author | Danek Duvall <danek.duvall@oracle.com> |
Thu, 19 Mar 2015 14:41:20 -0700 | |
changeset 3998 | 5bd484384122 |
permissions | -rw-r--r-- |
3998
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
1 |
Errata patch for CVE-2015-1881 |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
2 |
https://review.openstack.org/156553 |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
3 |
git fetch https://review.openstack.org/openstack/glance refs/changes/53/156553/1 && git format-patch -1 --stdout FETCH_HEAD |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
4 |
Fixed upstream and in a future release. |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
5 |
--- |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
6 |
From: abhishekkekane <[email protected]> |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
7 |
Date: Thu, 12 Feb 2015 04:09:14 -0800 |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
8 |
Subject: [PATCH] Image data remains in backend for deleted image |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
9 |
|
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
10 |
Trying to delete image created using task api (import-from) image gets |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
11 |
deleted from the database, but image data remains in the backend. Import |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
12 |
task does not update the location of the image and it remains None even |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
13 |
image becomes active. Location entry is not added in the database in |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
14 |
image_locations table. |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
15 |
|
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
16 |
Added location information to the image before saving the image in |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
17 |
the database. |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
18 |
|
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
19 |
SecurityImpact |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
20 |
|
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
21 |
Conflicts: |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
22 |
glance/common/scripts/image_import/main.py |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
23 |
|
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
24 |
Change-Id: Ie389de6538a9b98dc51c7d781b81b3ab10b83842 |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
25 |
Closes-Bug: #1420696 |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
26 |
(cherry picked from commit 78b5b0a9575cd5e9c4543ec0e8fd6072af1f0ebb) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
27 |
--- glance-2014.2.2/glance/common/scripts/image_import/main.py |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
28 |
+++ glance-2014.2.2/glance/common/scripts/image_import/main.py |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
29 |
@@ -84,29 +84,29 @@ def import_image(image_repo, image_factory, task_input, task_id, uri): |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
30 |
# NOTE: set image status to saving just before setting data |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
31 |
original_image.status = 'saving' |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
32 |
image_repo.save(original_image) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
33 |
- set_image_data(original_image, uri, None) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
34 |
- |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
35 |
- # NOTE: Check if the Image is not deleted after setting the data |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
36 |
- # before setting it's status to active. We need to set the status |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
37 |
- # explicitly here using the Image object returned from image_repo .The |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
38 |
- # Image object returned from create_image method does not have appropriate |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
39 |
- # factories wrapped around it. |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
40 |
image_id = original_image.image_id |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
41 |
+ |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
42 |
+ # NOTE: Retrieving image from the database because the Image object |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
43 |
+ # returned from create_image method does not have appropriate factories |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
44 |
+ # wrapped around it. |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
45 |
new_image = image_repo.get(image_id) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
46 |
- if new_image.status in ['saving']: |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
47 |
- new_image.status = 'active' |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
48 |
- new_image.size = original_image.size |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
49 |
- new_image.virtual_size = original_image.virtual_size |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
50 |
- new_image.checksum = original_image.checksum |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
51 |
+ set_image_data(new_image, uri, None) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
52 |
+ |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
53 |
+ # NOTE: Check if the Image is not deleted after setting the data |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
54 |
+ # before saving the active image. Here if image status is |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
55 |
+ # saving, then new_image is saved as it contains updated location, |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
56 |
+ # size, virtual_size and checksum information and the status of |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
57 |
+ # new_image is already set to active in set_image_data() call. |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
58 |
+ image = image_repo.get(image_id) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
59 |
+ if image.status == 'saving': |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
60 |
+ image_repo.save(new_image) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
61 |
+ return image_id |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
62 |
else: |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
63 |
msg = _LE("The Image %(image_id)s object being created by this task " |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
64 |
"%(task_id)s, is no longer in valid status for further " |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
65 |
"processing." % {"image_id": new_image.image_id, |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
66 |
"task_id": task_id}) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
67 |
raise exception.Conflict(msg) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
68 |
- image_repo.save(new_image) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
69 |
- |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
70 |
- return image_id |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
71 |
|
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
72 |
|
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
73 |
def create_image(image_repo, image_factory, image_properties, task_id): |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
74 |
--- glance-2014.2.2/glance/tests/unit/common/scripts/image_import/test_main.py |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
75 |
+++ glance-2014.2.2/glance/tests/unit/common/scripts/image_import/test_main.py |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
76 |
@@ -56,7 +56,8 @@ class TestImageImport(test_utils.BaseTestCase): |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
77 |
image_id, |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
78 |
image_import_script.import_image(image_repo, image_factory, |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
79 |
task_input, None, uri)) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
80 |
- self.assertEqual('active', image.status) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
81 |
+ # Check image is in saving state before image_repo.save called |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
82 |
+ self.assertEqual('saving', image.status) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
83 |
self.assertTrue(image_repo.save.called) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
84 |
mock_set_img_data.assert_called_once_with(image, uri, None) |
5bd484384122
PSARC 2015/110 OpenStack service updates for Juno
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
85 |
self.assertTrue(image_repo.get.called) |