--- a/components/openstack/glance/patches/06-CVE-2014-9684.patch Mon May 16 14:46:20 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,82 +0,0 @@
-Errata patch for CVE-2014-9684
-https://review.openstack.org/157067
-git fetch https://review.openstack.org/openstack/glance refs/changes/67/157067/3 && git format-patch -1 --stdout FETCH_HEAD
-Fixed upstream and in a future release.
----
-From: Mike Fedosin <[email protected]>
-Date: Thu, 18 Sep 2014 18:07:42 +0400
-Subject: [PATCH] Initiate deletion of image files if the import was
- interrupted
-
-If the image is deleted by appropriate API call while its content
-is still being uploaded in import task in v2, an exception is raised
-and it is not handled in the API code. This leads to the fact that
-the uploaded image file stays in a storage and clogs it.
-
-There existed code that safely removes image files if the exception
-occurs.
-
-SecurityImpact
-
-Conflicts:
- glance/common/scripts/image_import/main.py
-
-Closes-Bug: 1371118
-Change-Id: I4f7d1aa103f4ce7abf4026e7097b9e76c24135fa
-(cherry picked from commit 7858d4d95154c8596720365e465cca7858cfec5c)
---- glance-2014.2.2/glance/common/scripts/image_import/main.py
-+++ glance-2014.2.2/glance/common/scripts/image_import/main.py
-@@ -22,6 +22,7 @@ import six
- from glance.api.v2 import images as v2_api
- from glance.common import exception
- from glance.common.scripts import utils as script_utils
-+from glance.common import store_utils
- from glance.common import utils as common_utils
- from glance import i18n
- from glance.openstack.common import excutils
-@@ -92,21 +93,30 @@ def import_image(image_repo, image_factory, task_input, task_id, uri):
- new_image = image_repo.get(image_id)
- set_image_data(new_image, uri, None)
-
-- # NOTE: Check if the Image is not deleted after setting the data
-- # before saving the active image. Here if image status is
-- # saving, then new_image is saved as it contains updated location,
-- # size, virtual_size and checksum information and the status of
-- # new_image is already set to active in set_image_data() call.
-- image = image_repo.get(image_id)
-- if image.status == 'saving':
-- image_repo.save(new_image)
-- return image_id
-- else:
-- msg = _LE("The Image %(image_id)s object being created by this task "
-- "%(task_id)s, is no longer in valid status for further "
-- "processing." % {"image_id": new_image.image_id,
-- "task_id": task_id})
-- raise exception.Conflict(msg)
-+ try:
-+ # NOTE: Check if the Image is not deleted after setting the data
-+ # before saving the active image. Here if image status is
-+ # saving, then new_image is saved as it contains updated location,
-+ # size, virtual_size and checksum information and the status of
-+ # new_image is already set to active in set_image_data() call.
-+ image = image_repo.get(image_id)
-+ if image.status == 'saving':
-+ image_repo.save(new_image)
-+ return image_id
-+ else:
-+ msg = _("The Image %(image_id)s object being created by this task "
-+ "%(task_id)s, is no longer in valid status for further "
-+ "processing.") % {"image_id": image_id,
-+ "task_id": task_id}
-+ raise exception.Conflict(msg)
-+ except (exception.Conflict, exception.NotFound):
-+ with excutils.save_and_reraise_exception():
-+ if new_image.locations:
-+ for location in new_image.locations:
-+ store_utils.delete_image_location_from_backend(
-+ new_image.context,
-+ image_id,
-+ location)
-
-
- def create_image(image_repo, image_factory, image_properties, task_id):