--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/glance/patches/05-CVE-2015-1881.patch Mon Apr 20 12:35:51 2015 -0700
@@ -0,0 +1,85 @@
+Errata patch for CVE-2015-1881
+https://review.openstack.org/156553
+git fetch https://review.openstack.org/openstack/glance refs/changes/53/156553/1 && git format-patch -1 --stdout FETCH_HEAD
+Fixed upstream and in a future release.
+---
+From: abhishekkekane <[email protected]>
+Date: Thu, 12 Feb 2015 04:09:14 -0800
+Subject: [PATCH] Image data remains in backend for deleted image
+
+Trying to delete image created using task api (import-from) image gets
+deleted from the database, but image data remains in the backend. Import
+task does not update the location of the image and it remains None even
+image becomes active. Location entry is not added in the database in
+image_locations table.
+
+Added location information to the image before saving the image in
+the database.
+
+SecurityImpact
+
+Conflicts:
+ glance/common/scripts/image_import/main.py
+
+Change-Id: Ie389de6538a9b98dc51c7d781b81b3ab10b83842
+Closes-Bug: #1420696
+(cherry picked from commit 78b5b0a9575cd5e9c4543ec0e8fd6072af1f0ebb)
+--- glance-2014.2.2/glance/common/scripts/image_import/main.py
++++ glance-2014.2.2/glance/common/scripts/image_import/main.py
+@@ -84,29 +84,29 @@ def import_image(image_repo, image_factory, task_input, task_id, uri):
+ # NOTE: set image status to saving just before setting data
+ original_image.status = 'saving'
+ image_repo.save(original_image)
+- set_image_data(original_image, uri, None)
+-
+- # NOTE: Check if the Image is not deleted after setting the data
+- # before setting it's status to active. We need to set the status
+- # explicitly here using the Image object returned from image_repo .The
+- # Image object returned from create_image method does not have appropriate
+- # factories wrapped around it.
+ image_id = original_image.image_id
++
++ # NOTE: Retrieving image from the database because the Image object
++ # returned from create_image method does not have appropriate factories
++ # wrapped around it.
+ new_image = image_repo.get(image_id)
+- if new_image.status in ['saving']:
+- new_image.status = 'active'
+- new_image.size = original_image.size
+- new_image.virtual_size = original_image.virtual_size
+- new_image.checksum = original_image.checksum
++ set_image_data(new_image, uri, None)
++
++ # NOTE: Check if the Image is not deleted after setting the data
++ # before saving the active image. Here if image status is
++ # saving, then new_image is saved as it contains updated location,
++ # size, virtual_size and checksum information and the status of
++ # new_image is already set to active in set_image_data() call.
++ image = image_repo.get(image_id)
++ if image.status == 'saving':
++ image_repo.save(new_image)
++ return image_id
+ else:
+ msg = _LE("The Image %(image_id)s object being created by this task "
+ "%(task_id)s, is no longer in valid status for further "
+ "processing." % {"image_id": new_image.image_id,
+ "task_id": task_id})
+ raise exception.Conflict(msg)
+- image_repo.save(new_image)
+-
+- return image_id
+
+
+ def create_image(image_repo, image_factory, image_properties, task_id):
+--- glance-2014.2.2/glance/tests/unit/common/scripts/image_import/test_main.py
++++ glance-2014.2.2/glance/tests/unit/common/scripts/image_import/test_main.py
+@@ -56,7 +56,8 @@ class TestImageImport(test_utils.BaseTestCase):
+ image_id,
+ image_import_script.import_image(image_repo, image_factory,
+ task_input, None, uri))
+- self.assertEqual('active', image.status)
++ # Check image is in saving state before image_repo.save called
++ self.assertEqual('saving', image.status)
+ self.assertTrue(image_repo.save.called)
+ mock_set_img_data.assert_called_once_with(image, uri, None)
+ self.assertTrue(image_repo.get.called)