patches/fix-docs-build.patch: Fix docs build
[ Chuck Short ]
* New upstream version.
* debian/control: python-xattr is no longer a required depends.
(LP: #1031396)
* debian/control: Move python-jsonschema to glance.
(LP: #1030152)
* debian/control: Start the slow transition to python-glanceclient.
-- Chuck Short <email address hidden> Thu, 16 Aug 2012 13:58:32 -0500
-
glance (2012.2~f2-0ubuntu1) quantal; urgency=low
* New upstream version.
-- Chuck Short <email address hidden> Fri, 06 Jul 2012 11:13:13 -0400
-
glance (2012.2~f2~20120621.1644-0ubuntu1) quantal; urgency=low
[ Chuck Short ]
* New upstream release.
* debian/glance-reigstry.logrotate: Rotate the right logfile. (LP: #1009996)
* debian/control: Fix short description of glance-client. (LP: #982658)
* debian/pydist-overrides: Add argparse and python_swiftclient.
[ Adam Gandelman ]
* debian/glance-api.install: Remove glance-{scrubber, cache}-paste.ini.
-- Chuck Short <email address hidden> Fri, 22 Jun 2012 09:18:07 -0400
-
glance (2012.2~f2~20120531.1560-0ubuntu1) quantal; urgency=low
* New upstream release.
-- Chuck Short <email address hidden> Fri, 01 Jun 2012 10:56:09 -0400
-
glance (2012.2~f2~20120524.1541-0ubuntu1) quantal; urgency=low
[ Adam Gandelman ]
* debian/patches/ensure_versioned_db_models.patch: Check for valid
db models+schema at service start, and ensure db is version controlled
before running all migrations.
* debian/{control, pydist-overrides}: *Temporarily* disable non-main
dependencies pending MIRs
* debian/rules: *Temporarily* disable tests until new dependencies are
satisfied
[ Chuck Short ]
* New upstream version.
* Prepare for quantal:
- Removed debian/patches/fix_migration_012_foreign_keys.patch
- Removed debian/patches/disable_db_table_auto_create.patch
- Removed debian/patches/convert_properties_to_uuid.patch
* debian/control: Add dependency on python-requests
* debian/control: Add dependency on python-jsonschema
* debian/control: Add python-keystone as a depends. (LP: #901881)
* debian/patches/disable-swift-tests.patch: Rediffed
[ Paul Belanger ]
* debian/glance-common.postinst
- Give glance group read permission to /etc/glance (LP: #989205)
-- Adam Gandelman <email address hidden> Thu, 24 May 2012 10:26:57 -0700
-
glance (2012.1-0ubuntu2) precise; urgency=low
[ Adam Gandelman ]
* debian/patches/disable_db_table_auto_create.patch: Disable auto-creation
of database schema at service start, inspect for consistenty and advise
running manual migrations instead.
* debian/patches/fix_migration_012_foreign_keys.patch: Fix a migration issue
around missing FKs. Cherry-picked from upstream. Can be dropped with
first stable update.
* debian/patches/convert_properties_to_uuid.patch: Fixes migration 012 to
also convert kernel_id and ramdisk_ids to UUID. Cherry picked from upstream.
Can be dropped with first stable update (LP: #975651)
* debian/glance-common.postinst: Clean up, fix purging issue due to poor
us of conditionals
* debian/glance-registry.postinst: Ensure new database is version_controlled
before first call of db_sync.
[ Chuck Short ]
* debian/control: Fix upgrades from oneiric to precise. (LP: #974592)
-- Adam Gandelman <email address hidden> Thu, 12 Apr 2012 15:02:08 -0700
