Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/glance/patches/08-CVE-2015-1195.patch
changeset 4063 12e03e5492b8
parent 4062 f45bb9cec48c
parent 4061 5ac5027dc3e3 
--- a/components/openstack/glance/patches/08-CVE-2015-1195.patch	Fri Mar 20 22:56:27 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-Errata patch for CVE-2014-9493.  This addresses
-https://bugs.launchpad.net/ossa/+bug/1408663 and will be included in
-future releases.
-
---- glance-2013.2.3/glance/store/__init__.py.orig	2015-01-20 12:17:34.009133229 -0800
-+++ glance-2013.2.3/glance/store/__init__.py	2015-01-20 12:20:49.414482608 -0800
-@@ -35,6 +35,8 @@ from glance.store import scrubber
-
- LOG = logging.getLogger(__name__)
-
-+RESTRICTED_URI_SCHEMAS = frozenset(['file', 'filesystem', 'swift+config'])
-+
- store_opts = [
-     cfg.ListOpt('known_stores',
-                 default=[
-@@ -382,10 +384,10 @@ def validate_external_location(uri):
-     :param uri: The URI of external image location.
-     :return: Whether given URI of external image location are OK.
-     """
--    pieces = urlparse.urlparse(uri)
--    valid_schemes = [scheme for scheme in location.SCHEME_TO_CLS_MAP.keys()
--                     if scheme != 'file' and scheme != 'swift+config']
--    return pieces.scheme in valid_schemes
-+    # TODO(gm): Use a whitelist of allowed_schemes
-+    known_schemes = [scheme for scheme in location.SCHEME_TO_CLS_MAP.keys()]
-+    scheme = urlparse.urlparse(uri).scheme
-+    return (scheme in known_schemes and scheme not in RESTRICTED_URI_SCHEMAS)
upstream/oracle/userland-gate